|
310821
|
- |
|
drupal
peter_wolanin
|
drupal
openid
|
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attacker…
|
CWE-287
Improper Authentication
|
CVE-2010-3686
|
2024-11-21 10:19 |
2010-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310822
|
- |
|
drupal
peter_wolanin
|
drupal
openid
|
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which all…
|
CWE-287
Improper Authentication
|
CVE-2010-3685
|
2024-11-21 10:19 |
2010-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310823
|
- |
|
synology
|
dsm
|
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive informati…
|
CWE-255
Credentials Management
|
CVE-2010-3684
|
2024-11-21 10:19 |
2010-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310824
|
- |
|
wire_plastic_design
|
wpquiz
|
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.
|
CWE-89
SQL Injection
|
CVE-2010-3608
|
2024-11-21 10:19 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310825
|
- |
|
netartmedia
|
real_estate_portal
|
Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2010-3607
|
2024-11-21 10:19 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310826
|
- |
|
netartmedia
|
real_estate_portal
|
Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory travers…
|
CWE-22
Path Traversal
|
CVE-2010-3606
|
2024-11-21 10:19 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310827
|
- |
|
alex_kellner
|
powermail
|
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2010-3605
|
2024-11-21 10:19 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310828
|
- |
|
alex_kellner
|
powermail
|
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2010-3604
|
2024-11-21 10:19 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310829
|
- |
|
sourcetreesolutions
|
mojoportal
|
Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of admin…
|
CWE-352
Origin Validation Error
|
CVE-2010-3603
|
2024-11-21 10:19 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310830
|
- |
|
sourcetreesolutions
|
mojoportal
|
Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of…
|
CWE-79
Cross-site Scripting
|
CVE-2010-3602
|
2024-11-21 10:19 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
