|
303141
|
9.8 |
CRITICAL
Network
|
google
|
chrome
|
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2010-3729
|
2024-11-21 10:19 |
2010-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303142
|
- |
|
netartmedia
|
websiteadmin
|
Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the ln…
|
CWE-22
Path Traversal
|
CVE-2010-3688
|
2024-11-21 10:19 |
2010-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303143
|
- |
|
alex_kellner
|
powermail
|
Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validate…
|
NVD-CWE-noinfo
|
CVE-2010-3687
|
2024-11-21 10:19 |
2010-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303144
|
- |
|
drupal
peter_wolanin
|
drupal
openid
|
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attacker…
|
CWE-287
Improper Authentication
|
CVE-2010-3686
|
2024-11-21 10:19 |
2010-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303145
|
- |
|
drupal
peter_wolanin
|
drupal
openid
|
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which all…
|
CWE-287
Improper Authentication
|
CVE-2010-3685
|
2024-11-21 10:19 |
2010-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303146
|
- |
|
synology
|
dsm
|
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive informati…
|
CWE-255
Credentials Management
|
CVE-2010-3684
|
2024-11-21 10:19 |
2010-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303147
|
- |
|
wire_plastic_design
|
wpquiz
|
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.
|
CWE-89
SQL Injection
|
CVE-2010-3608
|
2024-11-21 10:19 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303148
|
- |
|
netartmedia
|
real_estate_portal
|
Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2010-3607
|
2024-11-21 10:19 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303149
|
- |
|
netartmedia
|
real_estate_portal
|
Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory travers…
|
CWE-22
Path Traversal
|
CVE-2010-3606
|
2024-11-21 10:19 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303150
|
- |
|
alex_kellner
|
powermail
|
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2010-3605
|
2024-11-21 10:19 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
