|
292331
|
- |
|
easy-scripts
|
answer_and_question_script
|
myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain …
|
CWE-287
Improper Authentication
|
CVE-2009-1664
|
2017-09-29 10:34 |
2009-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292332
|
- |
|
easy-scripts
|
answer_and_question_script
|
myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1665
|
2017-09-29 10:34 |
2009-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292333
|
- |
|
mini-stream
|
castripper
|
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-1667
|
2017-09-29 10:34 |
2009-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292334
|
- |
|
typsoft
|
typsoft_ftp_server
|
TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of service (CPU consumption) by sending an ABOR (abort) command without an active file transfer.
|
CWE-20
Improper Input Validation
|
CVE-2009-1668
|
2017-09-29 10:34 |
2009-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292335
|
- |
|
smarty
|
smarty
|
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribut…
|
CWE-20
Improper Input Validation
|
CVE-2009-1669
|
2017-09-29 10:34 |
2009-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292336
|
- |
|
smarty
|
smarty
|
Per http://secunia.com/advisories/35072
"The vulnerability is confirmed in version 2.6.22 on Windows. Other versions may also be affected."
|
CWE-20
Improper Input Validation
|
CVE-2009-1669
|
2017-09-29 10:34 |
2009-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292337
|
- |
|
tcpdb
|
tcpdb
|
user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from…
|
CWE-287
Improper Authentication
|
CVE-2009-1670
|
2017-09-29 10:34 |
2009-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292338
|
- |
|
sun
|
solaris
|
The kernel in Sun Solaris 9 allows local users to cause a denial of service (panic) by calling fstat with a first argument of AT_FDCWD.
|
NVD-CWE-noinfo
|
CVE-2009-1673
|
2017-09-29 10:34 |
2009-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292339
|
- |
|
microchip
|
mplab_ide
|
Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-1674
|
2017-09-29 10:34 |
2009-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292340
|
- |
|
electrasoft
|
32bit_ftp
|
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 227 reply to a PASV command.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-1675
|
2017-09-29 10:34 |
2009-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
