|
305951
|
- |
|
pentaho
|
bi_server
|
Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password.
|
CWE-200
Information Exposure
|
CVE-2009-5100
|
2024-11-21 10:11 |
2011-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305952
|
- |
|
pentaho
|
bi_server
|
Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-5099
|
2024-11-21 10:11 |
2011-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305953
|
- |
|
hp
|
palm_pre_webos
|
The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long s…
|
CWE-399
Resource Management Errors
|
CVE-2009-5098
|
2024-11-21 10:11 |
2011-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305954
|
- |
|
hp
|
palm_pre_webos
|
Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3.
|
CWE-94
Code Injection
|
CVE-2009-5097
|
2024-11-21 10:11 |
2011-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305955
|
- |
|
khalid_baheyeldin
|
flag_content
|
Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-5096
|
2024-11-21 10:11 |
2011-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305956
|
- |
|
ea-style
|
gbook
|
PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter.
|
CWE-94
Code Injection
|
CVE-2009-5095
|
2024-11-21 10:11 |
2011-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305957
|
- |
|
cmsfaethon
|
cms_faethon
|
SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter.
|
CWE-89
SQL Injection
|
CVE-2009-5094
|
2024-11-21 10:11 |
2011-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305958
|
- |
|
php4scripte
|
gastebuch
|
Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.
|
CWE-22
Path Traversal
|
CVE-2009-5093
|
2024-11-21 10:11 |
2011-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305959
|
- |
|
microsoft
|
fast_esp
|
Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2009-5092
|
2024-11-21 10:11 |
2011-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305960
|
- |
|
vlinks
|
vlinks
|
SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2009-5091
|
2024-11-21 10:11 |
2011-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
