|
347591
|
- |
|
2enetworx
|
statcountex
|
StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-0674
|
2017-08-17 10:32 |
2010-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347592
|
- |
|
orbitals
|
orbital_viewer
|
Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assisted remote attackers to execute arbitrary code via a crafted (1) .orb or (2) .ov file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-0688
|
2017-08-17 10:32 |
2010-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347593
|
- |
|
commodityrentals
|
video_games_rentals
|
SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action.
|
CWE-89
SQL Injection
|
CVE-2010-0690
|
2017-08-17 10:32 |
2010-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347594
|
- |
|
commodityrentals
|
trade_manager_script
|
SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
CWE-89
SQL Injection
|
CVE-2010-0693
|
2017-08-17 10:32 |
2010-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347595
|
- |
|
percha
|
com_perchagallery
|
SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad …
|
CWE-89
SQL Injection
|
CVE-2010-0694
|
2017-08-17 10:32 |
2010-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347596
|
- |
|
ilya_ivanchenko
|
itweak_upload
|
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload fil…
|
CWE-79
Cross-site Scripting
|
CVE-2010-0697
|
2017-08-17 10:32 |
2010-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347597
|
- |
|
dynamicsoft
|
wsc_cms
|
SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are o…
|
CWE-89
SQL Injection
|
CVE-2010-0698
|
2017-08-17 10:32 |
2010-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347598
|
- |
|
wampserver
|
wampserver
|
Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2010-0700
|
2017-08-17 10:32 |
2010-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347599
|
- |
|
newgensoft
|
omnidocs
|
SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2010-0701
|
2017-08-17 10:32 |
2010-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347600
|
- |
|
subexworld
|
nikira_fraud_management_system
|
Cross-site scripting (XSS) vulnerability in the login/prompt component in Subex Nikira Fraud Management System allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2010-0706
|
2017-08-17 10:32 |
2010-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
