|
303281
|
- |
|
sweetphp
|
totalcalender
|
admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.
|
CWE-287
Improper Authentication
|
CVE-2009-4929
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303282
|
- |
|
sweetphp
|
totalcalendar
|
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1…
|
CWE-94
Code Injection
|
CVE-2009-4928
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303283
|
- |
|
webmobo
|
wbnews
|
WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1.
|
CWE-287
Improper Authentication
|
CVE-2009-4927
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303284
|
- |
|
esoftpro
|
online_contact_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4926
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303285
|
- |
|
creasito
|
creasito_e-commerce_content_manager
|
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary …
|
CWE-89
SQL Injection
|
CVE-2009-4925
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303286
|
- |
|
dan_pascu
|
python-cjson
|
Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Fire…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4924
|
2024-11-21 10:10 |
2010-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303287
|
- |
|
cisco
|
asa_5580
|
Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (…
|
NVD-CWE-noinfo
|
CVE-2009-4923
|
2024-11-21 10:10 |
2010-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303288
|
- |
|
cisco
|
asa_5580
|
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by est…
|
NVD-CWE-noinfo
|
CVE-2009-4922
|
2024-11-21 10:10 |
2010-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303289
|
- |
|
cisco
|
asa_5580
|
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm841…
|
CWE-20
Improper Input Validation
|
CVE-2009-4921
|
2024-11-21 10:10 |
2010-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303290
|
- |
|
cisco
|
asa_5580
|
Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a l…
|
NVD-CWE-noinfo
|
CVE-2009-4920
|
2024-11-21 10:10 |
2010-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
