|
345401
|
- |
|
advertisementmanager
|
advertisementmanager
|
PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be le…
|
CWE-94
Code Injection
|
CVE-2010-1106
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345402
|
- |
|
fourkitchens
|
recent_comments
|
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML …
|
CWE-79
Cross-site Scripting
|
CVE-2010-1107
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345403
|
- |
|
hashmarkconsulting
|
controlpanel
|
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to …
|
CWE-79
Cross-site Scripting
|
CVE-2010-1108
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345404
|
- |
|
djayp
|
phpmysport
|
Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) v2 parameter in a member…
|
CWE-89
SQL Injection
|
CVE-2010-1109
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345405
|
- |
|
djayp
|
phpmysport
|
Directory traversal vulnerability in index.php in phpMySport 1.4 allows remote attackers to list arbitrary directories via a .. (dot dot) in the current_folder parameter.
|
CWE-22
Path Traversal
|
CVE-2010-1110
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345406
|
- |
|
easysitenetwork
|
jokes_complete_website
|
Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingr…
|
CWE-79
Cross-site Scripting
|
CVE-2010-1111
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345407
|
- |
|
comscripts
|
web_server_creator_web_portal
|
Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2010-1113
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345408
|
- |
|
comscripts
|
web_server_creator_web_portal
|
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (…
|
CWE-94
Code Injection
|
CVE-2010-1114
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345409
|
- |
|
comscripts
|
web_server_creator_web_portal
|
Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
|
CWE-22
Path Traversal
|
CVE-2010-1115
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345410
|
- |
|
aspindir
|
lookmer_muzik_portal
|
LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarki…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-1116
|
2017-08-17 10:32 |
2010-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
