|
300821
|
- |
|
mit
|
kerberos_5
|
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to imp…
|
CWE-264
CWE-16
Permissions, Privileges, and Access Controls
Configuration
|
CVE-2010-4021
|
2024-11-21 10:20 |
2010-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300822
|
6.3 |
MEDIUM
Network
|
mit
|
kerberos_5
|
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, a…
|
CWE-310
Cryptographic Issues
|
CVE-2010-4020
|
2024-11-21 10:20 |
2010-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300823
|
- |
|
abk-soft
|
chameleon_social_networking
|
Multiple cross-site scripting (XSS) vulnerabilities in forum_new_topic.php in Chameleon Social Networking allow remote attackers to inject arbitrary web script or HTML via the (1) thread_title and (2…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4366
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300824
|
- |
|
harmistechnology
|
com_jeajaxeventcalendar
|
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleve…
|
CWE-89
SQL Injection
|
CVE-2010-4365
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300825
|
- |
|
dadabik
|
dadabik
|
DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does not include the htmLawed library, which allows remote attackers to bypass the protection mechanism for CVE-2010-4355 and conduct …
|
CWE-79
Cross-site Scripting
|
CVE-2010-4364
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300826
|
- |
|
mrcgiguy
|
freeticket
|
Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id an…
|
CWE-89
SQL Injection
|
CVE-2010-4363
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300827
|
- |
|
micronetsoft
|
rv_dealer_website
|
Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy para…
|
CWE-89
SQL Injection
|
CVE-2010-4362
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300828
|
- |
|
jurpo
|
jurpopage
|
Cross-site scripting (XSS) vulnerability in url-gateway.php in Jurpopage 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this info…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4361
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300829
|
- |
|
jurpo
|
jurpopage
|
Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010…
|
CWE-89
SQL Injection
|
CVE-2010-4360
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300830
|
- |
|
jurpo
|
jurpopage
|
SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
CWE-89
SQL Injection
|
CVE-2010-4359
|
2024-11-21 10:20 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
