Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2084 | 1 Microsoft | 1 Asp.net | 2010-05-28 | 4.3 MEDIUM | N/A |
| Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute. | |||||
| CVE-2010-2085 | 1 Microsoft | 1 .net Framework | 2010-05-28 | 4.3 MEDIUM | N/A |
| The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter. | |||||
| CVE-2010-2086 | 1 Apache | 1 Myfaces | 2010-05-28 | 4.0 MEDIUM | N/A |
| Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. | |||||
| CVE-2010-2088 | 1 Microsoft | 1 Asp.net | 2010-05-28 | 4.3 MEDIUM | N/A |
| ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter. | |||||
| CVE-2010-2095 | 1 Cmsqlite | 1 Cmsqlite | 2010-05-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
| CVE-2010-2096 | 1 Cmsqlite | 1 Cmsqlite | 2010-05-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. | |||||
| CVE-2010-2099 | 1 E107 | 1 E107 | 2010-05-28 | 7.5 HIGH | N/A |
| bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method. | |||||
| CVE-2010-1151 | 1 Apache | 1 Apache Http Server | 2010-05-27 | 6.8 MEDIUM | N/A |
| Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials. | |||||
| CVE-2009-4762 | 1 Moinmo | 1 Moinmoin | 2010-05-27 | 7.5 HIGH | N/A |
| MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603. | |||||
| CVE-2009-4879 | 1 Novell | 1 Access Manager | 2010-05-27 | 4.3 MEDIUM | N/A |
| The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions. | |||||
| CVE-2010-2025 | 1 Cisco | 1 Scientific Atlanta Webstar Dpc2100r2 | 2010-05-27 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl. | |||||
| CVE-2010-2026 | 1 Cisco | 1 Scientific Atlanta Webstar Dpc2100r2 | 2010-05-27 | 6.4 MEDIUM | N/A |
| The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page. | |||||
| CVE-2010-2082 | 1 Cisco | 1 Scientific Atlanta Webstar Dpc2100r2 | 2010-05-27 | 5.0 MEDIUM | N/A |
| The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access. | |||||
| CVE-2010-2083 | 1 Microsoft | 1 Dynamics Gp | 2010-05-27 | 4.0 MEDIUM | N/A |
| Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2009-4873 | 1 Rhinosoft | 1 Serv-u | 2010-05-26 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie. | |||||
| CVE-2010-2036 | 2 Joomla, Percha | 2 Joomla\!, Com Perchafieldsattach | 2010-05-26 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1629 | 1 Phorum | 1 Phorum | 2010-05-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address. | |||||
| CVE-2010-1745 | 2010-05-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1867. Reason: This candidate is a duplicate of CVE-2010-1867. Notes: All CVE users should reference CVE-2010-1867 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-4803 | 2 Andreas Schwarzkopf, Typo3 | 2 Accessibility Glossary, Typo3 | 2010-05-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-1486 | 1 Cactushop | 1 Cactushop | 2010-05-26 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address. | |||||
| CVE-2010-1495 | 2 Joomla, Matamko | 2 Joomla\!, Com Matamko | 2010-05-26 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-2033 | 2 Joomla, Percha | 2 Joomla\!, Com Perchacategoriestree | 2010-05-26 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-2034 | 2 Joomla, Percha | 2 Joomla\!, Com Perchaimageattach | 2010-05-26 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-2035 | 2 Joomla, Percha | 2 Joomla\!, Com Perchagallery | 2010-05-26 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-2037 | 2 Joomla, Percha | 2 Joomla\!, Com Perchadownloadsattach | 2010-05-26 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-2042 | 1 Shopex | 1 Ecshop | 2010-05-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2046 | 2 Activehelper, Joomla | 2 Com Activehelper Livehelp, Joomla\! | 2010-05-26 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via (1) the DOMAINID parameter to server/cookies.php or (2) the SERVER parameter to server/index.php. | |||||
| CVE-2010-2049 | 1 Manageengine | 1 Adaudit Plus | 2010-05-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-2051 | 1 Debliteck | 1 Dbcart | 2010-05-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in Debliteck DBCart allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2077 | 2010-05-25 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1640. Reason: This candidate is a duplicate of CVE-2010-1640. Notes: All CVE users should reference CVE-2010-1640 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2010-0559 | 1 Sun | 1 Opensolaris | 2010-05-25 | 7.5 HIGH | N/A |
| The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain. | |||||
| CVE-2009-4498 | 1 Zabbix | 1 Zabbix | 2010-05-25 | 6.8 MEDIUM | N/A |
| The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2009-2268 | 1 Sun | 1 Java System Access Manager | 2010-05-25 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2001-1268 | 1 Info-zip | 1 Unzip | 2010-05-25 | 2.1 LOW | N/A |
| Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. | |||||
| CVE-2001-1269 | 1 Info-zip | 1 Unzip | 2010-05-25 | 2.1 LOW | N/A |
| Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. | |||||
| CVE-2001-1409 | 1 Xfree86 Project | 1 Xfree86 X Server | 2010-05-25 | 3.6 LOW | N/A |
| dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system. | |||||
| CVE-2006-7239 | 1 Gnu | 1 Gnutls | 2010-05-25 | 5.0 MEDIUM | N/A |
| The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. | |||||
| CVE-2010-2012 | 1 Sebrac.webcindario | 1 Migascms | 2010-05-24 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2014 | 1 Createch-group | 1 Lisk Cms | 2010-05-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cp/list_content.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the cl or possibly id parameter. | |||||
| CVE-2010-2015 | 1 Createch-group | 1 Lisk Cms | 2010-05-24 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a view_inbox action to cp/cp_messages.php or (2) the id parameter to cp/edit_email.php. | |||||
| CVE-2010-2017 | 1 Bukulokomedia | 1 Lokomedia Cms | 2010-05-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to inject arbitrary web script or HTML via the kata parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2019 | 1 Bukulokomedia | 1 Lokomedia Cms | 2010-05-24 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4826 | 1 Scriptsez | 1 Mini Hosting Panel | 2010-05-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action. | |||||
| CVE-2009-4827 | 1 Scriptez | 1 Mail Manager Pro | 2010-05-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action. | |||||
| CVE-2009-4828 | 1 Phpwebscripts | 1 Ad Manager Pro | 2010-05-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0538 | 1 Apple | 2 Java, Mac Os X | 2010-05-24 | 6.8 MEDIUM | N/A |
| Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package. | |||||
| CVE-2010-0539 | 1 Apple | 3 Java 1.5, Java 1.6, Mac Os X | 2010-05-24 | 6.8 MEDIUM | N/A |
| Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet. | |||||
| CVE-2010-1533 | 2 Joomla, Peter Hocherl | 2 Joomla\!, Com Tweetla | 2010-05-24 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1535 | 2 Joomla, Peter Hocherl | 2 Joomla\!, Com Travelbook | 2010-05-24 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1540 | 2 Joomla, Myblog | 2 Joomla\!, Com Myblog | 2010-05-24 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. NOTE: some of these details are obtained from third party information. | |||||