Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2795 | 1 Joachim Fritschi | 1 Phpcas | 2017-08-17 | 4.0 MEDIUM | N/A |
| phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value. | |||||
| CVE-2010-2796 | 1 Joachim Fritschi | 1 Phpcas | 2017-08-17 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL. | |||||
| CVE-2010-2809 | 1 Uzbl | 1 Uzbl | 2017-08-17 | 6.8 MEDIUM | N/A |
| The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document. | |||||
| CVE-2010-2810 | 1 Lynx | 1 Lynx | 2017-08-17 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name. | |||||
| CVE-2010-2813 | 1 Squirrelmail | 1 Squirrelmail | 2017-08-17 | 5.0 MEDIUM | N/A |
| functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. | |||||
| CVE-2010-2844 | 1 Newanz | 1 Newsoffice | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in news_show.php in Newanz NewsOffice 2.0.18 allows remote attackers to inject arbitrary web script or HTML via the n-cat parameter. | |||||
| CVE-2010-2845 | 2 Joomla, Schlu.net | 2 Joomla\!, Com Quickfaq | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php. | |||||
| CVE-2010-2849 | 1 Nusoftware | 1 Nubuilder | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter. | |||||
| CVE-2010-2850 | 1 Nusoftware | 1 Nubuilder | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. | |||||
| CVE-2010-2852 | 1 Runcms | 1 Runcms | 2017-08-17 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2010-2853 | 1 Iscripts | 1 Visualcaster | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | |||||
| CVE-2010-2856 | 1 Oscss | 1 Oscss | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/currencies.php in osCSS 1.2.2, and probably earlier versions, allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2010-2857 | 1 Danieljamesscott | 1 Com Music | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html. | |||||
| CVE-2010-2904 | 1 Sap | 2 Netweaver, System Landscape Directory | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. | |||||
| CVE-2010-2905 | 2 Brotherscripts, Scriptsfeed | 2 Scripts Directory, Scripts Directory | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2906 | 2 Brotherscripts, Scriptsfeed | 2 Scripts Directory, Scripts Directory | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in articlesdetails.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-2905. | |||||
| CVE-2010-2907 | 2 Huruhelpdesk, Joomla | 2 Com Huruhelpdesk, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php. | |||||
| CVE-2010-2908 | 2 Joomdle, Joomla | 2 Com Joomdle, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php. | |||||
| CVE-2010-2910 | 2 Alexred, Joomla | 2 Com Oziogallery, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2010-2911 | 1 Kayako | 1 Esupport | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action. | |||||
| CVE-2010-2912 | 1 Kayako | 1 Esupport | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action. | |||||
| CVE-2010-2913 | 2 Apple, Citibank | 2 Iphone Os, Citi Mobile | 2017-08-17 | 2.1 LOW | N/A |
| The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer. | |||||
| CVE-2010-2915 | 1 Ajsquare | 1 Aj Hyip | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2916 | 1 Ajsquare | 1 Aj Hyip | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2917 | 1 Ajsquare | 1 Aj Article | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2918 | 2 Joomla, Visocrea | 2 Joomla\!, Com Joomla Visites | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2010-2919 | 2 Joomla, Joomlaxt | 2 Joomla\!, Com Staticxt | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2010-2920 | 2 Foobla, Joomla | 2 Com Foobla Suggestions, Joomla\! | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. | |||||
| CVE-2010-2921 | 2 Joomla, Photoindochina | 2 Joomla\!, Com Golfcourseguide | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php. | |||||
| CVE-2010-2922 | 1 Ali Kenan | 1 Aky Blog | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2923 | 2 Joomla, Prasanna | 2 Joomla\!, Com Youtube | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php. | |||||
| CVE-2010-2924 | 2 Silvercover, Wordpress | 2 Mylinksdump Plugin, Wordpress | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2925 | 1 Openfreeway | 1 Freeway | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter. | |||||
| CVE-2010-2926 | 1 Solucija | 1 Snews | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2010-2927 | 1 Ibm | 1 Tivoli Directory Server | 2017-08-17 | 5.0 MEDIUM | N/A |
| The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts. | |||||
| CVE-2010-2929 | 1 Pharscape | 1 Hsolink | 2017-08-17 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the (1) route, (2) mv, and (3) cp programs, a different vulnerability than CVE-2010-1671. | |||||
| CVE-2010-2930 | 1 Pharscape | 1 Hsolink | 2017-08-17 | 7.2 HIGH | N/A |
| Multiple stack-based buffer overflows in hsolinkcontrol in hsolink 1.0.118 allow local users to gain privileges via long command-line arguments, a different vulnerability than CVE-2010-1671. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2932 | 1 Barcodewiz | 1 Barcode Activex Control | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument to the LoadProperties method. | |||||
| CVE-2010-2933 | 1 Avscripts | 1 Av Arcade | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote attackers to execute arbitrary SQL commands via the ava_code cookie to the "main page," related to index.php and the login task. | |||||
| CVE-2010-2940 | 1 Fedoraproject | 1 Sssd | 2017-08-17 | 5.1 MEDIUM | N/A |
| The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password. | |||||
| CVE-2010-2941 | 1 Apple | 1 Cups | 2017-08-17 | 7.9 HIGH | N/A |
| ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | |||||
| CVE-2010-3022 | 1 Drupal | 1 Devel Module | 2017-08-17 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL. | |||||
| CVE-2010-3024 | 1 Hulihanapplications | 1 Diamondlist | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration. | |||||
| CVE-2010-3028 | 2 Joomla, Simon Philips | 2 Joomla, Aardvertiser | 2017-08-17 | 3.6 LOW | N/A |
| The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. | |||||
| CVE-2010-3035 | 1 Cisco | 1 Ios Xr | 2017-08-17 | 5.0 MEDIUM | N/A |
| Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211. | |||||
| CVE-2010-3041 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2017-08-17 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3042, CVE-2010-3043, and CVE-2010-3044. | |||||
| CVE-2010-3042 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2017-08-17 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044. | |||||
| CVE-2010-3043 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2017-08-17 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044. | |||||
| CVE-2010-3044 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2017-08-17 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043. | |||||
| CVE-2010-3082 | 1 Djangoproject | 1 Django | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie. | |||||