|
300271
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow…
|
CWE-787
Out-of-bounds Write
|
CVE-2010-4656
|
2024-11-21 10:21 |
2011-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300272
|
5.5 |
MEDIUM
Local
|
linux
vmware
canonical
|
linux_kernel
esx
ubuntu_linux
|
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by lever…
|
CWE-665
Improper Initialization
|
CVE-2010-4655
|
2024-11-21 10:21 |
2011-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300273
|
- |
|
squirrelmail
|
squirrelmail
|
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection list…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4555
|
2024-11-21 10:21 |
2011-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300274
|
- |
|
squirrelmail
|
squirrelmail
|
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct click…
|
CWE-20
Improper Input Validation
|
CVE-2010-4554
|
2024-11-21 10:21 |
2011-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300275
|
- |
|
bestsoftinc
|
advance_hotel_booking_system
|
SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
CWE-89
SQL Injection
|
CVE-2010-4814
|
2024-11-21 10:21 |
2011-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300276
|
- |
|
category_tokens_project
|
category_tokens
|
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web scr…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4813
|
2024-11-21 10:21 |
2011-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300277
|
- |
|
6kbbs
|
6kbbs
|
Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] paramete…
|
CWE-89
SQL Injection
|
CVE-2010-4812
|
2024-11-21 10:21 |
2011-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300278
|
- |
|
6kbbs
|
6kbbs
|
Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the (1) user[msn], (2) user[email],…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4811
|
2024-11-21 10:21 |
2011-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300279
|
- |
|
awcm-cms
|
ar_web_content_manager
|
Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) include…
|
CWE-94
Code Injection
|
CVE-2010-4810
|
2024-11-21 10:21 |
2011-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300280
|
- |
|
liberologico
|
dbsite
|
SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
CWE-89
SQL Injection
|
CVE-2010-4809
|
2024-11-21 10:21 |
2011-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
