Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2456 | 1 Codelib | 1 Linker Img | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate. | |||||
| CVE-2010-2458 | 1 2daybiz | 1 Video Community Portal Script | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter. | |||||
| CVE-2010-2459 | 1 2daybiz | 1 Video Community Portal Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter. | |||||
| CVE-2010-2460 | 1 Jce-tech | 1 Shareasale Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter. | |||||
| CVE-2010-2461 | 1 Jce-tech | 1 Overstock Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter. | |||||
| CVE-2010-2462 | 1 Tomacero | 1 Orohyip | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP allows remote attackers to execute arbitrary SQL commands via the id parameter in a cancel action. | |||||
| CVE-2010-2464 | 2 Joomla, Rsjoomla | 2 Joomla\!, Com Rscomments | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php. | |||||
| CVE-2010-2466 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2017-08-17 | 5.0 MEDIUM | N/A |
| The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames. | |||||
| CVE-2010-2467 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2017-08-17 | 5.0 MEDIUM | N/A |
| The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests. | |||||
| CVE-2010-2468 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2017-08-17 | 10.0 HIGH | N/A |
| The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password. | |||||
| CVE-2010-2489 | 2 Microsoft, Ruby-lang | 2 Windows, Ruby | 2017-08-17 | 7.2 HIGH | N/A |
| Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files. | |||||
| CVE-2010-2507 | 2 Joomla, Masselink | 2 Joomla\!, Com Picasa2gallery | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-2518 | 1 Ibm | 4 Filenet P8 Business Process Manager, Filenet P8 Content Manager, P8 Content Engine and 1 more | 2017-08-17 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), allows remote attackers to gain privileges via unknown vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2526 | 2 Heinz Mauelshagen, Redhat | 3 Lvm2, Cluster Suite, Enterprise Linux | 2017-08-17 | 4.6 MEDIUM | N/A |
| The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands. | |||||
| CVE-2010-2534 | 1 Openttd | 1 Openttd | 2017-08-17 | 5.0 MEDIUM | N/A |
| The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue. | |||||
| CVE-2010-2544 | 1 Cacti | 1 Cacti | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | |||||
| CVE-2010-2545 | 1 Cacti | 1 Cacti | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php. | |||||
| CVE-2010-2587 | 1 Adobe | 1 Shockwave Player | 2017-08-17 | 9.3 HIGH | N/A |
| The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2588 and CVE-2010-4188. | |||||
| CVE-2010-2588 | 1 Adobe | 1 Shockwave Player | 2017-08-17 | 9.3 HIGH | N/A |
| The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2587 and CVE-2010-4188. | |||||
| CVE-2010-2589 | 1 Adobe | 1 Shockwave Player | 2017-08-17 | 9.3 HIGH | N/A |
| Integer overflow in the dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-2602 | 1 Rim | 1 Blackberry Enterprise Server | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Enterprise Server 5.0.0 through 5.0.2, 4.1.6, and 4.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF document. | |||||
| CVE-2010-2604 | 1 Rim | 2 Blackberry Enterprise Server, Blackberry Enterprise Server Express | 2017-08-17 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file. | |||||
| CVE-2010-2609 | 1 2daybiz | 1 Job Search Engine Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | |||||
| CVE-2010-2610 | 1 2daybiz | 1 Job Site Script | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php. | |||||
| CVE-2010-2611 | 1 I-netsolution | 1 Job Search Engine Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_search_result.php in i-netsolution Job Search Engine allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | |||||
| CVE-2010-2613 | 2 Harmistechnology, Joomla | 2 Com Awd Song, Joomla\! | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php. | |||||
| CVE-2010-2616 | 1 Paul Mcenery | 1 Php Bible Search | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter. | |||||
| CVE-2010-2617 | 1 Paul Mcenery | 1 Php Bible Search | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter. | |||||
| CVE-2010-2618 | 1 Insanevisions | 1 Adapcms | 2017-08-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected. | |||||
| CVE-2010-2622 | 2 Joomanager, Joomla | 2 Joomanager, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2010-2623 | 1 Internetdm | 1 Bed And Breakfast | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter. | |||||
| CVE-2010-2626 | 1 Miyabi-seo | 1 Cgi Tools Seo Links | 2017-08-17 | 7.5 HIGH | N/A |
| index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to execute arbitrary commands via shell metacharacters in the fn command. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2632 | 1 Sun | 1 Sunos | 2017-08-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames. | |||||
| CVE-2010-2633 | 1 Emc | 4 Disk Library, Disk Library 4100, Disk Library 4200 and 1 more | 2017-08-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3.x before 3.3.2 epatch 8, and 4.0.x before 4.0.1 epatch 4 allows remote attackers to cause a denial of service (communication-module crash) by sending a crafted message through TCP. | |||||
| CVE-2010-2635 | 1 Ibm | 1 Websphere Commerce | 2017-08-17 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages." | |||||
| CVE-2010-2636 | 1 Ibm | 1 Websphere Commerce | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2010-2637 | 1 Ibm | 1 Websphere Mq | 2017-08-17 | 4.3 MEDIUM | N/A |
| IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. | |||||
| CVE-2010-2638 | 1 Ibm | 1 Websphere Mq | 2017-08-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value. | |||||
| CVE-2010-2639 | 1 Ibm | 1 Websphere Commerce | 2017-08-17 | 5.0 MEDIUM | N/A |
| IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues." | |||||
| CVE-2010-2644 | 1 Ibm | 1 Websphere Service Registry And Repository | 2017-08-17 | 5.0 MEDIUM | N/A |
| IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface. | |||||
| CVE-2010-2669 | 1 Novo-ws | 1 Orbis Cms | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2010-2670 | 1 Brotherscripts | 1 Recipe Website | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2674 | 1 Alanzard | 1 Tsoka\ | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action. | |||||
| CVE-2010-2676 | 1 Openwebanalytics | 1 Open Web Analytics | 2017-08-17 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters. | |||||
| CVE-2010-2677 | 1 Openwebanalytics | 1 Open Web Analytics | 2017-08-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2680 | 2 Harmistechnology, Joomla | 2 Com Jesectionfinder, Joomla\! | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. | |||||
| CVE-2010-2682 | 2 Joomla, Realtyna | 2 Joomla\!, Com Realtyna | 2017-08-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-2684 | 1 Customerparadigm | 1 Pagedirector Cms | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2687 | 1 Site2nite | 1 Boat Classifieds | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printdetail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the Id parameter. | |||||
| CVE-2010-2688 | 1 Site2nite | 1 Boat Classifieds | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||