|
260211
|
- |
|
comscripts
|
web_server_creator_web_portal
|
Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2010-1113
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260212
|
- |
|
comscripts
|
web_server_creator_web_portal
|
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (…
|
CWE-94
Code Injection
|
CVE-2010-1114
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260213
|
- |
|
comscripts
|
web_server_creator_web_portal
|
Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
|
CWE-22
Path Traversal
|
CVE-2010-1115
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260214
|
- |
|
aspindir
|
lookmer_muzik_portal
|
LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarki…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-1116
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260215
|
- |
|
georg_greve
|
spamassassin_milter_plugin
|
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacter…
|
CWE-78
OS Command
|
CVE-2010-1132
|
2017-08-17 10:32 |
2010-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260216
|
- |
|
tiki
|
tikiwiki_cms\/groupware
|
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchin…
|
CWE-89
SQL Injection
|
CVE-2010-1133
|
2017-08-17 10:32 |
2010-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260217
|
- |
|
tiki
|
tikiwiki_cms\/groupware
|
SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable.
|
CWE-89
SQL Injection
|
CVE-2010-1134
|
2017-08-17 10:32 |
2010-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260218
|
- |
|
tiki
|
tikiwiki_cms\/groupware
|
The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.
|
CWE-255
Credentials Management
|
CVE-2010-1135
|
2017-08-17 10:32 |
2010-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260219
|
- |
|
tiki
|
tikiwiki_cms\/groupware
|
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictabl…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-1136
|
2017-08-17 10:32 |
2010-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260220
|
- |
|
irssi
|
irssi
|
Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certific…
|
CWE-20
Improper Input Validation
|
CVE-2010-1155
|
2017-08-17 10:32 |
2010-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
