|
363551
|
10.0 |
HIGH
|
realnetworks
|
helix_mobile_server helix_server helix_server_mobile
|
Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote…
|
CWE-119
バッファエラー
|
CVE-2010-1318
|
2010-11-24 14:00 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363552
|
6.8 |
MEDIUM
|
gnu
|
gzip
|
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infi…
|
CWE-20
不適切な入力確認
|
CVE-2009-2624
|
2010-11-18 15:29 |
2010-01-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363553
|
4.3 |
MEDIUM
|
sterlitetechnologies
|
sam300_ax_router
|
Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the Stat_Radio parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-0607
|
2010-11-4 13:00 |
2010-02-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363554
|
3.5 |
LOW
|
osticket
|
osticket
|
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-0606
|
2010-11-4 03:16 |
2010-02-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363555
|
7.5 |
HIGH
|
novaboard
|
novaboard
|
SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the nova_name cookie parameter. NOTE: the provenance of this information is…
|
CWE-89
SQLインジェクション
|
CVE-2010-0609
|
2010-11-4 02:46 |
2010-02-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363556
|
5.0 |
MEDIUM
|
ibm
|
websphere_application_server
|
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers t…
|
CWE-200
情報漏えい
|
CVE-2010-0563
|
2010-11-3 13:00 |
2010-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363557
|
4.3 |
MEDIUM
|
opera
|
opera_browser
|
Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers…
|
CWE-200
情報漏えい
|
CVE-2010-0653
|
2010-09-21 14:46 |
2010-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363558
|
4.0 |
MEDIUM
|
fujitsu
|
e-pares
|
Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-287
不適切な認証
|
CVE-2010-2149
|
2010-09-21 13:00 |
2010-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363559
|
7.5 |
HIGH
|
php_group
|
php
|
Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.
|
NVD-CWE-Other
|
CVE-2006-3018
|
2010-09-15 13:54 |
2006-06-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363560
|
4.3 |
MEDIUM
|
mono
|
mono
|
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as dem…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1459
|
2010-09-9 14:41 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363561
|
6.5 |
MEDIUM
|
otrs
|
otrs
|
Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 …
|
CWE-89
SQLインジェクション
|
CVE-2010-0438
|
2010-09-9 14:39 |
2010-02-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363562
|
7.5 |
HIGH
|
php
|
php
|
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended ac…
|
CWE-20
不適切な入力確認
|
CVE-2010-1129
|
2010-08-31 14:42 |
2010-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363563
|
5.0 |
MEDIUM
|
uninet
|
statsplus
|
Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to s…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2002-2330
|
2010-08-30 13:00 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363564
|
5.0 |
MEDIUM
|
squid-cache
|
squid
|
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (…
|
NVD-CWE-Other
|
CVE-2010-0639
|
2010-08-2 13:00 |
2010-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363565
|
5.0 |
MEDIUM
|
squid-cache
|
squid
|
Per: http://cwe.mitre.org/data/definitions/476.html
'NULL Pointer Dereference'
|
NVD-CWE-Other
|
CVE-2010-0639
|
2010-08-2 13:00 |
2010-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363566
|
4.3 |
MEDIUM
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1647
|
2010-07-30 14:48 |
2010-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363567
|
6.8 |
MEDIUM
|
mediawiki
|
mediawiki
|
Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for re…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2010-1648
|
2010-07-30 14:48 |
2010-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363568
|
7.5 |
HIGH
|
openx
|
openx
|
Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/in…
|
NVD-CWE-noinfo CWE-287
不適切な認証
|
CVE-2009-4830
|
2010-07-30 13:00 |
2010-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363569
|
7.8 |
HIGH
|
cisco
|
ios
|
Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Pro…
|
NVD-CWE-noinfo
|
CVE-2010-0584
|
2010-07-13 14:50 |
2010-03-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363570
|
4.3 |
MEDIUM
|
frank-karau
|
phpfk_php_forum
|
Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Forum ohne 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2009-4677
|
2010-07-13 14:48 |
2010-03-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363571
|
7.2 |
HIGH
|
gnome
|
screensaver
|
gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to ac…
|
NVD-CWE-Other
|
CVE-2009-4641
|
2010-07-7 13:00 |
2010-02-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363572
|
4.3 |
MEDIUM
|
tim_lochmueller
|
mydashboard
|
Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1011
|
2010-06-25 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363573
|
7.5 |
HIGH
|
fr.simon_rundell
|
pd_diocesedatabase
|
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vect…
|
CWE-89
SQLインジェクション
|
CVE-2010-1013
|
2010-06-25 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363574
|
7.5 |
HIGH
|
laurent_foulloy
|
sav_filter_abc
|
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-1015
|
2010-06-24 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363575
|
7.5 |
HIGH
|
enanocms
|
enanocms
|
SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameter…
|
CWE-89
SQLインジェクション
|
CVE-2010-0471
|
2010-06-23 13:00 |
2010-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363576
|
7.5 |
HIGH
|
opencart
|
opencart
|
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
CWE-89
SQLインジェクション
|
CVE-2010-0956
|
2010-06-23 13:00 |
2010-03-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363577
|
10.0 |
HIGH
|
apple
|
safari
|
Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at C…
|
CWE-94
コード・インジェクション
|
CVE-2010-1120
|
2010-06-23 13:00 |
2010-03-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363578
|
7.5 |
HIGH
|
gnudip
|
gnudip
|
SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from …
|
CWE-89
SQLインジェクション
|
CVE-2009-4720
|
2010-06-23 13:00 |
2010-03-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363579
|
10.0 |
HIGH
|
intersystems
|
cache_database
|
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.
|
NVD-CWE-noinfo
|
CVE-2003-1333
|
2010-06-23 13:00 |
2003-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363580
|
4.3 |
MEDIUM
|
kai_blankenhorn_bitfolge
|
simple_and_nice_index_file
|
Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2003-1334
|
2010-06-23 13:00 |
2003-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363581
|
5.0 |
MEDIUM
|
kai_blankenhorn_bitfolge
|
simple_and_nice_index_file
|
Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory.
|
CWE-22
パス・トラバーサル
|
CVE-2003-1335
|
2010-06-23 13:00 |
2003-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363582
|
4.3 |
MEDIUM
|
aprelium_technologies
|
abyss_web_server
|
CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequ…
|
NVD-CWE-Other
|
CVE-2003-1338
|
2010-06-23 13:00 |
2003-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363583
|
4.3 |
MEDIUM
|
aprelium_technologies
|
abyss_web_server
|
Per: http://cwe.mitre.org/data/definitions/93.html
'http://cwe.mitre.org/data/definitions/93.html'
|
NVD-CWE-Other
|
CVE-2003-1338
|
2010-06-23 13:00 |
2003-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363584
|
5.0 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open…
|
CWE-287
不適切な認証
|
CVE-2010-0521
|
2010-06-21 13:00 |
2010-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363585
|
9.0 |
HIGH
|
apple
|
mac_os_x_server
|
Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-0522
|
2010-06-21 13:00 |
2010-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363586
|
5.0 |
MEDIUM
|
apple
|
mac_os_x_server
|
Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a …
|
CWE-200
情報漏えい
|
CVE-2010-0523
|
2010-06-21 13:00 |
2010-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363587
|
5.0 |
MEDIUM
|
apple
|
mac_os_x_server
|
Per: http://support.apple.com/kb/HT4077
'This issue only affects Mac OS X Server systems, and does not affect versions 10.6 or later.'
|
CWE-200
情報漏えい
|
CVE-2010-0523
|
2010-06-21 13:00 |
2010-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363588
|
5.0 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make i…
|
CWE-310
暗号の問題
|
CVE-2010-0525
|
2010-06-21 13:00 |
2010-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363589
|
4.0 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-0534
|
2010-06-21 13:00 |
2010-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363590
|
6.5 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenti…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-0535
|
2010-06-21 13:00 |
2010-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363591
|
2.6 |
LOW
|
apple
|
mac_os_x mac_os_x_server
|
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-0537
|
2010-06-18 13:00 |
2010-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363592
|
6.8 |
MEDIUM
|
notsopureedit
|
notsopureedit
|
PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL…
|
CWE-94
コード・インジェクション
|
CVE-2010-1216
|
2010-06-18 13:00 |
2010-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363593
|
6.8 |
MEDIUM
|
realitymedias
|
repairshop2
|
SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a product…
|
CWE-89
SQLインジェクション
|
CVE-2010-1857
|
2010-06-14 04:18 |
2010-05-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363594
|
7.5 |
HIGH
|
xinha s9y
|
wysiwyg_editor serendipity
|
The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-1916
|
2010-06-14 04:18 |
2010-05-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363595
|
4.3 |
MEDIUM
|
zonecheck
|
zonecheck
|
Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2155
|
2010-06-14 04:18 |
2010-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363596
|
9.0 |
HIGH
|
cisco
|
mediator_framework
|
Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator…
|
NVD-CWE-noinfo
|
CVE-2010-0596
|
2010-06-14 04:16 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363597
|
9.0 |
HIGH
|
cisco
|
mediator_framework
|
Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4…
|
NVD-CWE-noinfo
|
CVE-2010-0597
|
2010-06-14 04:16 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363598
|
9.3 |
HIGH
|
cisco
|
mediator_framework
|
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Med…
|
CWE-255
証明書・パスワード管理
|
CVE-2010-0598
|
2010-06-14 04:16 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363599
|
9.3 |
HIGH
|
cisco
|
mediator_framework
|
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Med…
|
CWE-255
証明書・パスワード管理
|
CVE-2010-0599
|
2010-06-14 04:16 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363600
|
10.0 |
HIGH
|
cisco
|
mediator_framework
|
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Med…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-0600
|
2010-06-14 04:16 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|