|
310641
|
- |
|
apache
|
archiva
|
Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which mak…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4408
|
2024-11-21 10:20 |
2010-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310642
|
- |
|
mono
novell
|
mono
moonlight
|
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possi…
|
CWE-20
Improper Input Validation
|
CVE-2010-4254
|
2024-11-21 10:20 |
2010-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310643
|
- |
|
alberto_pittoni
|
alguest
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (mess…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4407
|
2024-11-21 10:20 |
2010-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310644
|
- |
|
brunetton
|
littlephpgallery
|
Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files vi…
|
CWE-22
Path Traversal
|
CVE-2010-4406
|
2024-11-21 10:20 |
2010-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310645
|
- |
|
anything-digital
|
sh404sef
|
Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2010-4405
|
2024-11-21 10:20 |
2010-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310646
|
- |
|
anything-digital
|
sh404sef
|
SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2010-4404
|
2024-11-21 10:20 |
2010-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310647
|
- |
|
devbits
|
register-plus
|
The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals t…
|
CWE-200
Information Exposure
|
CVE-2010-4403
|
2024-11-21 10:20 |
2010-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310648
|
- |
|
devbits
|
register-plus
|
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4402
|
2024-11-21 10:20 |
2010-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310649
|
- |
|
dynpg
|
dynpg
|
languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
|
CWE-200
Information Exposure
|
CVE-2010-4401
|
2024-11-21 10:20 |
2010-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310650
|
- |
|
dynpg
|
dynpg
|
SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.
|
CWE-89
SQL Injection
|
CVE-2010-4400
|
2024-11-21 10:20 |
2010-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
