Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1714 | 2 Dev.pucit.edu.pk, Joomla | 2 Com Arcadegames, Joomla\! | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1715 | 2 Joomla, Pucit.edu | 2 Joomla\!, Com Onlineexam | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1716 | 2 Joomla, Joomlanetprojects | 2 Joomla\!, Com Agenda | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Agenda Address Book (com_agenda) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||
| CVE-2010-1719 | 2 Joomla, Moto-treks | 2 Joomla\!, Com Mtfireeagle | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1720 | 2 Joomla, Qproje | 2 Joomla\!, Com Qpersonel | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php. | |||||
| CVE-2010-1721 | 2 Joomla, Thethinkery | 2 Joomla\!, Com Iproperty | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php. | |||||
| CVE-2010-1722 | 2 Dev.pucit.edu.pk, Joomla | 2 Com Market, Joomla\! | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1725 | 1 Alibabaclone | 1 Alibaba Clone Platinum | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinum allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-1726 | 1 Alibabaclone | 1 Ec21 Clone | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-1727 | 1 Aspsiteware | 1 Jobpost | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1733 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1736 | 1 Aspindir | 1 Krm Haber | 2017-08-17 | 5.0 MEDIUM | N/A |
| KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. | |||||
| CVE-2010-1739 | 1 Joomla | 2 Com Newsfeeds, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php. | |||||
| CVE-2010-1740 | 1 Freeguppy | 1 Guppy | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter. | |||||
| CVE-2010-1741 | 1 Billwerx | 1 Billwerx Rc | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter. | |||||
| CVE-2010-1742 | 1 Satyadeep | 1 Scratcher | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter. | |||||
| CVE-2010-1743 | 1 Satyadeep | 1 Scratcher | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-1744 | 1 Alibabaclone | 1 B2b Gold Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product.html in B2B Gold Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-1746 | 2 Joomla, Toolsjx | 2 Joomla\!, Com Grid | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php. | |||||
| CVE-2010-1775 | 1 Apple | 3 Iphone, Iphone Os, Ipod Touch | 2017-08-17 | 1.9 LOW | N/A |
| Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. | |||||
| CVE-2010-1810 | 1 Apple | 3 Iphone, Iphone Os, Ipod Touch | 2017-08-17 | 3.5 LOW | N/A |
| FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. | |||||
| CVE-2010-1855 | 1 Phpscripte24 | 1 Pay Per Watch \& Bid Auktions System | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter. | |||||
| CVE-2010-1858 | 2 Gelembjuk, Joomla | 2 Com Smestorage, Joomla\! | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. | |||||
| CVE-2010-1865 | 1 Csphere | 1 Clansphere | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php). | |||||
| CVE-2010-1867 | 1 Campware.org | 1 Campsite | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ArticleAttachment::GetAttachmentsByArticleNumber method in javascript/tinymcs/plugins/campsiteattachment/attachments.php in Campsite 3.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||||
| CVE-2010-1873 | 2 Joomla, Jvehicles | 2 Joomla\!, Com Jvehicles | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1874 | 2 Com-property, Joomla | 2 Com Properties, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1875 | 2 Com-property, Joomla | 2 Com Properties, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1876 | 1 Ajsquare | 1 Aj Shopping Cart | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. | |||||
| CVE-2010-1877 | 2 Joomla, Jtmreseller | 2 Joomla\!, Com Jtm | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JTM Reseller (com_jtm) component 1.9 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter in a search action to index.php. | |||||
| CVE-2010-1878 | 2 Blueflyingfish.no-ip, Joomla | 2 Com Orgchart, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1914 | 1 Php | 1 Php | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. | |||||
| CVE-2010-1915 | 1 Php | 1 Php | 2017-08-17 | 5.0 MEDIUM | N/A |
| The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. | |||||
| CVE-2010-1917 | 1 Php | 1 Php | 2017-08-17 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string. | |||||
| CVE-2010-1923 | 1 Phpscripte24 | 1 Web Social Network Freunde Community | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action. | |||||
| CVE-2010-1924 | 1 Phpscripte24 | 1 Live Shopping Multi Portal System | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter. | |||||
| CVE-2010-1928 | 1 Openmairie | 1 Openplanning | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | |||||
| CVE-2010-1932 | 1 Xnview | 1 Xnview | 2017-08-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field. | |||||
| CVE-2010-1935 | 1 Openmairie | 1 Openpresse | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in scr/soustab.php in openMairie Openpresse 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | |||||
| CVE-2010-1936 | 1 Openmairie | 1 Opencominterne | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | |||||
| CVE-2010-1940 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-08-17 | 4.3 MEDIUM | N/A |
| Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1942 | 1 Fujitsu | 1 Interstage Application Server | 2017-08-17 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force invalid requests to be processed via unknown vectors related to unspecified invalid requests and settings on the load balancing device. | |||||
| CVE-2010-1944 | 1 Openmairie | 1 Opencimetiere | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation.class.php, (2) courrierautorisation.class.php, (3) droit.class.php, (4) profil.class.php, (5) temp_defunt_sansemplacement.class.php, (6) utils.class.php, (7) cimetiere.class.php, (8) defunt.class.php, (9) emplacement.class.php, (10) tab_emplacement.class.php, (11) temp_emplacement.class.php, (12) voie.class.php, (13) collectivite.class.php, (14) defunttransfert.class.php, (15) entreprise.class.php, (16) temp_autorisation.class.php, (17) travaux.class.php, (18) zone.class.php, (19) courrier.class.php, (20) dossier.class.php, (21) plans.class.php, (22) temp_defunt.class.php, and (23) utilisateur.class.php in obj/. | |||||
| CVE-2010-1952 | 2 Cmstactics, Joomla | 3 Com Beeheard, Com Beeheardlite, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1955 | 2 Joomla, Thefactory | 2 Joomla\!, Com Blogfactory | 2017-08-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1956 | 2 Joomla, Thefactory | 2 Joomla\!, Com Gadgetfactory | 2017-08-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1957 | 2 Joomla, Thefactory | 2 Joomla\!, Com Lovefactory | 2017-08-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1958 | 2 Drupal, Quicksketch | 2 Drupal, Filefield | 2017-08-17 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter). | |||||
| CVE-2010-1962 | 1 Hp | 1 Storageworks Storage Mirroring | 2017-08-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.2.1.870.0 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2010-1976 | 2 Drupal, Michael Nichols | 2 Drupal, Taxonomy Breadcrumb | 2017-08-17 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display. | |||||