|
266111
|
- |
|
blueriver
|
sava_cms
mura_cms
|
Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot …
|
CWE-22
Path Traversal
|
CVE-2010-3468
|
2010-09-30 13:00 |
2010-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266112
|
- |
|
drupal
peter_wolanin
|
drupal
openid
|
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which all…
|
CWE-287
Improper Authentication
|
CVE-2010-3685
|
2010-09-30 13:00 |
2010-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266113
|
- |
|
drupal
peter_wolanin
|
drupal
openid
|
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attacker…
|
CWE-287
Improper Authentication
|
CVE-2010-3686
|
2010-09-30 13:00 |
2010-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266114
|
- |
|
alex_kellner
|
powermail
|
Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validate…
|
NVD-CWE-noinfo
|
CVE-2010-3687
|
2010-09-30 13:00 |
2010-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266115
|
- |
|
vmware
|
workstation
player
|
The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-3277
|
2010-09-29 13:00 |
2010-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266116
|
- |
|
alex_kellner
|
powermail
|
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2010-3605
|
2010-09-28 05:38 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266117
|
- |
|
salvo_g._tomaselli
|
weborf
|
Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI.
|
CWE-22
Path Traversal
|
CVE-2010-3306
|
2010-09-27 13:00 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266118
|
- |
|
invisionpower
|
ibphotohost
|
SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.
|
CWE-89
SQL Injection
|
CVE-2010-3601
|
2010-09-27 13:00 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266119
|
- |
|
alex_kellner
|
powermail
|
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2010-3604
|
2010-09-27 13:00 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266120
|
- |
|
wire_plastic_design
|
wpquiz
|
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.
|
CWE-89
SQL Injection
|
CVE-2010-3608
|
2010-09-27 13:00 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
