266001
|
- |
|
intelliants
|
esyndicat
|
Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Directory 2.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter to (1) suggest-category.php and (2…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4504
|
2010-12-9 14:00 |
2010-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266002
|
- |
|
injader
|
injader
|
Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) un and (2) pw parameters.
|
CWE-89
SQL Injection
|
CVE-2010-4505
|
2010-12-9 14:00 |
2010-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266003
|
- |
|
php
|
php
|
mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mys…
|
CWE-200
Information Exposure
|
CVE-2010-3062
|
2010-12-7 15:50 |
2010-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266004
|
- |
|
php
|
php
|
The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-3063
|
2010-12-7 15:50 |
2010-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266005
|
- |
|
php
|
php
|
Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possib…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-3064
|
2010-12-7 15:50 |
2010-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266006
|
- |
|
php
|
php
|
Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream c…
|
CWE-399
Resource Management Errors
|
CVE-2010-2093
|
2010-12-7 15:48 |
2010-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266007
|
- |
|
mono-project
|
libgdiplus
|
Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2…
|
CWE-189
Numeric Errors
|
CVE-2010-1526
|
2010-12-7 15:47 |
2010-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266008
|
- |
|
pear
|
mail
|
Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted…
|
CWE-94
Code Injection
|
CVE-2009-4111
|
2010-12-7 15:43 |
2009-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266009
|
- |
|
awstats
|
awstats
|
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC sh…
|
CWE-94
Code Injection
|
CVE-2010-4368
|
2010-12-3 14:00 |
2010-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266010
|
- |
|
awstats
|
awstats
|
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2009-5020
|
2010-12-3 01:22 |
2010-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|