|
306141
|
- |
|
winterwebs
|
ezwebitor
|
Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. …
|
CWE-89
SQL Injection
|
CVE-2009-4933
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306142
|
- |
|
mpesch3.de1
|
1by1
|
Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4932
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306143
|
- |
|
bestwebsharing
|
groovy_media_player
|
Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playli…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4931
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306144
|
- |
|
sungard
|
banner_student
|
Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQuestion (aka Change Security Question) page in SunGard Banner Student System 7.4 allows remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4930
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306145
|
- |
|
sweetphp
|
totalcalender
|
admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.
|
CWE-287
Improper Authentication
|
CVE-2009-4929
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306146
|
- |
|
sweetphp
|
totalcalendar
|
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1…
|
CWE-94
Code Injection
|
CVE-2009-4928
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306147
|
- |
|
webmobo
|
wbnews
|
WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1.
|
CWE-287
Improper Authentication
|
CVE-2009-4927
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306148
|
- |
|
esoftpro
|
online_contact_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4926
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306149
|
- |
|
creasito
|
creasito_e-commerce_content_manager
|
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary …
|
CWE-89
SQL Injection
|
CVE-2009-4925
|
2024-11-21 10:10 |
2010-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306150
|
- |
|
dan_pascu
|
python-cjson
|
Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Fire…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4924
|
2024-11-21 10:10 |
2010-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
