|
287861
|
- |
|
cuteflow
|
cuteflow
|
CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2960
|
2018-10-11 04:42 |
2009-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287862
|
- |
|
radvision
|
scopia
|
Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2009-2965
|
2018-10-11 04:42 |
2009-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287863
|
- |
|
vmware
|
studio
|
Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 public beta before build 1017-185256 allows remote attackers to upload files to arbitrary locations …
|
CWE-22
Path Traversal
|
CVE-2009-2968
|
2018-10-11 04:42 |
2009-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287864
|
- |
|
uitv
baidu
|
uiplayer
baidux
|
Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to exec…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-2970
|
2018-10-11 04:42 |
2009-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287865
|
- |
|
cisco
|
cs-mars
|
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context…
|
CWE-310
Cryptographic Issues
|
CVE-2009-2977
|
2018-10-11 04:42 |
2009-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287866
|
- |
|
mozilla
|
firefox
mozilla
seamonkey
|
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents s…
|
CWE-79
Cross-site Scripting
|
CVE-2009-3014
|
2018-10-11 04:42 |
2009-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287867
|
- |
|
orcabrowser
|
orca_browser
|
Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors …
|
CWE-79
Cross-site Scripting
|
CVE-2009-3017
|
2018-10-11 04:42 |
2009-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287868
|
- |
|
maxthon
|
maxthon_browser
|
Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (…
|
CWE-79
Cross-site Scripting
|
CVE-2009-3018
|
2018-10-11 04:42 |
2009-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287869
|
- |
|
symantec
|
backup_exec_continuous_protection_server
veritas_application_director
veritas_backup_exec
veritas_cluster_server
veritas_cluster_server_management_console
veritas_cluster_server_one
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6…
|
CWE-287
Improper Authentication
|
CVE-2009-3027
|
2018-10-11 04:42 |
2009-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
287870
|
- |
|
vmware
|
ace
movie_decoder
player
workstation
|
The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2…
|
CWE-94
Code Injection
|
CVE-2009-2628
|
2018-10-11 04:41 |
2009-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
