Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0828 | 1 Moinmo | 1 Moinmoin | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI. | |||||
| CVE-2010-0830 | 1 Gnu | 1 Glibc | 2017-08-17 | 5.1 MEDIUM | N/A |
| Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. | |||||
| CVE-2010-0832 | 1 Canonical | 1 Ubuntu Linux | 2017-08-17 | 6.9 MEDIUM | N/A |
| pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file. | |||||
| CVE-2010-0862 | 1 Oracle | 1 Industry Product Suite | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Retail - Oracle Retail Markdown Optimization component in Oracle Industry Product Suite 13.1 allows remote attackers to affect integrity via unknown vectors related to Online Help. | |||||
| CVE-2010-0863 | 1 Oracle | 1 Industry Product Suite | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help. | |||||
| CVE-2010-0864 | 1 Oracle | 1 Industry Product Suite | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Retail - Oracle Retail Place In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help. | |||||
| CVE-2010-0877 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2010-0878 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2017-08-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote authenticated users to affect integrity via unknown vectors. | |||||
| CVE-2010-0879 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2017-08-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2010-0880 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2017-08-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2010-0883 | 1 Oracle | 1 Sun Products Suite | 2017-08-17 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Business Suite, a different vulnerability than CVE-2010-0884. | |||||
| CVE-2010-0884 | 1 Oracle | 1 Sun Products Suite | 2017-08-17 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Business Suite, a different vulnerability than CVE-2010-0883. | |||||
| CVE-2010-0888 | 1 Oracle | 1 Sun Products Suite | 2017-08-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Sun Ray Server Software component in Oracle Sun Product Suite 4.0, 4.1, and 4.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Device Services. | |||||
| CVE-2010-0889 | 1 Oracle | 1 Opensolaris | 2017-08-17 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite OpenSolaris snv_68 through snv_128 allows local users to affect confidentiality via unknown vectors related to the Kernel. | |||||
| CVE-2010-0893 | 1 Oracle | 1 Sun Products Suite | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Sun Convergence component in Oracle Sun Product Suite 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Mail. | |||||
| CVE-2010-0894 | 1 Oracle | 2 Opensso Enterprise, Sun Products Suite | 2017-08-17 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in the Sun Java System Access Manager component in Oracle Sun Product Suite 7.1, 7 2005Q4, and OpenSSO Enterprise 8.0 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2010-0895 | 1 Oracle | 1 Opensolaris | 2017-08-17 | 3.6 LOW | N/A |
| Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite OpenSolaris snv_119 allows local users to affect integrity and availability via unknown vectors related to IP Filter. | |||||
| CVE-2010-0896 | 1 Oracle | 1 Sun Products Suite | 2017-08-17 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Sun Convergence component in Oracle Sun Product Suite 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Address Book and Mail Filter. | |||||
| CVE-2010-0897 | 1 Oracle | 1 Sun Products Suite | 2017-08-17 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Sun Java System Directory Server component in Oracle Sun Product Suite 5.2, 6.0, 6.1, 6.2, 6.3, and 6.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Directory Service Markup Language. | |||||
| CVE-2010-0918 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2017-08-17 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors. | |||||
| CVE-2010-0919 | 1 Ibm | 3 Domino Web Access, Lotus Domino, Lotus Inotes | 2017-08-17 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ. | |||||
| CVE-2010-0921 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." | |||||
| CVE-2010-0928 | 3 Gaisler, Openssl, Xilinx | 3 Leon3 Soc, Openssl, Virtex-ii Pro Fpga | 2017-08-17 | 4.0 MEDIUM | N/A |
| OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack." | |||||
| CVE-2010-0936 | 1 D-link | 1 Dkvm-ip8 | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. | |||||
| CVE-2010-0937 | 1 Visualizationlibrary | 1 Visualization Library | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Visualization Library before 2009.08.812 have unknown impact and attack vectors. | |||||
| CVE-2010-0938 | 1 Todoomasters | 1 Todoo Forum | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action. | |||||
| CVE-2010-0939 | 1 Visialis | 1 Abb Forum | 2017-08-17 | 5.0 MEDIUM | N/A |
| Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb. | |||||
| CVE-2010-0940 | 1 Sanusart | 1 Simple Php Guestbook | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2010-0941 | 1 Web-site-development | 1 Etek Systems Hit Counter | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php. | |||||
| CVE-2010-0942 | 2 Joomla, Jvideodirect | 2 Joomla\!, Com Jvideodirect | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-0943 | 2 Joomla, Joomlart | 2 Joomla\!, Com Jashowcase | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php. | |||||
| CVE-2010-0944 | 2 Joomla, Thorsten Riess | 2 Joomla\!, Com Jcollection | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-0945 | 2 Hotbrackets, Joomla | 2 Com Hotbrackets, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2010-0946 | 2 Joomla, Kiss-software | 2 Joomla\!, Com Ksadvertiser | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php. | |||||
| CVE-2010-0948 | 1 Bfs.kilu | 1 Bigforum | 2017-08-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-0951 | 1 Dev4u | 1 Dev4u Cms | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter. | |||||
| CVE-2010-0952 | 1 Insanevisions | 1 Onecms | 2017-08-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action. | |||||
| CVE-2010-0953 | 1 Phpcoin | 1 Phpcoin | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. | |||||
| CVE-2010-0954 | 1 Preprojects | 1 Pre E-learning Portal | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter. | |||||
| CVE-2010-0955 | 1 Media-products | 1 Bild Flirt Community | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-0957 | 1 Saskia Bruckner | 1 Saskias Shopsystem | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter. | |||||
| CVE-2010-0964 | 1 Media-products | 1 Eros Webkatalog | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action. | |||||
| CVE-2010-0965 | 1 Jevci.net | 1 Jevci Siparis Formu Scripti | 2017-08-17 | 5.0 MEDIUM | N/A |
| Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb. | |||||
| CVE-2010-0967 | 1 Geekhelps | 1 Admp | 2017-08-17 | 5.1 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the style parameter to (1) colorvoid/footer.php, (2) default-green/footer.php, (3) default-orange/footer.php, and (4) default/footer.php in themes/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0970 | 1 Jorik Berkepas | 1 Phpmylogon | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0971 | 1 Atutor | 1 Atutor | 2017-08-17 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0972 | 2 G4j.laoneo, Joomla | 2 Com Gcalendar, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-0973 | 1 Scripteverkauf | 1 Domain Verkaus And Auktions Portal | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phppool media Domain Verkaus and Auktions Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-0974 | 1 Phpcityportal | 1 Phpcityportal | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) video_show.php, (2) spotlight_detail.php, (3) real_estate_details.php, and (4) auto_details.php. | |||||
| CVE-2010-0975 | 1 Phpcityportal | 1 Phpcityportal | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in external.php in PHPCityPortal allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. | |||||