|
299691
|
- |
|
awstats
|
awstats
|
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server…
|
CWE-94
Code Injection
|
CVE-2010-4367
|
2024-11-21 10:20 |
2010-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299692
|
- |
|
phpmyadmin
|
phpmyadmin
|
Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 a…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4329
|
2024-11-21 10:20 |
2010-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299693
|
- |
|
mit
|
kerberos_5
|
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to imp…
|
CWE-264
CWE-16
Permissions, Privileges, and Access Controls
Configuration
|
CVE-2010-4021
|
2024-11-21 10:20 |
2010-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299694
|
6.3 |
MEDIUM
Network
|
mit
|
kerberos_5
|
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, a…
|
CWE-310
Cryptographic Issues
|
CVE-2010-4020
|
2024-11-21 10:20 |
2010-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299695
|
- |
|
abk-soft
|
chameleon_social_networking
|
Multiple cross-site scripting (XSS) vulnerabilities in forum_new_topic.php in Chameleon Social Networking allow remote attackers to inject arbitrary web script or HTML via the (1) thread_title and (2…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4366
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299696
|
- |
|
harmistechnology
|
com_jeajaxeventcalendar
|
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleve…
|
CWE-89
SQL Injection
|
CVE-2010-4365
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299697
|
- |
|
dadabik
|
dadabik
|
DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does not include the htmLawed library, which allows remote attackers to bypass the protection mechanism for CVE-2010-4355 and conduct …
|
CWE-79
Cross-site Scripting
|
CVE-2010-4364
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299698
|
- |
|
mrcgiguy
|
freeticket
|
Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id an…
|
CWE-89
SQL Injection
|
CVE-2010-4363
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299699
|
- |
|
micronetsoft
|
rv_dealer_website
|
Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy para…
|
CWE-89
SQL Injection
|
CVE-2010-4362
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299700
|
- |
|
jurpo
|
jurpopage
|
Cross-site scripting (XSS) vulnerability in url-gateway.php in Jurpopage 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this info…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4361
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
