|
255431
|
- |
|
orionserver
|
orion_application_server
|
Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a reque…
|
NVD-CWE-Other
|
CVE-2002-1859
|
2017-11-30 23:02 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255432
|
- |
|
orionserver
|
orion_application_server
|
Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error p…
|
CWE-79
Cross-site Scripting
|
CVE-2005-2981
|
2017-11-30 23:01 |
2005-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255433
|
- |
|
vtiger
|
vtiger_crm
|
Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordte…
|
CWE-200
Information Exposure
|
CVE-2008-3458
|
2017-11-23 02:25 |
2008-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255434
|
- |
|
apple
|
quicktime
|
Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer iss…
|
CWE-399
Resource Management Errors
|
CVE-2008-3628
|
2017-11-23 02:23 |
2008-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255435
|
- |
|
wordpress
|
wordpress
|
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass…
|
CWE-255
Credentials Management
|
CVE-2009-2762
|
2017-11-23 02:17 |
2009-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255436
|
- |
|
wordpress
|
wordpress
|
Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2854
|
2017-11-23 02:17 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255437
|
- |
|
verbatim
|
corporate_secure
|
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically pr…
|
CWE-255
Credentials Management
|
CVE-2010-0227
|
2017-11-23 02:16 |
2010-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255438
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the sel…
|
CWE-79
Cross-site Scripting
|
CVE-2009-3891
|
2017-11-23 02:16 |
2009-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255439
|
- |
|
microsoft
|
windows_2000
|
Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco…
|
NVD-CWE-Other
|
CVE-2006-5988
|
2017-11-23 02:06 |
2006-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255440
|
- |
|
estsoft
|
alftp
|
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a …
|
CWE-22
Path Traversal
|
CVE-2008-2702
|
2017-11-23 02:04 |
2008-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
