|
363601
|
4.3 |
MEDIUM
|
zonecheck
|
zonecheck
|
Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2009-4882
|
2010-06-14 04:15 |
2010-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363602
|
10.0 |
HIGH
|
ibm
|
db2_content_manager
|
Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Con…
|
NVD-CWE-noinfo
|
CVE-2010-1041
|
2010-06-11 13:00 |
2010-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363603
|
7.5 |
HIGH
|
focusdev
|
com_mv_restaurantmenumanager
|
SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to e…
|
CWE-89
SQLインジェクション
|
CVE-2010-1468
|
2010-06-11 13:00 |
2010-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363604
|
6.8 |
MEDIUM
|
ternaria
|
com_jprojectmanager
|
Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspec…
|
CWE-22
パス・トラバーサル
|
CVE-2010-1469
|
2010-06-11 13:00 |
2010-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363605
|
7.5 |
HIGH
|
dev.pucit.edu.pk
|
com_webtv
|
Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in …
|
CWE-22
パス・トラバーサル
|
CVE-2010-1470
|
2010-06-11 13:00 |
2010-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363606
|
7.5 |
HIGH
|
b-elektro
|
com_addressbook
|
Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to in…
|
CWE-22
パス・トラバーサル
|
CVE-2010-1471
|
2010-06-11 13:00 |
2010-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363607
|
7.5 |
HIGH
|
kazulah
|
com_horoscope
|
Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to …
|
CWE-22
パス・トラバーサル
|
CVE-2010-1472
|
2010-06-11 13:00 |
2010-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363608
|
6.8 |
MEDIUM
|
johnmccollum
|
com_advertising
|
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (…
|
CWE-22
パス・トラバーサル
|
CVE-2010-1473
|
2010-06-11 13:00 |
2010-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363609
|
6.8 |
MEDIUM
|
alphaplug
|
com_alphauserpoints
|
Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact v…
|
CWE-22
パス・トラバーサル
|
CVE-2010-1476
|
2010-06-11 13:00 |
2010-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363610
|
7.5 |
HIGH
|
martin_hess
|
com_sermonspeaker
|
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_serm…
|
CWE-89
SQLインジェクション
|
CVE-2010-1477
|
2010-06-11 13:00 |
2010-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363611
|
6.8 |
MEDIUM
|
ternaria
|
com_jfeedback
|
Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other …
|
CWE-22
パス・トラバーサル
|
CVE-2010-1478
|
2010-06-11 13:00 |
2010-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363612
|
7.5 |
HIGH
|
rockettheme
|
com_rokmodule
|
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.ph…
|
CWE-89
SQLインジェクション
|
CVE-2010-1479
|
2010-06-11 13:00 |
2010-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363613
|
6.8 |
MEDIUM
|
pligg
|
pligg_cms
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have u…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2009-4787
|
2010-06-11 13:00 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363614
|
7.5 |
HIGH
|
shape5
|
bridge_of_hope_template
|
SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
|
CWE-89
SQLインジェクション
|
CVE-2010-2254
|
2010-06-10 13:00 |
2010-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363615
|
7.5 |
HIGH
|
tamlyncreative
|
com_bfsurvey_profree com_bfsurvey_pro com_bfsurvey_basic
|
SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joo…
|
CWE-89
SQLインジェクション
|
CVE-2010-2255
|
2010-06-10 13:00 |
2010-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363616
|
4.3 |
MEDIUM
|
payperviewvideosoftware
|
pay_per_minute_video_chat_script
|
Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/mem…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2256
|
2010-06-10 13:00 |
2010-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363617
|
7.5 |
HIGH
|
payperviewvideosoftware
|
pay_per_minute_video_chat_script
|
SQL injection vulnerability in index_ie.php in Pay Per Minute Video Chat Script 2.0 and 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
CWE-89
SQLインジェクション
|
CVE-2010-2257
|
2010-06-10 13:00 |
2010-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363618
|
7.5 |
HIGH
|
tamlyncreative
|
com_bfsurvey_profree com_bfsurvey_pro com_bfsurvey_basic
|
Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller param…
|
CWE-22
パス・トラバーサル
|
CVE-2010-2259
|
2010-06-10 13:00 |
2010-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363619
|
4.3 |
MEDIUM
|
apple
|
safari
|
JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurren…
|
NVD-CWE-noinfo
|
CVE-2010-1131
|
2010-06-8 13:00 |
2010-03-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363620
|
7.5 |
HIGH
|
rockettheme
|
com_rokmodule
|
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of …
|
CWE-89
SQLインジェクション
|
CVE-2010-1480
|
2010-06-8 13:00 |
2010-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363621
|
2.1 |
LOW
|
speedtech
|
storm
|
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary we…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2158
|
2010-06-8 13:00 |
2010-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363622
|
4.3 |
MEDIUM
|
novell
|
netware
|
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, …
|
NVD-CWE-noinfo
|
CVE-2003-1591
|
2010-06-8 13:00 |
2010-04-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363623
|
7.5 |
HIGH
|
novell
|
netware_ftp_server netware
|
NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass i…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2003-1596
|
2010-06-8 13:00 |
2010-04-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363624
|
4.0 |
MEDIUM
|
novell
|
netware_ftp_server netware
|
NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command.
|
NVD-CWE-noinfo CWE-20
不適切な入力確認
|
CVE-2002-2433
|
2010-06-8 13:00 |
2010-04-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363625
|
5.0 |
MEDIUM
|
novell
|
netware_ftp_server netware
|
NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not properly listen for data connections, which allows remote attackers to cause a denial of service (abend) via multiple FTP sessions.
|
NVD-CWE-noinfo
|
CVE-2002-2434
|
2010-06-8 13:00 |
2010-04-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363626
|
1.9 |
LOW
|
gnu
|
nano
|
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a …
|
CWE-59
リンク解釈の問題
|
CVE-2010-1160
|
2010-06-7 13:00 |
2010-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363627
|
3.7 |
LOW
|
gnu
|
nano
|
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related…
|
CWE-362
競合状態
|
CVE-2010-1161
|
2010-06-7 13:00 |
2010-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363628
|
9.3 |
HIGH
|
emweb
|
wt
|
Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors.
|
CWE-20
不適切な入力確認
|
CVE-2010-1273
|
2010-06-7 13:00 |
2010-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363629
|
9.3 |
HIGH
|
jasper
|
httpdx
|
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET re…
|
CWE-134
書式文字列の問題
|
CVE-2009-4769
|
2010-06-7 13:00 |
2010-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363630
|
7.5 |
HIGH
|
jasper
|
httpdx
|
The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged acce…
|
CWE-255
証明書・パスワード管理
|
CVE-2009-4770
|
2010-06-7 13:00 |
2010-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363631
|
9.3 |
HIGH
|
hitachi
|
ucosminexus\/opentp1_web_web_front-endset ucosminexus_application_server ucosminexus_client ucosminexus_collaboration ucosminexus_developer ucosminexus_operator ucosminexus_service_…
|
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C+…
|
CWE-119
バッファエラー
|
CVE-2009-4776
|
2010-06-7 13:00 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363632
|
7.5 |
HIGH
|
kolab
|
kolab_server
|
Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form."
|
NVD-CWE-noinfo
|
CVE-2009-4824
|
2010-06-5 14:31 |
2010-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363633
|
4.3 |
MEDIUM
|
zeeways
|
ebay_clone_auction_script
|
Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of th…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2144
|
2010-06-4 13:00 |
2010-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363634
|
7.5 |
HIGH
|
graviton-mediatech
|
visitor_logger
|
PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter.
|
CWE-94
コード・インジェクション
|
CVE-2010-2146
|
2010-06-4 13:00 |
2010-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363635
|
4.3 |
MEDIUM
|
fujitsu
|
e-pares
|
Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2150
|
2010-06-4 13:00 |
2010-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363636
|
2.6 |
LOW
|
fujitsu
|
e-pares
|
Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify …
|
CWE-352
同一生成元ポリシー違反
|
CVE-2010-2151
|
2010-06-4 13:00 |
2010-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363637
|
6.8 |
MEDIUM
|
tecnick
|
tcexam
|
Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an exe…
|
NVD-CWE-Other
|
CVE-2010-2153
|
2010-06-4 13:00 |
2010-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363638
|
6.8 |
MEDIUM
|
tecnick
|
tcexam
|
Per: http://cwe.mitre.org/data/definitions/434.html
'CWE-434: Unrestricted Upload of File with Dangerous Type'
|
NVD-CWE-Other
|
CVE-2010-2153
|
2010-06-4 13:00 |
2010-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363639
|
5.0 |
MEDIUM
|
dovecot
|
dovecot
|
Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
|
CWE-399
リソース管理の問題
|
CVE-2010-0745
|
2010-06-3 14:54 |
2010-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363640
|
7.5 |
HIGH
|
barnowl
|
barnowl
|
Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header.
|
CWE-119
バッファエラー
|
CVE-2010-0793
|
2010-06-3 14:54 |
2010-03-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363641
|
6.8 |
MEDIUM
|
typo3
|
typo3
|
PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className v…
|
CWE-94
コード・インジェクション
|
CVE-2010-1153
|
2010-06-3 13:00 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363642
|
7.5 |
HIGH
|
multishopcms
|
multishop_cms
|
SQL injection vulnerability in pages.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the det…
|
CWE-89
SQLインジェクション
|
CVE-2010-2139
|
2010-06-3 13:00 |
2010-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363643
|
7.5 |
HIGH
|
multishopcms
|
multishop_cms
|
SQL injection vulnerability in itemdetail.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: the provenance of this information is unknown…
|
CWE-89
SQLインジェクション
|
CVE-2010-2140
|
2010-06-3 13:00 |
2010-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363644
|
7.5 |
HIGH
|
joaktree
|
com_joaktree
|
SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php.
|
CWE-89
SQLインジェクション
|
CVE-2009-4784
|
2010-06-3 13:00 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363645
|
7.5 |
HIGH
|
bhavesh_chauhan
|
com_quicknews
|
SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.p…
|
CWE-89
SQLインジェクション
|
CVE-2009-4785
|
2010-06-3 13:00 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363646
|
4.3 |
MEDIUM
|
pligg
|
pligg_cms
|
Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/lo…
|
CWE-20
不適切な入力確認
|
CVE-2009-4788
|
2010-06-3 13:00 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363647
|
7.5 |
HIGH
|
mojoblog
|
mojoblog
|
Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path paramete…
|
CWE-94
コード・インジェクション
|
CVE-2009-4789
|
2010-06-3 13:00 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363648
|
7.5 |
HIGH
|
mojoblog
|
mojoblog
|
Per http://extensions.joomla.org/extensions/3374/details:
Editor's note
This extension has been unpublished for the following reason:
* This extension is not compatible with Joomla! 1.5
|
CWE-94
コード・インジェクション
|
CVE-2009-4789
|
2010-06-3 13:00 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363649
|
9.0 |
HIGH
|
sysax
|
multi_server
|
Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. NOTE: the provenance of this infor…
|
CWE-22
パス・トラバーサル
|
CVE-2009-4790
|
2010-06-3 13:00 |
2010-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363650
|
4.6 |
MEDIUM
|
amsn
|
amsn
|
login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation.
|
CWE-255
証明書・パスワード管理
|
CVE-2008-7255
|
2010-06-3 13:00 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|