|
267201
|
- |
|
uiga
|
fan_club
|
Multiple SQL injection vulnerabilities in admin/admin_login.php in Uiga Fan Club 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin_name and (2) admin_password…
|
CWE-89
SQL Injection
|
CVE-2010-1366
|
2010-04-15 05:49 |
2010-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267202
|
- |
|
uiga
|
personal_portal
|
SQL injection vulnerability in index.php in Uiga Personal Portal, as downloaded on 20100301, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. NOTE: …
|
CWE-89
SQL Injection
|
CVE-2010-1364
|
2010-04-15 04:37 |
2010-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267203
|
- |
|
ben_jeavons
|
ownterm
|
Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML…
|
CWE-79
Cross-site Scripting
|
CVE-2010-1362
|
2010-04-14 22:59 |
2010-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267204
|
- |
|
yasirpro
|
ms-pro_portal_scripti
|
YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4766
|
2010-04-14 21:44 |
2010-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267205
|
- |
|
ron_jerome
|
bibliography
|
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privil…
|
CWE-79
Cross-site Scripting
|
CVE-2010-1358
|
2010-04-14 13:00 |
2010-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267206
|
- |
|
uiga
|
fan_club
|
SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
|
CWE-89
SQL Injection
|
CVE-2010-1365
|
2010-04-14 13:00 |
2010-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267207
|
- |
|
uiga
|
fan_club
|
Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_login.php in Uiga Fan Club, as downloaded on 20100310, allow remote attackers to inject arbitrary web script or HTML via the (1) adm…
|
CWE-79
Cross-site Scripting
|
CVE-2010-1367
|
2010-04-14 13:00 |
2010-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267208
|
- |
|
preprojects
|
pre_classified_listings_asp
|
SQL injection vulnerability in detailad.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
|
CWE-89
SQL Injection
|
CVE-2010-1370
|
2010-04-14 13:00 |
2010-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267209
|
- |
|
cnr.somee
|
hikaye_portal
|
CNR Hikaye Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/hikaye.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4765
|
2010-04-14 13:00 |
2010-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267210
|
- |
|
jooforge
|
com_jukebox
|
Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller paramete…
|
CWE-22
Path Traversal
|
CVE-2010-1352
|
2010-04-14 06:31 |
2010-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
