|
292441
|
- |
|
ricardo_alexandre_de_oliveira_staudt
|
yogurt
|
Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2033
|
2017-09-29 10:34 |
2009-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292442
|
- |
|
ricardo_alexandre_de_oliveira_staudt
|
yogurt
|
SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2034
|
2017-09-29 10:34 |
2009-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292443
|
- |
|
onlinegrades
|
online_grades
|
Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbit…
|
CWE-22
Path Traversal
|
CVE-2009-2037
|
2017-09-29 10:34 |
2009-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292444
|
- |
|
grestul
|
grestul
|
admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct req…
|
CWE-287
Improper Authentication
|
CVE-2009-2040
|
2017-09-29 10:34 |
2009-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292445
|
- |
|
cisco
|
ios
ios_xe
|
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XN…
|
CWE-16
Configuration
|
CVE-2009-2049
|
2017-09-29 10:34 |
2009-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292446
|
- |
|
mrcgiguy
|
the_ticket_system
|
admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2080
|
2017-09-29 10:34 |
2009-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292447
|
- |
|
phpwebthings
|
phpwebthings
|
Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the module pa…
|
CWE-22
Path Traversal
|
CVE-2009-2081
|
2017-09-29 10:34 |
2009-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292448
|
- |
|
mundi_king
|
mundi_mail
|
PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code …
|
CWE-94
Code Injection
|
CVE-2009-2095
|
2017-09-29 10:34 |
2009-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292449
|
- |
|
david_degner
|
phpcollegeexchange
|
SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2096
|
2017-09-29 10:34 |
2009-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292450
|
- |
|
micheal_glazer
|
phportal
|
SQL injection vulnerability in topicler.php in phPortal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2098
|
2017-09-29 10:34 |
2009-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
