|
267191
|
- |
|
speedtech
|
storm
|
The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4515
|
2010-01-9 05:29 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267192
|
- |
|
nanwich
|
faq_ask
|
Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requ…
|
CWE-352
Origin Validation Error
|
CVE-2009-4517
|
2010-01-9 02:50 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267193
|
- |
|
verbatim
|
corporate_secure
|
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proxima…
|
CWE-310
Cryptographic Issues
|
CVE-2010-0228
|
2010-01-8 14:00 |
2010-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267194
|
- |
|
verbatim
|
corporate_secure
|
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents…
|
CWE-255
Credentials Management
|
CVE-2010-0229
|
2010-01-8 14:00 |
2010-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267195
|
- |
|
typo3
|
xds_staff
|
SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-4392
|
2010-01-8 14:00 |
2009-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267196
|
- |
|
malcom_box
|
lxr_cross_referencer
|
Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attackers to inject arbitrary web script or HTML via the i parameter to the ident program.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4497
|
2010-01-8 14:00 |
2010-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267197
|
- |
|
nanwich
|
faq_ask
|
Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4516
|
2010-01-8 14:00 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267198
|
- |
|
wowd
|
wowd
|
Multiple cross-site scripting (XSS) vulnerabilities in index.html in Wowd client before 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby, (2) tags, or (3) ctx pa…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4586
|
2010-01-8 14:00 |
2010-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267199
|
- |
|
jesse_smith
|
bftpd
|
The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to …
|
NVD-CWE-Other
|
CVE-2009-4593
|
2010-01-8 14:00 |
2010-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267200
|
- |
|
joomlabiblestudy
|
com_biblestudy
|
Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controll…
|
CWE-22
Path Traversal
|
CVE-2010-0157
|
2010-01-7 14:00 |
2010-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
