|
345601
|
- |
|
gpeasy
|
gpeasy_cms
|
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrat…
|
CWE-352
Origin Validation Error
|
CVE-2010-2039
|
2017-08-17 10:32 |
2010-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345602
|
- |
|
v-eva
|
shopzilla_affiliate_script_php
|
Cross-site scripting (XSS) vulnerability in search.php in V-EVA Shopzilla Affiliate Script PHP allows remote attackers to inject arbitrary web script or HTML via the s parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2010-2040
|
2017-08-17 10:32 |
2010-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345603
|
- |
|
magnoware
|
datatrack_system
|
Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack System 3.5 and 3.5.8019.4 allows remote attackers to inject arbitrary web script or HTML via the Work_Order_Summary parameter (aka t…
|
CWE-79
Cross-site Scripting
|
CVE-2010-2043
|
2017-08-17 10:32 |
2010-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345604
|
- |
|
adhie_utomo
|
com_konsultasi
|
SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.…
|
CWE-89
SQL Injection
|
CVE-2010-2044
|
2017-08-17 10:32 |
2010-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345605
|
- |
|
dionesoft
|
com_dioneformwizard
|
Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequ…
|
CWE-22
Path Traversal
|
CVE-2010-2045
|
2017-08-17 10:32 |
2010-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345606
|
- |
|
joenasejes
|
je_cms
|
SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these …
|
CWE-89
SQL Injection
|
CVE-2010-2047
|
2017-08-17 10:32 |
2010-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345607
|
- |
|
menhir
|
heartbeat
|
Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vecto…
|
CWE-79
Cross-site Scripting
|
CVE-2010-2048
|
2017-08-17 10:32 |
2010-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345608
|
- |
|
m0r0n
|
com_mscomment
|
Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller p…
|
CWE-22
Path Traversal
|
CVE-2010-2050
|
2017-08-17 10:32 |
2010-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345609
|
- |
|
emesene
|
emesene
|
emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file.
|
CWE-59
Link Following
|
CVE-2010-2053
|
2017-08-17 10:32 |
2010-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345610
|
- |
|
prelude-technologies
|
prewikka
|
setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-2058
|
2017-08-17 10:32 |
2010-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
