266841
|
- |
|
mozilla
|
bugzilla
|
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local user…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-2470
|
2010-06-29 13:00 |
2010-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266842
|
- |
|
splunk
|
splunk
|
Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to mo…
|
CWE-22
Path Traversal
|
CVE-2010-2502
|
2010-06-29 13:00 |
2010-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266843
|
- |
|
splunk
|
splunk
|
Per: http://www.splunk.com/view/SP-CAAAFGD
'Splunk recommends that customers only apply the patch as a last resort, in situations where they are unable to upgrade immediately.'
|
CWE-22
Path Traversal
|
CVE-2010-2502
|
2010-06-29 13:00 |
2010-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266844
|
- |
|
splunk
|
splunk
|
Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; …
|
CWE-79
Cross-site Scripting
|
CVE-2010-2503
|
2010-06-29 13:00 |
2010-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266845
|
- |
|
splunk
|
splunk
|
Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.
|
NVD-CWE-Other
|
CVE-2010-2504
|
2010-06-29 13:00 |
2010-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266846
|
- |
|
saschart
|
sascam_webcam_server
|
Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long G…
|
CWE-20
Improper Input Validation
|
CVE-2010-2505
|
2010-06-29 13:00 |
2010-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266847
|
- |
|
2daybiz
|
web_template_software
|
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and th…
|
CWE-79
Cross-site Scripting
|
CVE-2010-2509
|
2010-06-29 13:00 |
2010-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266848
|
- |
|
2daybiz
|
web_template_software
|
SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter.
|
CWE-89
SQL Injection
|
CVE-2010-2510
|
2010-06-29 13:00 |
2010-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266849
|
- |
|
2daybiz
|
multi_level_marketing_software
|
SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter.
|
CWE-89
SQL Injection
|
CVE-2010-2511
|
2010-06-29 13:00 |
2010-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266850
|
- |
|
2daybiz
|
matrimonial_script
|
SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2010-2512
|
2010-06-29 13:00 |
2010-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|