|
259151
|
- |
|
blogcms
|
blog\
|
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php a…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4749
|
2011-09-22 12:27 |
2011-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259152
|
- |
|
blogcms
|
blog\
|
Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.
|
CWE-352
Origin Validation Error
|
CVE-2010-4750
|
2011-09-22 12:27 |
2011-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259153
|
- |
|
commodityrentals
|
dvd_rentals_script
|
SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
|
CWE-89
SQL Injection
|
CVE-2010-4770
|
2011-09-22 12:27 |
2011-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259154
|
- |
|
enanocms
|
enano_cms
|
SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote atta…
|
CWE-89
SQL Injection
|
CVE-2010-4780
|
2011-09-22 12:27 |
2011-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259155
|
- |
|
enanocms
|
enano_cms
|
index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals…
|
CWE-200
Information Exposure
|
CVE-2010-4781
|
2011-09-22 12:27 |
2011-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259156
|
- |
|
softwebsnepal
|
ananda_real_estate
|
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) stat…
|
CWE-89
SQL Injection
|
CVE-2010-4782
|
2011-09-22 12:27 |
2011-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259157
|
- |
|
t-dreams
|
job_career_package
|
SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter.
|
CWE-89
SQL Injection
|
CVE-2010-4830
|
2011-09-22 12:27 |
2011-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259158
|
- |
|
citrix
|
access_gateway
|
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and …
|
NVD-CWE-noinfo
|
CVE-2010-4566
|
2011-09-22 12:26 |
2011-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259159
|
- |
|
realnetworks
|
realplayer
realplayer_sp
|
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during p…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-3747
|
2011-09-22 12:25 |
2010-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259160
|
- |
|
debian
|
horde
horde_groupware
|
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files vi…
|
CWE-22
Path Traversal
|
CVE-2009-0932
|
2011-09-22 12:07 |
2009-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
