|
305801
|
- |
|
libtiff
|
libtiff
|
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via …
|
NVD-CWE-Other
|
CVE-2010-2482
|
2024-11-21 10:16 |
2010-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305802
|
- |
|
libtiff
|
libtiff
|
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-2481
|
2024-11-21 10:16 |
2010-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305803
|
- |
|
search.cpan
gisle_aas
|
libwww-perl
|
lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to…
|
CWE-20
Improper Input Validation
|
CVE-2010-2253
|
2024-11-21 10:16 |
2010-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305804
|
- |
|
gnu
|
wget
|
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary…
|
CWE-20
Improper Input Validation
|
CVE-2010-2252
|
2024-11-21 10:16 |
2010-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305805
|
- |
|
alexander_v._lukyanov
|
lftp
|
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers…
|
CWE-20
Improper Input Validation
|
CVE-2010-2251
|
2024-11-21 10:16 |
2010-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305806
|
- |
|
microsoft
|
windows_server_2008
windows_vista
|
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system …
|
CWE-399
Resource Management Errors
|
CVE-2010-2549
|
2024-11-21 10:16 |
2010-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305807
|
- |
|
makotemplates
|
mako
|
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vec…
|
CWE-79
Cross-site Scripting
|
CVE-2010-2480
|
2024-11-21 10:16 |
2010-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305808
|
- |
|
i-netsolution
|
job_search_engine_script
|
SQL injection vulnerability in show_search_result.php in i-netsolution Job Search Engine allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
|
CWE-89
SQL Injection
|
CVE-2010-2611
|
2024-11-21 10:16 |
2010-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305809
|
- |
|
2daybiz
|
job_site_script
|
Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to …
|
CWE-89
SQL Injection
|
CVE-2010-2610
|
2024-11-21 10:16 |
2010-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305810
|
- |
|
2daybiz
|
job_search_engine_script
|
SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
|
CWE-89
SQL Injection
|
CVE-2010-2609
|
2024-11-21 10:16 |
2010-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
