|
363701
|
4.0 |
MEDIUM
|
microsoft
|
dynamics_gp
|
Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive informatio…
|
CWE-310
暗号の問題
|
CVE-2010-2011
|
2010-05-24 13:00 |
2010-05-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363702
|
6.8 |
MEDIUM
|
scriptsez
|
mini_hosting_panel
|
Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter …
|
CWE-352
同一生成元ポリシー違反
|
CVE-2009-4826
|
2010-05-24 13:00 |
2010-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363703
|
6.8 |
MEDIUM
|
scriptez
|
mail_manager_pro
|
Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2009-4827
|
2010-05-24 13:00 |
2010-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363704
|
6.8 |
MEDIUM
|
phpwebscripts
|
ad_manager_pro
|
Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for reques…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2009-4828
|
2010-05-24 13:00 |
2010-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363705
|
6.8 |
MEDIUM
|
stafford.uklinux
|
libesmtp
|
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attack…
|
CWE-310
暗号の問題
|
CVE-2010-1192
|
2010-05-22 14:46 |
2010-04-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363706
|
6.8 |
MEDIUM
|
stafford.uklinux
|
libesmtp
|
The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attac…
|
CWE-310
暗号の問題
|
CVE-2010-1194
|
2010-05-22 14:46 |
2010-04-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363707
|
4.3 |
MEDIUM
|
hp
|
insight_control_server_migration_for_windows
|
Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1557
|
2010-05-21 14:59 |
2010-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363708
|
7.8 |
HIGH
|
cisco
|
pgw_2200_softswitch
|
The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a l…
|
CWE-20
不適切な入力確認
|
CVE-2010-1561
|
2010-05-21 14:59 |
2010-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363709
|
7.8 |
HIGH
|
cisco
|
pgw_2200_softswitch
|
The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a mal…
|
CWE-20
不適切な入力確認
|
CVE-2010-1562
|
2010-05-21 14:59 |
2010-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363710
|
7.8 |
HIGH
|
cisco
|
pgw_2200_softswitch
|
The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a mal…
|
CWE-20
不適切な入力確認
|
CVE-2010-1563
|
2010-05-21 14:59 |
2010-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363711
|
7.8 |
HIGH
|
cisco
|
pgw_2200_softswitch
|
Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of ser…
|
CWE-399
リソース管理の問題
|
CVE-2010-1565
|
2010-05-21 14:59 |
2010-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363712
|
7.8 |
HIGH
|
cisco
|
pgw_2200_softswitch
|
The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590.
|
CWE-20
不適切な入力確認
|
CVE-2010-1567
|
2010-05-21 14:59 |
2010-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363713
|
9.3 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group members…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-0512
|
2010-05-21 14:57 |
2010-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363714
|
9.3 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Per: http://support.apple.com/kb/HT4077
'This issue only affects systems configured to use a network account server, and does not affect systems prior to Mac OS X v10.6.'
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-0512
|
2010-05-21 14:57 |
2010-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363715
|
7.5 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remot…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-0524
|
2010-05-21 14:57 |
2010-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363716
|
7.8 |
HIGH
|
cisco
|
pgw_2200_softswitch
|
The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl391…
|
CWE-20
不適切な入力確認
|
CVE-2010-0601
|
2010-05-21 14:57 |
2010-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363717
|
7.8 |
HIGH
|
cisco
|
pgw_2200_softswitch
|
The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsk3260…
|
CWE-20
不適切な入力確認
|
CVE-2010-0602
|
2010-05-21 14:57 |
2010-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363718
|
7.8 |
HIGH
|
cisco
|
pgw_2200_softswitch
|
Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via unknown SIP…
|
NVD-CWE-noinfo
|
CVE-2010-0604
|
2010-05-21 14:57 |
2010-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363719
|
7.5 |
HIGH
|
gohigheris
|
com_jwhmcs
|
Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to …
|
CWE-22
パス・トラバーサル
|
CVE-2010-1977
|
2010-05-21 13:00 |
2010-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363720
|
6.8 |
MEDIUM
|
openmairie
|
opencatalogue
|
Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via dire…
|
CWE-22
パス・トラバーサル
|
CVE-2010-1999
|
2010-05-21 13:00 |
2010-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363721
|
2.1 |
LOW
|
ron_jerome
|
bibliography
|
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privil…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2000
|
2010-05-21 13:00 |
2010-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363722
|
2.6 |
LOW
|
ninjitsuweb
|
civiregister
|
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2001
|
2010-05-21 13:00 |
2010-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363723
|
2.1 |
LOW
|
addison_berry jeff_warrington
|
wordfilter
|
Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-2002
|
2010-05-21 13:00 |
2010-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363724
|
4.3 |
MEDIUM
|
toutvirtual
|
virtualiq
|
Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) addNewDept, (2) deptId, or (3…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2009-4842
|
2010-05-21 13:00 |
2010-05-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363725
|
4.3 |
MEDIUM
|
sixapart
|
movable_type
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unkno…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1985
|
2010-05-21 04:47 |
2010-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363726
|
5.0 |
MEDIUM
|
mediawiki
|
mediawiki
|
MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by add…
|
CWE-20
不適切な入力確認
|
CVE-2010-1189
|
2010-05-20 14:49 |
2010-04-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363727
|
7.8 |
HIGH
|
cisco
|
pgw_2200_softswitch
|
The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via a malformed session attribute, aka Bug I…
|
CWE-20
不適切な入力確認
|
CVE-2010-0603
|
2010-05-20 14:48 |
2010-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363728
|
10.0 |
HIGH
|
ffmpeg
|
ffmpeg
|
FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.
|
CWE-119
バッファエラー
|
CVE-2009-4637
|
2010-05-20 14:46 |
2010-02-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363729
|
4.3 |
MEDIUM
|
phpbb
|
phpbb
|
feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-1627
|
2010-05-20 13:00 |
2010-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363730
|
7.5 |
HIGH
|
phpbb
|
phpbb
|
Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement."
|
NVD-CWE-noinfo
|
CVE-2010-1630
|
2010-05-20 13:00 |
2010-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363731
|
5.0 |
MEDIUM
|
joomlart
|
com_javoice
|
Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
CWE-22
パス・トラバーサル
|
CVE-2010-1982
|
2010-05-20 13:00 |
2010-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363732
|
7.8 |
HIGH
|
nec
|
bladesystemcenter expresssystemcenter sigmasystemcenter virtualpccenter websam_deploymentmanager
|
Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and e…
|
NVD-CWE-noinfo
|
CVE-2010-1941
|
2010-05-19 21:08 |
2010-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363733
|
7.8 |
HIGH
|
nec
|
capsuite_patchmeister
|
Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Clie…
|
NVD-CWE-noinfo
|
CVE-2010-1943
|
2010-05-19 21:08 |
2010-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363734
|
6.8 |
MEDIUM
|
openmairie
|
openfoncier
|
Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om para…
|
CWE-94
コード・インジェクション
|
CVE-2010-1945
|
2010-05-19 21:07 |
2010-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363735
|
6.8 |
MEDIUM
|
openmairie
|
openregistrecil
|
Directory traversal vulnerability in scr/soustab.php in openMairie Openregistrecil 1.02, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via dir…
|
CWE-22
パス・トラバーサル
|
CVE-2010-1947
|
2010-05-19 21:07 |
2010-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363736
|
6.8 |
MEDIUM
|
openmairie
|
openfoncier
|
Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directo…
|
CWE-22
パス・トラバーサル
|
CVE-2010-1948
|
2010-05-19 21:07 |
2010-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363737
|
6.8 |
MEDIUM
|
openmairie
|
openregistrecil
|
Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om …
|
CWE-94
コード・インジェクション
|
CVE-2010-1946
|
2010-05-19 21:07 |
2010-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363738
|
7.5 |
HIGH
|
emultisoft
|
com_jnewspaper
|
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. N…
|
CWE-89
SQLインジェクション
|
CVE-2010-1949
|
2010-05-19 21:07 |
2010-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363739
|
6.8 |
MEDIUM
|
emultisoft
|
com_jnewspaper
|
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands v…
|
CWE-89
SQLインジェクション
|
CVE-2010-1950
|
2010-05-19 21:07 |
2010-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363740
|
7.5 |
HIGH
|
joomlacomponent.inetlanka
|
com_multimap
|
Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter…
|
CWE-22
パス・トラバーサル
|
CVE-2010-1953
|
2010-05-19 21:07 |
2010-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363741
|
7.5 |
HIGH
|
joomlacomponent.inetlanka
|
com_multiroot
|
Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller…
|
CWE-22
パス・トラバーサル
|
CVE-2010-1954
|
2010-05-19 21:07 |
2010-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363742
|
5.0 |
MEDIUM
|
cisco
|
ironport_desktop_flag_plugin_for_outlook
|
The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to …
|
CWE-310
暗号の問題
|
CVE-2010-1568
|
2010-05-17 13:00 |
2010-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363743
|
5.8 |
MEDIUM
|
alvaro
|
alvaros_messenger
|
aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Nam…
|
CWE-287
不適切な認証
|
CVE-2010-0744
|
2010-05-14 14:49 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363744
|
4.3 |
MEDIUM
|
adobe
|
coldfusion
|
Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1293
|
2010-05-14 13:00 |
2010-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363745
|
4.3 |
MEDIUM
|
adobe
|
coldfusion
|
Per: http://www.adobe.com/support/security/bulletins/apsb10-11.html
'Affected software versions
ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX'
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1293
|
2010-05-14 13:00 |
2010-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363746
|
2.1 |
LOW
|
adobe
|
coldfusion
|
Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors.
|
NVD-CWE-noinfo CWE-200
情報漏えい
|
CVE-2010-1294
|
2010-05-14 13:00 |
2010-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363747
|
2.1 |
LOW
|
adobe
|
coldfusion
|
Per: http://www.adobe.com/support/security/bulletins/apsb10-11.html
'Affected software versions
ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX'
|
NVD-CWE-noinfo CWE-200
情報漏えい
|
CVE-2010-1294
|
2010-05-14 13:00 |
2010-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363748
|
4.3 |
MEDIUM
|
adobe
|
coldfusion
|
Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2009-3467
|
2010-05-14 13:00 |
2010-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363749
|
4.3 |
MEDIUM
|
adobe
|
coldfusion
|
Per: http://www.adobe.com/support/security/bulletins/apsb10-11.html
'Affected software versions
ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX'
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2009-3467
|
2010-05-14 13:00 |
2010-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363750
|
4.3 |
MEDIUM
|
cmsmadesimple
|
cms_made_simple
|
Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1482
|
2010-05-13 13:00 |
2010-05-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|