257601
|
7.5 |
HIGH
|
gatesoft
|
docusafe
|
SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtain…
|
CWE-89
SQLインジェクション
|
CVE-2010-4736
|
2011-09-22 12:27 |
2011-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257602
|
7.5 |
HIGH
|
hotwebscripts
|
hotweb_rentals
|
SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter.
|
CWE-89
SQLインジェクション
|
CVE-2010-4737
|
2011-09-22 12:27 |
2011-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257603
|
7.5 |
HIGH
|
raemedia
|
real_estate_single_and_multi_agent_system
|
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/cit…
|
CWE-89
SQLインジェクション
|
CVE-2010-4738
|
2011-09-22 12:27 |
2011-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257604
|
9.3 |
HIGH
|
scadaengine
|
bacnet_opc_client
|
Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a statu…
|
CWE-119
バッファエラー
|
CVE-2010-4740
|
2011-09-22 12:27 |
2011-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257605
|
4.3 |
MEDIUM
|
pmwiki
|
pmwiki
|
Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-4748
|
2011-09-22 12:27 |
2011-03-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257606
|
4.3 |
MEDIUM
|
blogcms
|
blog\
|
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php a…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-4749
|
2011-09-22 12:27 |
2011-03-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257607
|
6.8 |
MEDIUM
|
blogcms
|
blog\
|
Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2010-4750
|
2011-09-22 12:27 |
2011-03-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257608
|
7.5 |
HIGH
|
commodityrentals
|
dvd_rentals_script
|
SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
|
CWE-89
SQLインジェクション
|
CVE-2010-4770
|
2011-09-22 12:27 |
2011-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257609
|
7.5 |
HIGH
|
enanocms
|
enano_cms
|
SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote atta…
|
CWE-89
SQLインジェクション
|
CVE-2010-4780
|
2011-09-22 12:27 |
2011-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257610
|
5.0 |
MEDIUM
|
enanocms
|
enano_cms
|
index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals…
|
CWE-200
情報漏えい
|
CVE-2010-4781
|
2011-09-22 12:27 |
2011-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257611
|
7.5 |
HIGH
|
softwebsnepal
|
ananda_real_estate
|
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) stat…
|
CWE-89
SQLインジェクション
|
CVE-2010-4782
|
2011-09-22 12:27 |
2011-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257612
|
7.5 |
HIGH
|
t-dreams
|
job_career_package
|
SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter.
|
CWE-89
SQLインジェクション
|
CVE-2010-4830
|
2011-09-22 12:27 |
2011-08-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257613
|
9.3 |
HIGH
|
citrix
|
access_gateway
|
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and …
|
NVD-CWE-noinfo
|
CVE-2010-4566
|
2011-09-22 12:26 |
2011-01-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257614
|
9.3 |
HIGH
|
realnetworks
|
realplayer realplayer_sp
|
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during p…
|
CWE-119
バッファエラー
|
CVE-2010-3747
|
2011-09-22 12:25 |
2010-10-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257615
|
6.4 |
MEDIUM
|
debian
|
horde horde_groupware
|
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files vi…
|
CWE-22
パス・トラバーサル
|
CVE-2009-0932
|
2011-09-22 12:07 |
2009-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257616
|
5.0 |
MEDIUM
|
cogentdatahub
|
cogent_datahub
|
Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value.
|
CWE-189
数値処理の問題
|
CVE-2011-3501
|
2011-09-21 13:00 |
2011-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257617
|
9.3 |
HIGH
|
novell
|
iprint_client
|
Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method…
|
CWE-119
バッファエラー
|
CVE-2010-4321
|
2011-09-21 13:00 |
2010-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257618
|
4.0 |
MEDIUM
|
apple freebsd netbsd openbsd
|
mac_os_x freebsd netbsd openbsd
|
The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (C…
|
CWE-399
リソース管理の問題
|
CVE-2010-4754
|
2011-09-21 13:00 |
2011-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257619
|
4.3 |
MEDIUM
|
seattle_lab_software
|
slnet_rf_telnet_server
|
SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL …
|
CWE-119
バッファエラー
|
CVE-2008-0152
|
2011-09-21 13:00 |
2008-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257620
|
9.3 |
HIGH
|
zenturi
|
zenturi_programchecker
|
Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) Debu…
|
CWE-119
バッファエラー
|
CVE-2007-2987
|
2011-09-20 13:00 |
2007-06-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257621
|
9.3 |
HIGH
|
zenturi
|
zenturi_programchecker
|
Failed exploit attempts will likely result in denial-of-service condition.
|
CWE-119
バッファエラー
|
CVE-2007-2987
|
2011-09-20 13:00 |
2007-06-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257622
|
5.0 |
MEDIUM
|
cogentdatahub
|
cogent_datahub
|
Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.
|
CWE-22
パス・トラバーサル
|
CVE-2011-3500
|
2011-09-19 13:00 |
2011-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257623
|
5.0 |
MEDIUM
|
cogentdatahub
|
cogent_datahub
|
The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot).
|
CWE-200
情報漏えい
|
CVE-2011-3502
|
2011-09-19 13:00 |
2011-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257624
|
10.0 |
HIGH
|
proftpd
|
proftpd
|
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC esca…
|
CWE-119
バッファエラー
|
CVE-2010-4221
|
2011-09-15 12:18 |
2010-11-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257625
|
7.1 |
HIGH
|
proftpd
|
proftpd
|
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modi…
|
CWE-22
パス・トラバーサル
|
CVE-2010-3867
|
2011-09-15 12:17 |
2010-11-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257626
|
6.9 |
MEDIUM
|
banshee-project
|
banshee
|
The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse share…
|
NVD-CWE-Other
|
CVE-2010-3998
|
2011-09-15 12:17 |
2010-11-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257627
|
6.9 |
MEDIUM
|
nick_copeland
|
bristol
|
startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directo…
|
NVD-CWE-Other
|
CVE-2010-3351
|
2011-09-15 12:16 |
2010-10-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257628
|
4.9 |
MEDIUM
|
kernel linux
|
linux_kernel
|
The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of ser…
|
CWE-119
バッファエラー
|
CVE-2009-3288
|
2011-09-15 12:06 |
2009-09-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257629
|
4.3 |
MEDIUM
|
mark_stosberg
|
data\
|
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-2201
|
2011-09-15 01:05 |
2011-09-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257630
|
4.3 |
MEDIUM
|
sage-mozdev
|
sage
|
Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-3384
|
2011-09-14 13:00 |
2011-09-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257631
|
7.5 |
HIGH
|
edgetechweb
|
event_registration
|
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.
|
CWE-89
SQLインジェクション
|
CVE-2010-4839
|
2011-09-14 13:00 |
2011-09-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257632
|
7.1 |
HIGH
|
hp
|
palm_pre_webos
|
Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3.
|
CWE-94
コード・インジェクション
|
CVE-2009-5097
|
2011-09-14 13:00 |
2011-09-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257633
|
4.3 |
MEDIUM
|
webmin
|
usermin webmin
|
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2)…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-3156
|
2011-09-13 13:00 |
2007-06-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257634
|
4.3 |
MEDIUM
|
zwahlen_informatik
|
online_shop
|
Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2006-5534
|
2011-09-13 13:00 |
2006-10-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257635
|
4.3 |
MEDIUM
|
spymac
|
spymac_web_os
|
Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter in in…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2005-3511
|
2011-09-13 13:00 |
2005-11-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257636
|
3.5 |
LOW
|
horde
|
horde_application_framework
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demons…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2005-4190
|
2011-09-13 13:00 |
2005-12-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257637
|
4.3 |
MEDIUM
|
iatek
|
projectapp
|
Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) searc…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2005-4485
|
2011-09-13 13:00 |
2005-12-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257638
|
4.3 |
MEDIUM
|
sitekit_solutions
|
sitekit_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2005-4491
|
2011-09-13 13:00 |
2005-12-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257639
|
6.8 |
MEDIUM
|
iisworks
|
aspknowledgebase
|
Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrat…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2005-4658
|
2011-09-13 13:00 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257640
|
7.5 |
HIGH
|
oneplug_solutions
|
oneplug_cms
|
Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Servi…
|
CWE-89
SQLインジェクション
|
CVE-2006-0115
|
2011-09-8 13:00 |
2006-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257641
|
6.8 |
MEDIUM
|
runcms
|
runcms
|
Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] pa…
|
CWE-94
コード・インジェクション
|
CVE-2006-0659
|
2011-09-8 13:00 |
2006-02-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257642
|
6.8 |
MEDIUM
|
runcms
|
runcms
|
Successful exploitation requires that both "register_globals" and "allow_url_fopen" are enabled.
|
CWE-94
コード・インジェクション
|
CVE-2006-0659
|
2011-09-8 13:00 |
2006-02-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257643
|
7.5 |
HIGH
|
joomla
|
joomla
|
Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors.
|
CWE-89
SQLインジェクション
|
CVE-2006-1049
|
2011-09-8 13:00 |
2006-03-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257644
|
7.5 |
HIGH
|
castor
|
castor
|
Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib…
|
CWE-94
コード・インジェクション
|
CVE-2006-5481
|
2011-09-8 13:00 |
2006-10-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257645
|
7.5 |
HIGH
|
paristemi
|
paristemi
|
Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scrip…
|
CWE-94
コード・インジェクション
|
CVE-2006-6689
|
2011-09-8 13:00 |
2006-12-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257646
|
7.5 |
HIGH
|
papoo
|
papoo
|
Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the…
|
CWE-89
SQLインジェクション
|
CVE-2005-4478
|
2011-09-8 13:00 |
2005-12-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257647
|
9.3 |
HIGH
|
ffmpeg mplayerhq
|
ffmpeg mplayer
|
The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact …
|
CWE-20
不適切な入力確認
|
CVE-2011-2160
|
2011-09-7 12:17 |
2011-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257648
|
7.2 |
HIGH
|
nrl
|
opie
|
Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line.
|
CWE-189
数値処理の問題
|
CVE-2011-2489
|
2011-09-7 12:17 |
2011-07-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257649
|
7.2 |
HIGH
|
nrl
|
opie
|
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already …
|
CWE-20
不適切な入力確認
|
CVE-2011-2490
|
2011-09-7 12:17 |
2011-07-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
257650
|
5.0 |
MEDIUM
|
digium
|
asterisk
|
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards…
|
CWE-200
情報漏えい
|
CVE-2011-2536
|
2011-09-7 12:17 |
2011-07-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|