|
260631
|
- |
|
vmware
|
server
|
Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.
|
CWE-79
Cross-site Scripting
|
CVE-2010-1193
|
2010-04-28 14:46 |
2010-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260632
|
- |
|
moinmo
|
moinmoin
|
MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-1238
|
2010-04-28 14:46 |
2010-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260633
|
- |
|
vmware
|
virtualcenter
server
esx_server
|
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via uns…
|
CWE-20
Improper Input Validation
|
CVE-2010-0686
|
2010-04-28 14:45 |
2010-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260634
|
- |
|
martin_hess
|
com_sermonspeaker
|
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopu…
|
CWE-89
SQL Injection
|
CVE-2010-1559
|
2010-04-28 13:00 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260635
|
- |
|
dlink
|
dir-615
|
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, …
|
CWE-287
Improper Authentication
|
CVE-2009-4821
|
2010-04-28 13:00 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260636
|
- |
|
james_glasgow
john_vandervort
|
autologout
|
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privi…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4829
|
2010-04-28 13:00 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260637
|
- |
|
dragonfrugal
|
dfd_cart
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for reque…
|
CWE-352
Origin Validation Error
|
CVE-2010-1542
|
2010-04-28 01:43 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260638
|
- |
|
mearra
|
addthis
|
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to in…
|
CWE-79
Cross-site Scripting
|
CVE-2010-1536
|
2010-04-28 01:04 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260639
|
- |
|
wolfram
|
webmathematica
|
Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message.
|
CWE-200
Information Exposure
|
CVE-2009-4812
|
2010-04-28 00:30 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260640
|
- |
|
mybboard
|
mybb
|
Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4813
|
2010-04-28 00:30 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
