|
299821
|
- |
|
joomla-cbe
|
com_cbe
|
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files…
|
CWE-22
Path Traversal
|
CVE-2010-5280
|
2024-11-21 10:22 |
2012-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299822
|
- |
|
vwar
|
virtual_war
|
article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter.
|
CWE-189
Numeric Errors
|
CVE-2010-5279
|
2024-11-21 10:22 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299823
|
- |
|
vwar
|
virtual_war
|
Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access f…
|
CWE-255
Credentials Management
|
CVE-2010-5067
|
2024-11-21 10:22 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299824
|
- |
|
vwar
|
virtual_war
|
The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which mak…
|
CWE-310
Cryptographic Issues
|
CVE-2010-5066
|
2024-11-21 10:22 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299825
|
- |
|
vwar
|
virtual_war
|
popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5065
|
2024-11-21 10:22 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299826
|
- |
|
vwar
|
virtual_war
|
Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challe…
|
CWE-79
Cross-site Scripting
|
CVE-2010-5064
|
2024-11-21 10:22 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299827
|
- |
|
vwar
|
virtual_war
|
SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter.
|
CWE-89
SQL Injection
|
CVE-2010-5063
|
2024-11-21 10:22 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299828
|
- |
|
modx
|
modx_revolution
|
Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read…
|
CWE-22
Path Traversal
|
CVE-2010-5278
|
2024-11-21 10:22 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299829
|
- |
|
karim_ratib
|
views_bulk_operations
|
Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions an…
|
NVD-CWE-noinfo
|
CVE-2010-5277
|
2024-11-21 10:22 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299830
|
- |
|
memcache_project
|
memcache
|
The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until th…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5276
|
2024-11-21 10:22 |
2012-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
