Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-5113 | 1 Iwork | 1 Webglimpse | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the DOC parameter. | |||||
| CVE-2009-5115 | 1 Mcafee | 1 Common Management Agent | 2017-08-29 | 6.5 MEDIUM | N/A |
| McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object. | |||||
| CVE-2009-5117 | 1 Mcafee | 1 Host Data Loss Prevention | 2017-08-29 | 1.9 LOW | N/A |
| The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files. | |||||
| CVE-2009-5118 | 1 Mcafee | 1 Virusscan Enterprise | 2017-08-29 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share. | |||||
| CVE-2009-5122 | 1 Websense | 1 Websense Email Security | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Personal Email Manager component in Websense Email Security before 7.2 allows remote attackers to obtain potentially sensitive information from the JBoss status page via an unspecified query. | |||||
| CVE-2009-5132 | 1 Websense | 2 Websense Web Filter, Websense Web Security | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 106 and 7.x before 7.1 allow remote attackers to cause a denial of service (filtering outage) via a crafted URL. | |||||
| CVE-2010-4808 | 1 Valarsoft | 1 Webmatic | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2010-4809 | 1 Liberologico | 1 Dbsite | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2010-4810 | 1 Awcm-cms | 1 Ar Web Content Manager | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) lang_file parameter to control/common.php. | |||||
| CVE-2010-4811 | 1 6kbbs | 1 6kbbs | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the (1) user[msn], (2) user[email], and (3) user[phone] parameters in a modifyDetails action. | |||||
| CVE-2010-4812 | 1 6kbbs | 1 6kbbs | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php. | |||||
| CVE-2010-4813 | 2 Category Tokens Project, Drupal | 2 Category Tokens, Drupal | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help. | |||||
| CVE-2010-4814 | 1 Bestsoftinc | 1 Advance Hotel Booking System | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2010-4821 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | |||||
| CVE-2010-4823 | 1 Silverstripe | 1 Silverstripe | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions." | |||||
| CVE-2010-4824 | 1 Silverstripe | 1 Silverstripe | 2017-08-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter. | |||||
| CVE-2010-4825 | 2 Pleer, Wordpress | 2 Wp-twitter-feed, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2010-4843 | 1 Phpwebscripts | 1 Ad Manager Pro | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter. | |||||
| CVE-2010-4844 | 1 Mhproducts | 1 Easy Online Shop | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter. | |||||
| CVE-2010-4845 | 1 Mhproducts | 1 Projekt Shop | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the (1) ts parameter to details.php and possibly the (2) ilceler parameter to index.php. | |||||
| CVE-2010-4846 | 1 Mhproducts | 1 Pay Pal Shop Digital | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_item.php in MH Products Pay Pal Shop Digital allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | |||||
| CVE-2010-4847 | 1 Mhproducts | 1 Mhp Downloadshop | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_item.php in MH Products MHP Downloadshop allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | |||||
| CVE-2010-4853 | 2 Chillcreations, Joomla | 2 Com Ccinvoices, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. | |||||
| CVE-2010-4854 | 1 Zuitu | 1 Zuitu | 2017-08-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a consume action. | |||||
| CVE-2010-4857 | 1 Curtiss Grymala | 1 Cag Cms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | |||||
| CVE-2010-4860 | 1 Galaxyscriptz | 1 Myphpauction | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-4861 | 1 Webspell | 1 Webspell | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2010-4862 | 2 Harmistechnology, Joomla | 2 Com Jedirectory, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. | |||||
| CVE-2010-4866 | 1 Chipmunk-scripts | 1 Chipmunk Board | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter. | |||||
| CVE-2010-4869 | 1 Drbenhur | 1 Dbhcms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter. | |||||
| CVE-2010-4871 | 1 Smartftp | 1 Smartftp | 2017-08-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows attackers to have an unknown impact via a long filename. | |||||
| CVE-2010-4872 | 1 Pilotcart | 1 Pilot Cart | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter. | |||||
| CVE-2010-4873 | 1 Webidsupport | 1 Webid | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2010-4875 | 2 Wordpress, Xondie | 2 Wordpress, Vodpod Video Gallery | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter. | |||||
| CVE-2010-4883 | 1 Modx | 1 Revolution | 2017-08-29 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter. | |||||
| CVE-2010-4893 | 1 Festengine | 1 Festos | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS 2.3b allows remote attackers to inject arbitrary web script or HTML via the category parameter in a details action. | |||||
| CVE-2010-4894 | 1 Chillycms | 1 Chillycms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4895 | 1 Chillycms | 1 Chillycms | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the username field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4896 | 1 Expinion.net | 1 Member Management System | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.asp in Member Management System 4.0 allows remote attackers to inject arbitrary web script or HTML via the REF_URL parameter. | |||||
| CVE-2010-4908 | 1 Virtuenetz | 1 Virtue Shopping Mall | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the prodid parameter. | |||||
| CVE-2010-4910 | 1 Coldgen | 1 Coldcalendar | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action. | |||||
| CVE-2010-4911 | 1 Sellatsite | 1 Php Classifieds Ads | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classi/detail.php in PHP Classifieds Ads allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2010-4912 | 1 Discuz | 1 Ucenter Home | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action. | |||||
| CVE-2010-4914 | 1 Deltascripts | 1 Php Classifieds | 2017-08-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter. | |||||
| CVE-2010-4915 | 1 Coldgen | 1 Coldbookmarks | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action. | |||||
| CVE-2010-4916 | 1 Coldgen | 1 Coldusergroup | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter. | |||||
| CVE-2010-4917 | 1 A-blog | 1 A-blog | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter. | |||||
| CVE-2010-4918 | 2 Ijoomla, Joomla | 2 Com Magazine, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php. | |||||
| CVE-2010-4919 | 1 Micronetsoft | 1 Rv Dealer Website | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter. | |||||
| CVE-2010-4920 | 1 Micronetsoft | 1 Rental Property Website | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Micronetsoft Rental Property Management Website 1.0 allows remote attackers to execute arbitrary SQL commands via the ad_ID parameter. | |||||