256821
|
- |
|
vwar
|
virtual_war
|
Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challe…
|
CWE-79
Cross-site Scripting
|
CVE-2010-5064
|
2012-10-8 19:47 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256822
|
- |
|
vwar
|
virtual_war
|
popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5065
|
2012-10-8 19:47 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256823
|
- |
|
vwar
|
virtual_war
|
The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which mak…
|
CWE-310
Cryptographic Issues
|
CVE-2010-5066
|
2012-10-8 19:47 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256824
|
- |
|
vwar
|
virtual_war
|
Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access f…
|
CWE-255
Credentials Management
|
CVE-2010-5067
|
2012-10-8 19:47 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256825
|
- |
|
vwar
|
virtual_war
|
article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter.
|
CWE-189
Numeric Errors
|
CVE-2010-5279
|
2012-10-8 19:47 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256826
|
- |
|
aidanlister
|
regcode
|
The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1623
|
2012-10-8 13:00 |
2012-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256827
|
- |
|
yuriy_v_semenikhin
|
yvs_image_gallery
|
Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOT…
|
CWE-94
Code Injection
|
CVE-2012-5304
|
2012-10-8 13:00 |
2012-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256828
|
- |
|
frii
|
proc\
|
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
|
CWE-59
Link Following
|
CVE-2011-4363
|
2012-10-8 13:00 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256829
|
- |
|
joomla
|
joomla\!
|
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/vi…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4909
|
2012-10-8 13:00 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256830
|
- |
|
joomla
|
joomla\!
|
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4910
|
2012-10-8 13:00 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|