266581
|
- |
|
bouzouste
|
primitive_cms
|
cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leverage…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-3483
|
2010-09-23 13:00 |
2010-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266582
|
- |
|
lightneasy
|
lightneasy
|
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-65…
|
CWE-89
SQL Injection
|
CVE-2010-3484
|
2010-09-23 13:00 |
2010-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266583
|
- |
|
lightneasy
|
lightneasy
|
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6…
|
CWE-89
SQL Injection
|
CVE-2010-3485
|
2010-09-23 13:00 |
2010-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266584
|
- |
|
yellosoft
|
pinky
|
Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.
|
CWE-22
Path Traversal
|
CVE-2010-3487
|
2010-09-23 13:00 |
2010-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266585
|
- |
|
digitalworkroom
|
cms_digital_workroom
|
Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HT…
|
CWE-79
Cross-site Scripting
|
CVE-2010-3489
|
2010-09-23 13:00 |
2010-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266586
|
- |
|
egroupware
|
egroupware
|
Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309;…
|
CWE-79
Cross-site Scripting
|
CVE-2010-3314
|
2010-09-23 07:28 |
2010-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266587
|
- |
|
flock
|
flock
|
Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark.
|
CWE-79
Cross-site Scripting
|
CVE-2010-3202
|
2010-09-22 14:47 |
2010-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266588
|
- |
|
drupal
|
drupal
|
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to by…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-3092
|
2010-09-22 13:00 |
2010-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266589
|
- |
|
drupal
|
drupal
|
The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-3093
|
2010-09-22 13:00 |
2010-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266590
|
- |
|
drupal
|
drupal
|
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action descrip…
|
CWE-79
Cross-site Scripting
|
CVE-2010-3094
|
2010-09-22 13:00 |
2010-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|