|
259671
|
- |
|
ibm
|
lotus_mobile_connect
|
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly process TCP connection requests, which allows remote attackers to ca…
|
CWE-399
Resource Management Errors
|
CVE-2010-4594
|
2010-12-28 03:54 |
2010-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259672
|
- |
|
ibm
|
lotus_mobile_connect
|
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-4595
|
2010-12-28 03:53 |
2010-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259673
|
- |
|
earl_miles
|
views
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack th…
|
CWE-352
Origin Validation Error
|
CVE-2010-4519
|
2010-12-27 14:00 |
2010-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259674
|
- |
|
earl_miles
|
views
|
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4520
|
2010-12-24 03:00 |
2010-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259675
|
- |
|
usaa
|
usaa
|
The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application da…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-4212
|
2010-12-22 14:00 |
2010-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259676
|
- |
|
clixint
|
image_hosting_script_dpi
|
Cross-site scripting (XSS) vulnerability in images.php in Image Hosting Script DPI 1.1 Final (1.1F) allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: some …
|
CWE-79
Cross-site Scripting
|
CVE-2009-4252
|
2010-12-22 14:00 |
2009-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259677
|
- |
|
gianluca_baldo
|
phpauction
|
Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (…
|
CWE-79
Cross-site Scripting
|
CVE-2005-2254
|
2010-12-21 14:00 |
2005-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259678
|
- |
|
tibco
|
activematrix_bpm
activematrix_businessworks_service_engine
activematrix_service_bus
activematrix_service_grid
silver_bpm_service
silver_cap_service
|
Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Servic…
|
NVD-CWE-noinfo
|
CVE-2010-4495
|
2010-12-20 14:00 |
2010-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259679
|
- |
|
phpmyfaq
|
phpmyfaq
|
phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which all…
|
CWE-94
Code Injection
|
CVE-2010-4558
|
2010-12-20 14:00 |
2010-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259680
|
- |
|
michael_dehaan
|
cobbler
|
Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-4512
|
2010-12-18 16:07 |
2010-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
