Blog

CVE-2009-4960

Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. (CVSS:5.0) (Last Update:2017-09-18)


July 28, 2010 0

CVE-2009-4937

Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag. (CVSS:4.3) (Last Update:2017-09-18)


July 22, 2010 0

CVE-2009-4939

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin ac…


July 22, 2010 0

CVE-2010-2697

Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details a…


July 12, 2010 0

CVE-2009-4935

SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter. (CVSS:7.5) (Last Update:2017-09-18)


July 12, 2010 0

CVE-2009-4927

WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1. (CVSS:7.5) (Last Update:2017-09-18)


July 12, 2010 0

CVE-2009-4933

Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third …


July 12, 2010 0

CVE-2009-4931

Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file. (CVSS:6.8) (Last Update:2017-09-18)


July 12, 2010 0

CVE-2010-2685

siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request. (CVSS:7.5) (Last Update:2016-10-06)


July 12, 2010 0

CVE-2010-1622

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar …


June 21, 2010 0