|
306711
|
6.5 |
MEDIUM
Network
|
apache
|
qpid-cpp
|
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .
|
CWE-20
Improper Input Validation
|
CVE-2009-5004
|
2024-11-21 10:10 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306712
|
6.1 |
MEDIUM
Network
|
pixelpost
|
pixelpost
|
pixelpost 1.7.1 has XSS
|
CWE-79
Cross-site Scripting
|
CVE-2009-4900
|
2024-11-21 10:10 |
2019-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306713
|
9.8 |
CRITICAL
Network
|
pixelpost
|
pixelpost
|
pixelpost 1.7.1 has SQL injection
|
CWE-89
SQL Injection
|
CVE-2009-4899
|
2024-11-21 10:10 |
2019-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306714
|
- |
|
justsystems
|
just_smile
atok
atok_flat-rate_service
|
Unspecified vulnerability in JustSystems Corporation ATOK 2006 through 2009 and ATOK flat-rate service, and Just Smile 4 with the ATOK Smile module, allows physically proximate users to bypass the sc…
|
NVD-CWE-noinfo
|
CVE-2009-4738
|
2024-11-21 10:10 |
2013-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306715
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted…
|
CWE-79
Cross-site Scripting
|
CVE-2009-5017
|
2024-11-21 10:10 |
2010-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306716
|
- |
|
php
|
php
|
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanism…
|
CWE-189
Numeric Errors
|
CVE-2009-5016
|
2024-11-21 10:10 |
2010-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306717
|
- |
|
turbogears
|
turbogears2
|
The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2009-5015
|
2024-11-21 10:10 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306718
|
- |
|
turbogears
|
turbogears2
|
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authoriz…
|
CWE-310
Cryptographic Issues
|
CVE-2009-5014
|
2024-11-21 10:10 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306719
|
- |
|
g.rodola
|
pyftpdlib
|
Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during…
|
CWE-399
Resource Management Errors
|
CVE-2009-5013
|
2024-11-21 10:10 |
2010-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306720
|
- |
|
g.rodola
|
pyftpdlib
|
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-5012
|
2024-11-21 10:10 |
2010-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
