|
301021
|
- |
|
snitz_communications
|
snitz_forums_2000
|
Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the M_NAME parameter. NOTE: some of these detai…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4827
|
2024-11-21 10:21 |
2011-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301022
|
- |
|
snitz_communications
|
snitz_forums_2000
|
SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the M_NAME parameter. NOTE: some of these details are obtained fr…
|
CWE-89
SQL Injection
|
CVE-2010-4826
|
2024-11-21 10:21 |
2011-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301023
|
- |
|
pleer
|
wp-twitter-feed
|
Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ur…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4825
|
2024-11-21 10:21 |
2011-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301024
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow…
|
CWE-787
Out-of-bounds Write
|
CVE-2010-4656
|
2024-11-21 10:21 |
2011-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301025
|
5.5 |
MEDIUM
Local
|
linux
vmware
canonical
|
linux_kernel
esx
ubuntu_linux
|
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by lever…
|
CWE-665
Improper Initialization
|
CVE-2010-4655
|
2024-11-21 10:21 |
2011-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301026
|
- |
|
squirrelmail
|
squirrelmail
|
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection list…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4555
|
2024-11-21 10:21 |
2011-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301027
|
- |
|
squirrelmail
|
squirrelmail
|
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct click…
|
CWE-20
Improper Input Validation
|
CVE-2010-4554
|
2024-11-21 10:21 |
2011-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301028
|
- |
|
bestsoftinc
|
advance_hotel_booking_system
|
SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
CWE-89
SQL Injection
|
CVE-2010-4814
|
2024-11-21 10:21 |
2011-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301029
|
- |
|
category_tokens_project
|
category_tokens
|
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web scr…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4813
|
2024-11-21 10:21 |
2011-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301030
|
- |
|
6kbbs
|
6kbbs
|
Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] paramete…
|
CWE-89
SQL Injection
|
CVE-2010-4812
|
2024-11-21 10:21 |
2011-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
