Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2138 | 1 Giaard | 1 Proman | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanagers.php, (3) manageusers.php, (4) helpfunc.php, (5) managegroups.php, (6) manageprocess.php, and (7) manageusersgroups.php. | |||||
| CVE-2010-2141 | 1 Nitropowered | 1 Nitro Web Gallery | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action. | |||||
| CVE-2010-2142 | 1 Murat Ersoy | 1 Cyberhost | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2147 | 2 Joomla, Unisoft | 2 Joomla\!, Com Mycar | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php. | |||||
| CVE-2010-2148 | 2 Joomla, Unisoft | 2 Joomla\!, Com Mycar | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php. | |||||
| CVE-2010-2152 | 1 Justsystems | 2 Ichitaro, Just School | 2017-08-17 | 9.3 HIGH | N/A |
| Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to "product character attribute processing" for a document. | |||||
| CVE-2010-2154 | 1 Cmscout | 1 Cmscout | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Search Site in CMScout 2.09, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2156 | 1 Isc | 1 Dhcp | 2017-08-17 | 5.0 MEDIUM | N/A |
| ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID. | |||||
| CVE-2010-2190 | 1 Php | 1 Php | 2017-08-17 | 5.0 MEDIUM | N/A |
| The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | |||||
| CVE-2010-2191 | 1 Php | 1 Php | 2017-08-17 | 6.4 MEDIUM | N/A |
| The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature. | |||||
| CVE-2010-2195 | 1 Eterna | 1 Bozohttpd | 2017-08-17 | 5.0 MEDIUM | N/A |
| bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows attackers to cause a denial of service via vectors related to a "wrong code generation interaction with GCC." | |||||
| CVE-2010-2197 | 1 Rpm | 1 Rpm | 2017-08-17 | 5.8 MEDIUM | N/A |
| rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag. | |||||
| CVE-2010-2199 | 1 Rpm | 1 Rpm | 2017-08-17 | 7.2 HIGH | N/A |
| lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059. | |||||
| CVE-2010-2225 | 1 Php | 1 Php | 2017-08-17 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function. | |||||
| CVE-2010-2260 | 1 Gambitdesign | 1 Bandwidth Meter | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design Bandwidth Meter, 0.72 and possibly 1.2, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) view_by_name.php or (2) view_by_ip.php in admin/. NOTE: some sources report that the affected product is ShaPlus Bandwidth Meter, but this is incorrect. | |||||
| CVE-2010-2262 | 1 Galileo Students | 1 Team Weborf | 2017-08-17 | 5.0 MEDIUM | N/A |
| Galileo Students Team Weborf before 0.12.1 allows remote attackers to cause a denial of service (crash) via a crafted Range header. | |||||
| CVE-2010-2291 | 1 Snom | 1 Voip Phone Firmware | 2017-08-17 | 3.3 LOW | N/A |
| Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2305 | 1 Symantec | 1 Sygate Personal Firewall | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Sygate Personal Firewall 5.6 build 2808 allows remote attackers to execute arbitrary code via a long third argument to the SetRegString method. | |||||
| CVE-2010-2307 | 1 Motorola | 1 Surfboard Sbv6120e | 2017-08-17 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. | |||||
| CVE-2010-2310 | 1 Solarwinds | 1 Tftp Server | 2017-08-17 | 5.0 MEDIUM | N/A |
| SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a denial of service (crash) via a long write request. | |||||
| CVE-2010-2311 | 1 Power-tab | 1 Power Tab Editor | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Power Tab Editor 1.7 build 80 allows user-assisted remote attackers to execute arbitrary code via a .ptb file with a long font name. | |||||
| CVE-2010-2313 | 1 Anodyne-productions | 1 Simm Management System | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Anodyne Productions SIMM Management System (SMS) 2.6.10, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2315 | 1 Smartisoft | 1 Phpbazar | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter. | |||||
| CVE-2010-2320 | 1 Eterna | 1 Bozohttpd | 2017-08-17 | 5.0 MEDIUM | N/A |
| bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences. | |||||
| CVE-2010-2321 | 1 Adobe | 1 Indesign Cs3 | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote attackers to execute arbitrary code via a crafted .indd file. | |||||
| CVE-2010-2329 | 1 Rosoftengineering | 1 Rosoft Audio Converter | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote attackers to execute arbitrary code via a long playlist entry in a .m3u file. | |||||
| CVE-2010-2330 | 1 Upredsun | 1 Isharer File Sharing Wizard | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Length header. | |||||
| CVE-2010-2332 | 2 Apple, Impactfinancials | 2 Iphone Os, Impact Pdf Reader | 2017-08-17 | 5.0 MEDIUM | N/A |
| Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions for iPhone and iPod touch allows remote attackers to cause a denial of service (server crash) via a "..." body in a POST request. | |||||
| CVE-2010-2337 | 1 Rsa | 1 Federated Identity Manager | 2017-08-17 | 6.0 MEDIUM | N/A |
| Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. | |||||
| CVE-2010-2338 | 1 Vunet | 1 Vu Web Visitor Analyst | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2339 | 1 Subdreamer | 1 Subdreamer | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x allows remote attackers to execute arbitrary SQL commands via the categoryids[] parameter in an update_pages action. | |||||
| CVE-2010-2341 | 1 Ezpx | 1 Ezpx Photoblog | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter. | |||||
| CVE-2010-2343 | 1 Dennisre | 1 Audio Converter | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file. | |||||
| CVE-2010-2344 | 1 Odcms | 1 Odcms | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to (1) _main/index.php, (2) _members/index.php, (3) _forum/index.php, (4) _docs/index.php, and (5) _announcements/index.php. | |||||
| CVE-2010-2345 | 1 Odcms | 1 Odcms | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password, and other unspecified requests. | |||||
| CVE-2010-2348 | 1 Freesoftwaretoolbox | 1 Batch Audio Converter | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0.0.0 and earlier allows remote attackers to execute arbitrary code via a long line in a .WAV file. | |||||
| CVE-2010-2350 | 1 Daniel Mealha Cabrita | 1 Ziproxy | 2017-08-17 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNG file. | |||||
| CVE-2010-2352 | 3 Drupal, Karen Stevenson, Yves Chedemois | 3 Drupal, Cck, Cck | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes. | |||||
| CVE-2010-2353 | 2 Drupal, Yves Chedemois | 2 Drupal, Cck | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes. | |||||
| CVE-2010-2354 | 1 Pilotgroup | 1 Elms Pro | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter. | |||||
| CVE-2010-2355 | 1 Pilotgroup | 1 Elms Pro | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-2356 | 1 Pilotgroup | 1 Elms Pro | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter. | |||||
| CVE-2010-2357 | 1 Eicrasoft | 1 Eicra Realestate Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2358 | 1 Jeffkilroy | 1 Nakid Cms | 2017-08-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2359 | 1 Activewebsoftwares | 1 Ewebquiz | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706. | |||||
| CVE-2010-2360 | 1 Isamu Kaneko | 1 Winny | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-2007. | |||||
| CVE-2010-2433 | 1 Ibm | 1 Websphere Ilog Jrules | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/. | |||||
| CVE-2010-2438 | 1 Laubrotel | 1 G.cms Generator | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php. | |||||
| CVE-2010-2439 | 1 Moreforge | 1 Moreamp | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file). | |||||
| CVE-2010-2454 | 1 Apple | 1 Safari | 2017-08-17 | 4.3 MEDIUM | N/A |
| Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. | |||||