|
352631
|
- |
|
symantec
|
im_manager
|
Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2009-3036
|
2013-02-7 13:21 |
2010-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352632
|
- |
|
oracle
|
mojarra
|
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers t…
|
CWE-79
Cross-site Scripting
|
CVE-2010-2087
|
2013-01-28 14:00 |
2010-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352633
|
- |
|
mybb
|
mybb
|
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php,…
|
NVD-CWE-noinfo
|
CVE-2006-0218
|
2013-01-3 14:00 |
2006-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352634
|
- |
|
invisionpower
|
invision_power_board
|
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to …
|
CWE-287
Improper Authentication
|
CVE-2006-0633
|
2013-01-3 14:00 |
2006-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352635
|
- |
|
zen-cart
|
zen_cart
|
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2006-0697
|
2013-01-3 14:00 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352636
|
- |
|
e107
|
e107
|
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
|
NVD-CWE-Other
|
CVE-2010-2098
|
2012-12-13 13:00 |
2010-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352637
|
- |
|
e107
|
e107
|
Per: http://cwe.mitre.org/data/definitions/184.html
'CWE-184: Incomplete Blacklist'
|
NVD-CWE-Other
|
CVE-2010-2098
|
2012-12-13 13:00 |
2010-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352638
|
- |
|
kerio
|
personal_firewall
serverfirewall
|
The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Env…
|
NVD-CWE-Other
|
CVE-2005-3286
|
2012-12-13 11:43 |
2005-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352639
|
- |
|
freebsd
|
freebsd
|
sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allo…
|
CWE-20
Improper Input Validation
|
CVE-2010-2020
|
2012-11-6 13:41 |
2010-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352640
|
- |
|
tiki
|
tikiwiki_cms\/groupware
|
TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulne…
|
CWE-20
Improper Input Validation
|
CVE-2005-0200
|
2012-10-24 13:00 |
2005-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
