|
301541
|
- |
|
wordpress
|
wordpress
|
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5297
|
2024-11-21 10:22 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301542
|
- |
|
wordpress
|
wordpress
|
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticate…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5296
|
2024-11-21 10:22 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301543
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is no…
|
CWE-79
Cross-site Scripting
|
CVE-2010-5295
|
2024-11-21 10:22 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301544
|
- |
|
wordpress
|
wordpress
|
Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2010-5294
|
2024-11-21 10:22 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301545
|
- |
|
wordpress
|
wordpress
|
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafte…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5293
|
2024-11-21 10:22 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301546
|
- |
|
amberdms
|
amberdms_billing_system
|
Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the inclu…
|
CWE-200
Information Exposure
|
CVE-2010-5292
|
2024-11-21 10:22 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301547
|
- |
|
amberdms
|
amberdms_billing_system
|
Amberdms Billing System (ABS) before 1.4.1 does not properly implement blacklisting after detection of invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5291
|
2024-11-21 10:22 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301548
|
- |
|
adobe
|
coldfusion
|
The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to o…
|
CWE-255
Credentials Management
|
CVE-2010-5290
|
2024-11-21 10:22 |
2013-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301549
|
- |
|
incredimail
|
incredimail
|
Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-5289
|
2024-11-21 10:22 |
2013-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301550
|
- |
|
indra
|
editran_communications_platform
|
Buffer overflow in the lsConnectionCached function in editcp in EDItran Communications Platform 4.1 R7 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrar…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-5288
|
2024-11-21 10:22 |
2013-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
