|
305611
|
- |
|
htmlpurifier
mahara
|
htmlpurifier
mahara
|
Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2010-2479
|
2024-11-21 10:16 |
2010-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305612
|
- |
|
libtiff
|
libtiff
|
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPe…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-2483
|
2024-11-21 10:16 |
2010-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305613
|
- |
|
libtiff
|
libtiff
|
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via …
|
NVD-CWE-Other
|
CVE-2010-2482
|
2024-11-21 10:16 |
2010-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305614
|
- |
|
libtiff
|
libtiff
|
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-2481
|
2024-11-21 10:16 |
2010-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305615
|
- |
|
search.cpan
gisle_aas
|
libwww-perl
|
lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to…
|
CWE-20
Improper Input Validation
|
CVE-2010-2253
|
2024-11-21 10:16 |
2010-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305616
|
- |
|
gnu
|
wget
|
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary…
|
CWE-20
Improper Input Validation
|
CVE-2010-2252
|
2024-11-21 10:16 |
2010-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305617
|
- |
|
alexander_v._lukyanov
|
lftp
|
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers…
|
CWE-20
Improper Input Validation
|
CVE-2010-2251
|
2024-11-21 10:16 |
2010-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305618
|
- |
|
microsoft
|
windows_server_2008
windows_vista
|
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system …
|
CWE-399
Resource Management Errors
|
CVE-2010-2549
|
2024-11-21 10:16 |
2010-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305619
|
- |
|
makotemplates
|
mako
|
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vec…
|
CWE-79
Cross-site Scripting
|
CVE-2010-2480
|
2024-11-21 10:16 |
2010-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305620
|
- |
|
i-netsolution
|
job_search_engine_script
|
SQL injection vulnerability in show_search_result.php in i-netsolution Job Search Engine allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
|
CWE-89
SQL Injection
|
CVE-2010-2611
|
2024-11-21 10:16 |
2010-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
