|
354421
|
- |
|
gnu
|
nano
|
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a …
|
CWE-59
Link Following
|
CVE-2010-1160
|
2010-06-7 13:00 |
2010-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354422
|
- |
|
gnu
|
nano
|
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related…
|
CWE-362
Race Condition
|
CVE-2010-1161
|
2010-06-7 13:00 |
2010-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354423
|
- |
|
emweb
|
wt
|
Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors.
|
CWE-20
Improper Input Validation
|
CVE-2010-1273
|
2010-06-7 13:00 |
2010-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354424
|
- |
|
jasper
|
httpdx
|
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET re…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2009-4769
|
2010-06-7 13:00 |
2010-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354425
|
- |
|
jasper
|
httpdx
|
The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged acce…
|
CWE-255
Credentials Management
|
CVE-2009-4770
|
2010-06-7 13:00 |
2010-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354426
|
- |
|
hitachi
|
ucosminexus\/opentp1_web_web_front-endset
ucosminexus_application_server
ucosminexus_client
ucosminexus_collaboration
ucosminexus_developer
ucosminexus_operator
ucosminexus_service_…
|
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C+…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4776
|
2010-06-7 13:00 |
2010-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354427
|
- |
|
kolab
|
kolab_server
|
Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form."
|
NVD-CWE-noinfo
|
CVE-2009-4824
|
2010-06-5 14:31 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354428
|
- |
|
zeeways
|
ebay_clone_auction_script
|
Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of th…
|
CWE-79
Cross-site Scripting
|
CVE-2010-2144
|
2010-06-4 13:00 |
2010-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354429
|
- |
|
graviton-mediatech
|
visitor_logger
|
PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter.
|
CWE-94
Code Injection
|
CVE-2010-2146
|
2010-06-4 13:00 |
2010-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354430
|
- |
|
fujitsu
|
e-pares
|
Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2010-2150
|
2010-06-4 13:00 |
2010-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
