Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3456 | 1 Energyscripts | 1 Simple Download | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in EnergyScripts (ES) Simple Download 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2010-3459 | 1 Gecad | 1 Axigen Mail Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface in AXIGEN Mail Server before 7.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3460 | 2 Gecad, Microsoft | 2 Axigen Mail Server, Windows | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. | |||||
| CVE-2010-3461 | 1 Endonesia | 1 Endonesia | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394. | |||||
| CVE-2010-3465 | 1 Ecommercesoft | 1 Xse Shopping Cart | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping Cart 1.5.2.1 and 1.5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to Default.aspx and the (2) type parameter to SearchResults.aspx. | |||||
| CVE-2010-3466 | 1 Netartmedia | 1 Iboutique.mall | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the hosted_signup module in NetArt Media iBoutique.MALL 1.2 allows remote attackers to inject arbitrary web script or HTML via the tmpl parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3467 | 1 E-xoopport | 1 Samsara | 2017-08-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action. | |||||
| CVE-2010-3476 | 1 Otrs | 1 Otrs | 2017-08-17 | 5.0 MEDIUM | N/A |
| Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080. | |||||
| CVE-2010-3479 | 1 Boutikone | 1 Boutikone | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2010-3480 | 1 Apphp | 1 Php Microcms | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2010-3481 | 1 Apphp | 1 Php Microcms | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable. | |||||
| CVE-2010-3486 | 1 Smartertools | 1 Smartermail | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter. | |||||
| CVE-2010-3488 | 1 Houbysoft | 1 Quickshare | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in QuickShare 1.0 allows remote attackers to read arbitrary files via a ... (triple dot) in the URL. | |||||
| CVE-2010-3491 | 1 Tibco | 4 Activematrix Businessworks Service Engine, Activematrix Service Bus, Activematrix Service Grid and 1 more | 2017-08-17 | 10.0 HIGH | N/A |
| The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors. | |||||
| CVE-2010-3505 | 1 Oracle | 1 Supply Chain Products Suite | 2017-08-17 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Folders, Files & Attachments, a different vulnerability than CVE-2010-4429. | |||||
| CVE-2010-3510 | 1 Oracle | 1 Fusion Middleware | 2017-08-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Node Manager. | |||||
| CVE-2010-3586 | 1 Sun | 1 Sunos | 2017-08-17 | 3.6 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver. | |||||
| CVE-2010-3587 | 1 Oracle | 1 E-business Suite | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Common Applications component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to User Management. | |||||
| CVE-2010-3588 | 1 Oracle | 1 Fusion Middleware | 2017-08-17 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 10.1.2.3, 11.1.1.2.0, and 11.1.1.3.0 allows remote authenticated users to affect confidentiality and integrity, related to EUL Code & Schema. | |||||
| CVE-2010-3589 | 1 Oracle | 1 E-business Suite | 2017-08-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Logout. | |||||
| CVE-2010-3590 | 1 Oracle | 1 Database Server | 2017-08-17 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to MDSYS. | |||||
| CVE-2009-3007 | 2 Flock, Mozilla | 3 Flock, Firefox, Seamonkey | 2017-08-17 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker. | |||||
| CVE-2009-3008 | 1 Christophe Thibault | 1 K-meleon | 2017-08-17 | 4.3 MEDIUM | N/A |
| K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker. | |||||
| CVE-2009-3010 | 1 Mozilla | 3 Firefox, Mozilla, Seamonkey | 2017-08-17 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site. | |||||
| CVE-2009-3011 | 1 Google | 1 Chrome | 2017-08-17 | 4.3 MEDIUM | N/A |
| Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: the JavaScript executes outside of the context of the HTTP site. | |||||
| CVE-2009-3015 | 1 Qtweb | 1 Qtweb | 2017-08-17 | 4.3 MEDIUM | N/A |
| QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. | |||||
| CVE-2009-3022 | 1 Itd-inc | 1 Bingo\!cms | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors. | |||||
| CVE-2009-3030 | 1 Symantec | 1 Securityexpressions Audit And Compliance Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue." | |||||
| CVE-2009-3033 | 1 Symantec | 3 Altiris Deployment Solution, Altiris Management Platform, Altiris Notification Server | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument. | |||||
| CVE-2009-3035 | 1 Symantec | 1 Altiris Notification Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials. | |||||
| CVE-2009-3041 | 1 Spip | 1 Spip | 2017-08-17 | 7.5 HIGH | N/A |
| SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009. | |||||
| CVE-2009-3081 | 1 Uiga | 1 Church Portal | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the month parameter in a calendar action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3102 | 1 Zmanda | 1 Zrm For My Sql | 2017-08-17 | 10.0 HIGH | N/A |
| The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable. | |||||
| CVE-2009-3104 | 1 Symantec | 4 Antivirus, Client Security, Norton Antivirus and 1 more | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors. | |||||
| CVE-2009-3105 | 1 Ibm | 1 Domino Web Access | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC. | |||||
| CVE-2009-3106 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application. | |||||
| CVE-2009-3121 | 2 Chris Shattuck, Drupal | 2 Ajaxtable, Drupal | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3122 | 2 Chris Shattuck, Drupal | 2 Ajaxtable, Drupal | 2017-08-17 | 6.4 MEDIUM | N/A |
| The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors. | |||||
| CVE-2009-3123 | 1 Visavi | 1 Wap-motor | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the image parameter. | |||||
| CVE-2009-3146 | 1 Articlefriend | 1 Articlefriend Script | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search_advance.php in ArticleFriend Script allows remote attackers to inject arbitrary web script or HTML via the SearchWd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3152 | 1 Nt | 1 Bbs E-market | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action. | |||||
| CVE-2009-3153 | 1 X10media | 1 Mp3 Search Engine | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php. | |||||
| CVE-2009-3156 | 2 Drupal, Karen Stevenson | 2 Drupal, Date | 2017-08-17 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field. | |||||
| CVE-2009-3183 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2009-3202 | 1 Uloki | 1 Uloki Php Forum | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Forum 2.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter. | |||||
| CVE-2009-3203 | 1 Ajsquare | 1 Aj Auction Pro-oopd | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-3204 | 1 Stivaforum | 1 Stiva Forum | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) demo.php and (2) forum.php, and the PATH_INFO to (3) include_forum.php. | |||||
| CVE-2009-3205 | 1 Cbauthority | 1 Cbauthority | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action. | |||||
| CVE-2009-3206 | 2 Drewish, Drupal | 2 Imagecache, Drupal | 2017-08-17 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3207 | 2 Drewish, Drupal | 2 Imagecache, Drupal | 2017-08-17 | 6.8 MEDIUM | N/A |
| The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename. | |||||