|
266081
|
- |
|
ibm
|
websphere_application_server
|
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attacke…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4220
|
2010-11-10 14:00 |
2010-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266082
|
- |
|
turbogears
|
turbogears2
|
The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2009-5015
|
2010-11-10 03:12 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266083
|
- |
|
transware
|
active\!_mail
|
CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unsp…
|
CWE-94
Code Injection
|
CVE-2010-3913
|
2010-11-9 14:00 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266084
|
- |
|
bankofamerica
|
bank_of_america
|
The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading applicat…
|
CWE-310
Cryptographic Issues
|
CVE-2010-4213
|
2010-11-9 14:00 |
2010-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266085
|
- |
|
wellsfargo
|
wells_fargo_mobile
|
The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive info…
|
CWE-310
Cryptographic Issues
|
CVE-2010-4214
|
2010-11-9 14:00 |
2010-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266086
|
- |
|
turbogears
|
turbogears2
|
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authoriz…
|
CWE-310
Cryptographic Issues
|
CVE-2009-5014
|
2010-11-9 14:00 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266087
|
- |
|
gnome
|
gnome-shell
|
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working dire…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-4000
|
2010-11-8 14:00 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266088
|
- |
|
hp
|
virtual_server_environment
|
Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2010-3990
|
2010-11-6 14:39 |
2010-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266089
|
- |
|
hp
|
hp
version_control_repository_manager
|
Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2010-3994
|
2010-11-6 14:39 |
2010-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266090
|
- |
|
cisco
|
ciscoworks_common_services
ciscoworks_lan_management_solution
qos_policy_manager
security_manager
telepresence_readiness_assessment_manager
unified_operations_manager
unified_servic…
|
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-3036
|
2010-11-6 14:38 |
2010-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
