|
363651
|
6.8 |
MEDIUM
|
lispeltuut
|
com_archeryscores
|
Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a…
|
CWE-22
パス・トラバーサル
|
CVE-2010-1718
|
2010-06-1 13:00 |
2010-05-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363652
|
3.3 |
LOW
|
freebsd
|
freebsd
|
jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read,…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-2022
|
2010-06-1 13:00 |
2010-05-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363653
|
8.8 |
HIGH
|
intervations
|
filecopa
|
Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this informatio…
|
CWE-22
パス・トラバーサル
|
CVE-2010-2112
|
2010-06-1 13:00 |
2010-05-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363654
|
2.6 |
LOW
|
brekeke
|
pbx
|
Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.we…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2010-2114
|
2010-06-1 13:00 |
2010-05-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363655
|
5.0 |
MEDIUM
|
solarwinds
|
tftp_server
|
SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.
|
CWE-20
不適切な入力確認
|
CVE-2010-2115
|
2010-06-1 13:00 |
2010-05-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363656
|
5.0 |
MEDIUM
|
hp
|
mercury_testdirector_for_quality_center
|
Unspecified vulnerability in HP TestDirector for Quality Center 9.2 before Patch8 allows remote attackers to modify data via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2010-1959
|
2010-05-29 14:47 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363657
|
4.3 |
MEDIUM
|
microsoft
|
asp.net
|
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2084
|
2010-05-28 13:00 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363658
|
4.3 |
MEDIUM
|
microsoft
|
.net_framework
|
The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2085
|
2010-05-28 13:00 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363659
|
4.0 |
MEDIUM
|
apache
|
myfaces
|
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2086
|
2010-05-28 13:00 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363660
|
4.3 |
MEDIUM
|
microsoft
|
asp.net
|
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWST…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2088
|
2010-05-28 13:00 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363661
|
7.5 |
HIGH
|
cmsqlite
|
cmsqlite
|
SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
|
CWE-89
SQLインジェクション
|
CVE-2010-2095
|
2010-05-28 13:00 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363662
|
7.5 |
HIGH
|
cmsqlite
|
cmsqlite
|
Directory traversal vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.
|
CWE-22
パス・トラバーサル
|
CVE-2010-2096
|
2010-05-28 13:00 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363663
|
7.5 |
HIGH
|
e107
|
e107
|
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as d…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-2099
|
2010-05-28 13:00 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363664
|
6.8 |
MEDIUM
|
apache
|
apache_http_server
|
Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interactio…
|
CWE-362
競合状態
|
CVE-2010-1151
|
2010-05-27 14:49 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363665
|
7.5 |
HIGH
|
moinmo
|
moinmoin
|
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended a…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2009-4762
|
2010-05-27 14:47 |
2010-03-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363666
|
6.8 |
MEDIUM
|
cisco
|
scientific_atlanta_webstar_dpc2100r2
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2010-2025
|
2010-05-27 13:00 |
2010-05-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363667
|
6.4 |
MEDIUM
|
cisco
|
scientific_atlanta_webstar_dpc2100r2
|
The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the fi…
|
CWE-287
不適切な認証
|
CVE-2010-2026
|
2010-05-27 13:00 |
2010-05-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363668
|
5.0 |
MEDIUM
|
cisco
|
scientific_atlanta_webstar_dpc2100r2
|
The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier …
|
CWE-255
証明書・パスワード管理
|
CVE-2010-2082
|
2010-05-27 13:00 |
2010-05-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363669
|
4.0 |
MEDIUM
|
microsoft
|
dynamics_gp
|
Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors.
|
CWE-255
証明書・パスワード管理
|
CVE-2010-2083
|
2010-05-27 13:00 |
2010-05-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363670
|
4.3 |
MEDIUM
|
novell
|
access_manager
|
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restric…
|
CWE-287
不適切な認証
|
CVE-2009-4879
|
2010-05-27 13:00 |
2010-05-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363671
|
10.0 |
HIGH
|
rhinosoft
|
serv-u
|
Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Ses…
|
CWE-119
バッファエラー
|
CVE-2009-4873
|
2010-05-27 03:30 |
2010-05-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363672
|
7.5 |
HIGH
|
percha
|
com_perchafieldsattach
|
Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other im…
|
CWE-22
パス・トラバーサル
|
CVE-2010-2036
|
2010-05-26 22:44 |
2010-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363673
|
4.3 |
MEDIUM
|
phorum
|
phorum
|
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1629
|
2010-05-26 14:48 |
2010-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363674
|
4.3 |
MEDIUM
|
cactushop
|
cactushop
|
Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1486
|
2010-05-26 13:00 |
2010-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363675
|
7.5 |
HIGH
|
matamko
|
com_matamko
|
Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
CWE-22
パス・トラバーサル
|
CVE-2010-1495
|
2010-05-26 13:00 |
2010-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363676
|
7.5 |
HIGH
|
percha
|
com_perchacategoriestree
|
Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecifie…
|
CWE-22
パス・トラバーサル
|
CVE-2010-2033
|
2010-05-26 13:00 |
2010-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363677
|
7.5 |
HIGH
|
percha
|
com_perchaimageattach
|
Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impa…
|
CWE-22
パス・トラバーサル
|
CVE-2010-2034
|
2010-05-26 13:00 |
2010-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363678
|
7.5 |
HIGH
|
percha
|
com_perchagallery
|
Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact v…
|
CWE-22
パス・トラバーサル
|
CVE-2010-2035
|
2010-05-26 13:00 |
2010-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363679
|
7.5 |
HIGH
|
percha
|
com_perchadownloadsattach
|
Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified ot…
|
CWE-22
パス・トラバーサル
|
CVE-2010-2037
|
2010-05-26 13:00 |
2010-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363680
|
7.5 |
HIGH
|
shopex
|
ecshop
|
SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third part…
|
CWE-89
SQLインジェクション
|
CVE-2010-2042
|
2010-05-26 13:00 |
2010-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363681
|
4.3 |
MEDIUM
|
activehelper
|
com_activehelper_livehelp
|
Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2046
|
2010-05-26 13:00 |
2010-05-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363682
|
4.3 |
MEDIUM
|
manageengine
|
adaudit_plus
|
Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the rep…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2049
|
2010-05-26 13:00 |
2010-05-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363683
|
7.5 |
HIGH
|
debliteck
|
dbcart
|
SQL injection vulnerability in article.php in Debliteck DBCart allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQLインジェクション
|
CVE-2010-2051
|
2010-05-26 13:00 |
2010-05-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363684
|
7.5 |
HIGH
|
andreas_schwarzkopf
|
accessibility_glossary
|
SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2009-4803
|
2010-05-26 13:00 |
2010-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363685
|
7.5 |
HIGH
|
andreas_schwarzkopf
|
accessibility_glossary
|
A fix for this vulnerability was included in 0.4.11. The latest release can be downloaded at:
http://typo3.org/extensions/repository/view/a21glossary/current/
|
CWE-89
SQLインジェクション
|
CVE-2009-4803
|
2010-05-26 13:00 |
2010-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363686
|
7.5 |
HIGH
|
sun
|
opensolaris
|
The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain.
|
CWE-16
環境設定
|
CVE-2010-0559
|
2010-05-25 14:51 |
2010-02-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363687
|
2.1 |
LOW
|
info-zip
|
unzip
|
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
|
NVD-CWE-Other
|
CVE-2001-1268
|
2010-05-25 13:10 |
2001-07-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363688
|
2.1 |
LOW
|
info-zip
|
unzip
|
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
|
NVD-CWE-Other
|
CVE-2001-1269
|
2010-05-25 13:10 |
2001-07-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363689
|
3.6 |
LOW
|
xfree86_project
|
xfree86_x_server
|
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
|
NVD-CWE-Other
|
CVE-2001-1409
|
2010-05-25 13:10 |
2003-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363690
|
6.8 |
MEDIUM
|
sebrac.webcindario
|
migascms
|
SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo act…
|
CWE-89
SQLインジェクション
|
CVE-2010-2012
|
2010-05-25 02:30 |
2010-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363691
|
4.3 |
MEDIUM
|
createch-group
|
lisk_cms
|
Cross-site scripting (XSS) vulnerability in cp/list_content.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the cl or possibly id parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2014
|
2010-05-25 02:30 |
2010-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363692
|
6.8 |
MEDIUM
|
createch-group
|
lisk_cms
|
Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a view_inbox action to cp/cp_messages.php or (2) the id par…
|
CWE-89
SQLインジェクション
|
CVE-2010-2015
|
2010-05-25 02:30 |
2010-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363693
|
4.3 |
MEDIUM
|
bukulokomedia
|
lokomedia_cms
|
Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to inject arbitrary web script or HTML via the kata parameter. NOTE: some of t…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2017
|
2010-05-25 02:30 |
2010-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363694
|
6.8 |
MEDIUM
|
bukulokomedia
|
lokomedia_cms
|
SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the file parameter. NOTE: the prov…
|
CWE-89
SQLインジェクション
|
CVE-2010-2019
|
2010-05-25 02:30 |
2010-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363695
|
6.8 |
MEDIUM
|
apple
|
java
|
Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause …
|
CWE-399
リソース管理の問題
|
CVE-2010-0538
|
2010-05-24 13:00 |
2010-05-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363696
|
6.8 |
MEDIUM
|
apple
|
java_1.5 java_1.6
|
Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary c…
|
CWE-189
数値処理の問題
|
CVE-2010-0539
|
2010-05-24 13:00 |
2010-05-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363697
|
7.5 |
HIGH
|
peter_hocherl
|
com_tweetla
|
Directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
CWE-22
パス・トラバーサル
|
CVE-2010-1533
|
2010-05-24 13:00 |
2010-04-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363698
|
7.5 |
HIGH
|
peter_hocherl
|
com_travelbook
|
Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (d…
|
CWE-22
パス・トラバーサル
|
CVE-2010-1535
|
2010-05-24 13:00 |
2010-04-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363699
|
5.0 |
MEDIUM
|
myblog
|
com_myblog
|
Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. NOTE…
|
CWE-22
パス・トラバーサル
|
CVE-2010-1540
|
2010-05-24 13:00 |
2010-04-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363700
|
9.3 |
HIGH
|
bsplayer
|
bs.player
|
Stack-based buffer overflow in the media library in BS.Global BS.Player 2.51 build 1022, 2.41 build 1003, and possibly other versions allows user-assisted remote attackers to execute arbitrary code v…
|
CWE-119
バッファエラー
|
CVE-2010-2009
|
2010-05-24 13:00 |
2010-05-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|