|
284901
|
- |
|
openx
|
openx
|
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
|
CWE-22
Path Traversal
|
CVE-2009-0291
|
2018-10-12 06:01 |
2009-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284902
|
- |
|
webmobo
|
wbnews
|
Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] paramet…
|
CWE-94
Code Injection
|
CVE-2009-0294
|
2018-10-12 06:01 |
2009-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284903
|
- |
|
php-nuke
|
downloads_module
|
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operat…
|
CWE-89
SQL Injection
|
CVE-2009-0302
|
2018-10-12 06:01 |
2009-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284904
|
- |
|
emc
|
autostart
|
The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer.
|
CWE-20
Improper Input Validation
|
CVE-2009-0311
|
2018-10-12 06:01 |
2009-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284905
|
- |
|
w3
|
amaya
|
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly hand…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-0323
|
2018-10-12 06:01 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284906
|
- |
|
dmxready
|
blog_manager
|
Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer acti…
|
CWE-79
Cross-site Scripting
|
CVE-2009-0338
|
2018-10-12 06:01 |
2009-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284907
|
- |
|
dmxready
|
blog_manager
|
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.
|
CWE-89
SQL Injection
|
CVE-2009-0339
|
2018-10-12 06:01 |
2009-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284908
|
- |
|
microsoft
|
internet_explorer
|
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a st…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-0341
|
2018-10-12 06:01 |
2009-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284909
|
- |
|
provos
|
systrace
|
Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0342
|
2018-10-12 06:01 |
2009-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284910
|
- |
|
niels_provos
|
systrace
|
Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a po…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0343
|
2018-10-12 06:01 |
2009-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
