|
303221
|
- |
|
scripteen
|
free_image_hosting_script
|
admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vecto…
|
CWE-287
Improper Authentication
|
CVE-2009-4987
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303222
|
- |
|
in-portal
|
in-portal
|
Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter.
|
CWE-22
Path Traversal
|
CVE-2009-4986
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303223
|
- |
|
websitesrus
|
accessories_me_php_affiliate_script
|
SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter.
|
CWE-89
SQL Injection
|
CVE-2009-4985
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303224
|
- |
|
websitesrus
|
accessories_me_php_affiliate_script
|
Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.p…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4984
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303225
|
- |
|
snowhall
|
silurus_system
|
Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4983
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303226
|
- |
|
irokez
|
irokez_cms
|
SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default U…
|
CWE-89
SQL Injection
|
CVE-2009-4982
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303227
|
- |
|
keil-software
|
photokorn_gallery
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators.
|
CWE-352
Origin Validation Error
|
CVE-2009-4981
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303228
|
- |
|
keil-software
|
photokorn_gallery
|
Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4980
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303229
|
- |
|
keil-software
|
photokorn_gallery
|
Multiple SQL injection vulnerabilities in search.php in Photokorn Gallery 1.81 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) where[], (2) sort, (3) order, and (4) M…
|
CWE-89
SQL Injection
|
CVE-2009-4979
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303230
|
- |
|
tufat
|
mybackup
|
Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
CWE-22
Path Traversal
|
CVE-2009-4978
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
