Blog

CVE-2009-4927

WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1. (CVSS:7.5) (Last Update:2017-09-18)


July 12, 2010 0

CVE-2009-4933

Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third …


July 12, 2010 0

CVE-2009-4931

Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file. (CVSS:6.8) (Last Update:2017-09-18)


July 12, 2010 0

CVE-2010-2685

siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request. (CVSS:7.5) (Last Update:2016-10-06)


July 12, 2010 0

CVE-2010-1622

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar …


June 21, 2010 0

CVE-2010-2351

Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName. (CVSS:10.0) (Last Update:2018-10-30)


June 21, 2010 0

CVE-2010-2343

Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file. (CVSS:9.3) (Last Update:2016-12-07)


June 21, 2010 0

CVE-2010-2330

Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Length header. (CVSS:9.3) (Last Update:2013-07-25)


June 18, 2010 0

CVE-2010-2315

PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter. (CVSS:7.5) (Last Update:2013-09-03)


June 17, 2010 0

CVE-2010-2103

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products…


May 27, 2010 0