|
305871
|
- |
|
onlinetechtools.com
|
oasys_professional
|
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password para…
|
CWE-89
SQL Injection
|
CVE-2010-4186
|
2024-11-21 10:20 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305872
|
- |
|
energine
|
energine
|
SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie.
|
CWE-89
SQL Injection
|
CVE-2010-4185
|
2024-11-21 10:20 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305873
|
- |
|
netsupportsoftware
|
netsupport_manager
|
NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information…
|
CWE-310
Cryptographic Issues
|
CVE-2010-4184
|
2024-11-21 10:20 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305874
|
- |
|
htmlpurifier
|
htmlpurifier
|
Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) back…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4183
|
2024-11-21 10:20 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305875
|
- |
|
gnucash
|
gnucash
|
gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current wor…
|
NVD-CWE-Other
|
CVE-2010-3999
|
2024-11-21 10:20 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305876
|
- |
|
cstr
|
festival
|
festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gai…
|
NVD-CWE-Other
|
CVE-2010-3996
|
2024-11-21 10:20 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305877
|
- |
|
microsoft
|
windows_xp
windows_7
windows_vista
windows_server_2003
|
Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Busine…
|
NVD-CWE-Other
|
CVE-2010-4182
|
2024-11-21 10:20 |
2010-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305878
|
- |
|
yaws
|
yaws
|
Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.
|
CWE-22
Path Traversal
|
CVE-2010-4181
|
2024-11-21 10:20 |
2010-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305879
|
- |
|
exv2
|
exv2
|
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and t…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4155
|
2024-11-21 10:20 |
2010-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305880
|
- |
|
rhinosoft
|
ftp_voyager
|
Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
|
CWE-22
Path Traversal
|
CVE-2010-4154
|
2024-11-21 10:20 |
2010-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
