|
305441
|
- |
|
pilotcart
|
pilot_cart
|
Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, …
|
CWE-89
SQL Injection
|
CVE-2010-4632
|
2024-11-21 10:21 |
2010-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305442
|
- |
|
pilotcart
|
pilot_cart
|
Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME …
|
CWE-79
Cross-site Scripting
|
CVE-2010-4631
|
2024-11-21 10:21 |
2010-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305443
|
- |
|
fubra
|
wp-survey-and-quiz-tool
|
Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4630
|
2024-11-21 10:21 |
2010-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305444
|
- |
|
mybb
|
mybb
|
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using gues…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-4629
|
2024-11-21 10:21 |
2010-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305445
|
- |
|
mybb
|
mybb
|
member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by…
|
NVD-CWE-Other
|
CVE-2010-4628
|
2024-11-21 10:21 |
2010-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305446
|
- |
|
mybb
|
mybb
|
Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vect…
|
CWE-352
Origin Validation Error
|
CVE-2010-4627
|
2024-11-21 10:21 |
2010-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305447
|
- |
|
mybb
|
mybb
|
The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arb…
|
CWE-310
Cryptographic Issues
|
CVE-2010-4626
|
2024-11-21 10:21 |
2010-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305448
|
- |
|
mybb
|
mybb
|
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by r…
|
CWE-200
Information Exposure
|
CVE-2010-4625
|
2024-11-21 10:21 |
2010-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305449
|
- |
|
mybb
|
mybb
|
MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-4624
|
2024-11-21 10:21 |
2010-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305450
|
- |
|
mybb
|
mybb
|
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to …
|
CWE-79
Cross-site Scripting
|
CVE-2010-4522
|
2024-11-21 10:21 |
2010-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
