Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1476 | 2 Alphaplug, Joomla | 2 Com Alphauserpoints, Joomla\! | 2010-06-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. | |||||
| CVE-2010-1471 | 2 B-elektro, Joomla | 2 Com Addressbook, Joomla\! | 2010-06-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1470 | 2 Dev.pucit.edu.pk, Joomla | 2 Com Webtv, Joomla | 2010-06-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1472 | 2 Joomla, Kazulah | 2 Joomla\!, Com Horoscope | 2010-06-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1468 | 2 Focusdev, Joomla | 2 Com Mv Restaurantmenumanager, Joomla\! | 2010-06-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php. | |||||
| CVE-2010-1469 | 2 Joomla, Ternaria | 2 Joomla\!, Com Jprojectmanager | 2010-06-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1473 | 2 Johnmccollum, Joomla | 2 Com Advertising, Joomla\! | 2010-06-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2009-4787 | 1 Pligg | 1 Pligg Cms | 2010-06-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact. | |||||
| CVE-2010-1041 | 1 Ibm | 1 Db2 Content Manager | 2010-06-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors. | |||||
| CVE-2010-2259 | 2 Joomla, Tamlyncreative | 4 Joomla\!, Com Bfsurvey Basic, Com Bfsurvey Pro and 1 more | 2010-06-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-2254 | 2 Joomla, Shape5 | 2 Joomla\!, Bridge Of Hope Template | 2010-06-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php. | |||||
| CVE-2010-2255 | 2 Joomla, Tamlyncreative | 4 Joomla\!, Com Bfsurvey Basic, Com Bfsurvey Pro and 1 more | 2010-06-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2256 | 1 Payperviewvideosoftware | 1 Pay Per Minute Video Chat Script | 2010-06-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/memberviewdetails.php and the (2) model parameter to videos.php. | |||||
| CVE-2010-2257 | 1 Payperviewvideosoftware | 1 Pay Per Minute Video Chat Script | 2010-06-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index_ie.php in Pay Per Minute Video Chat Script 2.0 and 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2010-2198 | 1 Rpm | 1 Rpm | 2010-06-09 | 7.2 HIGH | N/A |
| lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059. | |||||
| CVE-2010-2158 | 2 Drupal, Speedtech | 2 Drupal, Storm | 2010-06-08 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1480 | 2 Joomla, Rockettheme | 2 Joomla\!, Com Rokmodule | 2010-06-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1131 | 2 Apple, Microsoft | 2 Safari, Windows Xp | 2010-06-08 | 4.3 MEDIUM | N/A |
| JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring. | |||||
| CVE-2003-1596 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-06-08 | 7.5 HIGH | N/A |
| NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session. | |||||
| CVE-2003-1591 | 1 Novell | 1 Netware | 2010-06-08 | 4.3 MEDIUM | N/A |
| NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload. | |||||
| CVE-2002-2434 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-06-08 | 5.0 MEDIUM | N/A |
| NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not properly listen for data connections, which allows remote attackers to cause a denial of service (abend) via multiple FTP sessions. | |||||
| CVE-2002-2433 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-06-08 | 4.0 MEDIUM | N/A |
| NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command. | |||||
| CVE-2010-2052 | 2010-06-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2155. Reason: This candidate is a duplicate of CVE-2010-2155. Notes: All CVE users should reference CVE-2010-2155 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-4769 | 1 Jasper | 1 Httpdx | 2010-06-07 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component. | |||||
| CVE-2009-4770 | 1 Jasper | 1 Httpdx | 2010-06-07 | 7.5 HIGH | N/A |
| The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access. | |||||
| CVE-2010-1160 | 1 Gnu | 1 Nano | 2010-06-07 | 1.9 LOW | N/A |
| GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim. | |||||
| CVE-2010-1161 | 1 Gnu | 1 Nano | 2010-06-07 | 3.7 LOW | N/A |
| Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. | |||||
| CVE-2009-4776 | 1 Hitachi | 25 Cosminexus\/opentp1 Web Web Front-endset, Cosminexus Application Server, Cosminexus Client and 22 more | 2010-06-07 | 9.3 HIGH | N/A |
| Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794. | |||||
| CVE-2010-1273 | 1 Emweb | 1 Wt | 2010-06-07 | 9.3 HIGH | N/A |
| Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors. | |||||
| CVE-2010-0732 | 2 Gnome, Gtk | 2 Screensaver, Gtk\+ | 2010-06-05 | 6.2 MEDIUM | N/A |
| gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. | |||||
| CVE-2009-4824 | 1 Kolab | 1 Kolab Server | 2010-06-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form." | |||||
| CVE-2010-2146 | 1 Graviton-mediatech | 1 Visitor Logger | 2010-06-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter. | |||||
| CVE-2010-2153 | 1 Tecnick | 1 Tcexam | 2010-06-04 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/. | |||||
| CVE-2010-2151 | 1 Fujitsu | 1 E-pares | 2010-06-04 | 2.6 LOW | N/A |
| Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors. | |||||
| CVE-2010-2150 | 1 Fujitsu | 1 E-pares | 2010-06-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-2144 | 1 Zeeways | 1 Ebay Clone Auction Script | 2010-06-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0793 | 1 Barnowl | 1 Barnowl | 2010-06-03 | 7.5 HIGH | N/A |
| Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header. | |||||
| CVE-2010-0745 | 1 Dovecot | 1 Dovecot | 2010-06-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message. | |||||
| CVE-2009-4785 | 2 Bhavesh Chauhan, Joomla | 2 Com Quicknews, Joomla\! | 2010-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php. | |||||
| CVE-2009-4790 | 1 Sysax | 1 Multi Server | 2010-06-03 | 9.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4788 | 1 Pligg | 1 Pligg Cms | 2010-06-03 | 4.3 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php. | |||||
| CVE-2009-4789 | 2 Joomla, Mojoblog | 2 Joomla, Mojoblog | 2010-06-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php. | |||||
| CVE-2009-4784 | 2 Joaktree, Joomla | 2 Com Joaktree, Joomla\! | 2010-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php. | |||||
| CVE-2010-2139 | 1 Multishopcms | 1 Multishop Cms | 2010-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-2140 | 1 Multishopcms | 1 Multishop Cms | 2010-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in itemdetail.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1153 | 1 Typo3 | 1 Typo3 | 2010-06-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable. | |||||
| CVE-2008-7255 | 1 Amsn | 1 Amsn | 2010-06-03 | 4.6 MEDIUM | N/A |
| login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation. | |||||
| CVE-2010-1718 | 2 Joomla, Lispeltuut | 2 Joomla\!, Com Archeryscores | 2010-06-01 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-2112 | 1 Intervations | 1 Filecopa | 2010-06-01 | 8.8 HIGH | N/A |
| Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-2114 | 1 Brekeke | 1 Pbx | 2010-06-01 | 2.6 LOW | N/A |
| Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean. | |||||