|
275011
|
- |
|
vmware
|
virtualcenter
server
esx_server
|
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via uns…
|
CWE-20
Improper Input Validation
|
CVE-2010-0686
|
2010-04-28 14:45 |
2010-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275012
|
- |
|
martin_hess
|
com_sermonspeaker
|
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopu…
|
CWE-89
SQL Injection
|
CVE-2010-1559
|
2010-04-28 13:00 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275013
|
- |
|
dlink
|
dir-615
|
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, …
|
CWE-287
Improper Authentication
|
CVE-2009-4821
|
2010-04-28 13:00 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275014
|
- |
|
james_glasgow
john_vandervort
|
autologout
|
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privi…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4829
|
2010-04-28 13:00 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275015
|
- |
|
dragonfrugal
|
dfd_cart
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for reque…
|
CWE-352
Origin Validation Error
|
CVE-2010-1542
|
2010-04-28 01:43 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275016
|
- |
|
mearra
|
addthis
|
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to in…
|
CWE-79
Cross-site Scripting
|
CVE-2010-1536
|
2010-04-28 01:04 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275017
|
- |
|
wolfram
|
webmathematica
|
Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message.
|
CWE-200
Information Exposure
|
CVE-2009-4812
|
2010-04-28 00:30 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275018
|
- |
|
mybboard
|
mybb
|
Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4813
|
2010-04-28 00:30 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275019
|
- |
|
typo3
|
typo3
|
Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote atta…
|
CWE-79
Cross-site Scripting
|
CVE-2009-0816
|
2010-04-27 14:49 |
2009-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275020
|
- |
|
reyero
|
i18n
|
Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks pr…
|
CWE-79
Cross-site Scripting
|
CVE-2010-1530
|
2010-04-27 13:00 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
