267211
|
- |
|
mozilla
|
bugzilla
|
Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-2756
|
2010-09-8 14:48 |
2010-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267212
|
- |
|
mozilla
|
bugzilla
|
The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remot…
|
CWE-310
Cryptographic Issues
|
CVE-2010-2757
|
2010-09-8 14:48 |
2010-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267213
|
- |
|
mozilla
|
bugzilla
|
Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remo…
|
CWE-200
Information Exposure
|
CVE-2010-2758
|
2010-09-8 14:48 |
2010-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267214
|
- |
|
mozilla
|
bugzilla
|
Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases,…
|
CWE-189
Numeric Errors
|
CVE-2010-2759
|
2010-09-8 14:48 |
2010-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267215
|
- |
|
redhat
|
spice-xpi
|
The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.
|
CWE-59
Link Following
|
CVE-2010-2794
|
2010-09-8 14:48 |
2010-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267216
|
- |
|
novell
|
suse_linux
|
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session…
|
CWE-255
Credentials Management
|
CVE-2010-1507
|
2010-09-6 13:00 |
2010-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267217
|
- |
|
xmlswf
|
com_picsell
|
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfr…
|
CWE-22
Path Traversal
|
CVE-2010-3203
|
2010-09-6 13:00 |
2010-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267218
|
- |
|
common1
|
moobbs
|
Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2010-2364
|
2010-09-1 07:00 |
2010-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267219
|
- |
|
common1
|
moobbs2
|
Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2010-2365
|
2010-09-1 07:00 |
2010-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267220
|
- |
|
php
|
php
|
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended ac…
|
CWE-20
Improper Input Validation
|
CVE-2010-1129
|
2010-08-31 14:42 |
2010-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|