|
300051
|
- |
|
cmsmadesimple
|
cms_made_simple
|
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative …
|
CWE-352
Origin Validation Error
|
CVE-2010-3884
|
2024-11-21 10:19 |
2010-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300052
|
- |
|
cmsmadesimple
|
cms_made_simple
|
Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for…
|
CWE-352
Origin Validation Error
|
CVE-2010-3883
|
2024-11-21 10:19 |
2010-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300053
|
- |
|
cmsmadesimple
|
cms_made_simple
|
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global C…
|
CWE-79
Cross-site Scripting
|
CVE-2010-3882
|
2024-11-21 10:19 |
2010-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300054
|
- |
|
rene_tegel
|
visual_synapse
|
Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
|
CWE-22
Path Traversal
|
CVE-2010-3743
|
2024-11-21 10:19 |
2010-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300055
|
- |
|
freeradius
|
freeradius
|
The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requ…
|
CWE-399
Resource Management Errors
|
CVE-2010-3697
|
2024-11-21 10:19 |
2010-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300056
|
- |
|
freeradius
|
freeradius
|
The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause …
|
CWE-399
Resource Management Errors
|
CVE-2010-3696
|
2024-11-21 10:19 |
2010-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300057
|
- |
|
apereo
|
phpcas
|
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directo…
|
CWE-22
Path Traversal
|
CVE-2010-3692
|
2024-11-21 10:19 |
2010-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300058
|
- |
|
apereo
|
phpcas
|
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
|
CWE-59
Link Following
|
CVE-2010-3691
|
2024-11-21 10:19 |
2010-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300059
|
- |
|
apereo
|
phpcas
|
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting …
|
CWE-79
Cross-site Scripting
|
CVE-2010-3690
|
2024-11-21 10:19 |
2010-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300060
|
- |
|
alvaro_herrera
|
pl\/php
|
The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-3781
|
2024-11-21 10:19 |
2010-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
