|
345591
|
- |
|
ubercart
|
ubercart
|
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trig…
|
CWE-20
Improper Input Validation
|
CVE-2009-4771
|
2017-08-17 10:31 |
2010-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345592
|
- |
|
ubercart
|
ubercart
|
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message …
|
NVD-CWE-noinfo
|
CVE-2009-4772
|
2017-08-17 10:31 |
2010-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345593
|
- |
|
ubercart
|
ubercart
|
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the…
|
CWE-352
Origin Validation Error
|
CVE-2009-4773
|
2017-08-17 10:31 |
2010-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345594
|
- |
|
robert_garrigos
|
nukehall
|
Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter to (1) blocks.php, (2) message…
|
CWE-94
Code Injection
|
CVE-2009-4779
|
2017-08-17 10:31 |
2010-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345595
|
- |
|
hitachi
|
jp1_integrated_management_service_support
jp1\/automatic_job_management_system_2-view
job_management_partner_1\/automatic_job_management_system_2-view
job_management_partner_1\/integrated_ma…
|
Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to …
|
NVD-CWE-noinfo
|
CVE-2009-4777
|
2017-08-17 10:31 |
2010-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345596
|
- |
|
xlightftpd
|
xlight_ftp_server
|
Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username)…
|
CWE-89
SQL Injection
|
CVE-2009-4795
|
2017-08-17 10:31 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345597
|
- |
|
wolfram
|
webmathematica
|
Cross-site scripting (XSS) vulnerability in Wolfram Research webMathematica allows remote attackers to inject arbitrary web script or HTML via the URI to the MSP script.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4814
|
2017-08-17 10:31 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345598
|
- |
|
andy_stedemos
|
the_uploader
|
Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
CWE-22
Path Traversal
|
CVE-2009-4816
|
2017-08-17 10:31 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345599
|
- |
|
element-it
|
ultimate_uploader
|
Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a …
|
NVD-CWE-Other
|
CVE-2009-4817
|
2017-08-17 10:31 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345600
|
- |
|
element-it
|
ultimate_uploader
|
Per: http://cwe.mitre.org/data/definitions/434.html
'CWE-434: Unrestricted Upload of File with Dangerous Type'
|
NVD-CWE-Other
|
CVE-2009-4817
|
2017-08-17 10:31 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
