|
260611
|
- |
|
vpasp
|
vp-asp_shopping_cart
|
Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2010-1590
|
2010-04-29 13:00 |
2010-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260612
|
- |
|
sisoftware
|
sandra
|
sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in SiSoftware Sandra 16.10.2010.1 and earlier allows local users to gain privileges or cause a denial of service (system crash) via unspec…
|
CWE-20
Improper Input Validation
|
CVE-2010-1592
|
2010-04-29 13:00 |
2010-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260613
|
- |
|
vmware
|
server
|
Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.
|
CWE-79
Cross-site Scripting
|
CVE-2010-1193
|
2010-04-28 14:46 |
2010-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260614
|
- |
|
moinmo
|
moinmoin
|
MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-1238
|
2010-04-28 14:46 |
2010-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260615
|
- |
|
vmware
|
virtualcenter
server
esx_server
|
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via uns…
|
CWE-20
Improper Input Validation
|
CVE-2010-0686
|
2010-04-28 14:45 |
2010-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260616
|
- |
|
martin_hess
|
com_sermonspeaker
|
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopu…
|
CWE-89
SQL Injection
|
CVE-2010-1559
|
2010-04-28 13:00 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260617
|
- |
|
dlink
|
dir-615
|
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, …
|
CWE-287
Improper Authentication
|
CVE-2009-4821
|
2010-04-28 13:00 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260618
|
- |
|
james_glasgow
john_vandervort
|
autologout
|
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privi…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4829
|
2010-04-28 13:00 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260619
|
- |
|
dragonfrugal
|
dfd_cart
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for reque…
|
CWE-352
Origin Validation Error
|
CVE-2010-1542
|
2010-04-28 01:43 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260620
|
- |
|
mearra
|
addthis
|
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to in…
|
CWE-79
Cross-site Scripting
|
CVE-2010-1536
|
2010-04-28 01:04 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
