Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1921 | 1 Openmairie | 1 Openannuaire | 2010-05-13 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) annuaire.class.php, (2) droit.class.php, (3) collectivite.class.php, (4) profil.class.php, (5) direction.class.php, (6) service.class.php, (7) directiongenerale.class.php, and (8) utilisateur.class.php in obj/. | |||||
| CVE-2010-1925 | 1 Rifat Kurban | 1 Tekno.portal | 2010-05-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817. | |||||
| CVE-2010-1926 | 1 Openmairie | 1 Opencourrier | 2010-05-13 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in scr/soustab.php in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1927 | 1 Openmairie | 1 Opencourrier | 2010-05-13 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) bible.class.php, (2) dossier.class.php, (3) service.class.php, (4) collectivite.class.php, (5) droit.class.php, (6) tache.class.php, (7) emetteur.class.php, (8) utilisateur.class.php, (9) courrier.recherche.tab.class.php, and (10) profil.class.php in obj/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1934 | 1 Openmairie | 1 Openplanning | 2010-05-13 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php, (2) profil.class.php, (3) collectivite.class.php, (4) ressource.class.php, (5) droit.class.php, (6) utilisateur.class.php, and (7) planning.class.php in obj/. | |||||
| CVE-2010-1620 | 1 Gnustep | 1 Gnustep Base | 2010-05-12 | 7.2 HIGH | N/A |
| Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow. | |||||
| CVE-2010-1918 | 1 Efrontlearning | 1 Efront | 2010-05-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter. | |||||
| CVE-2010-1457 | 1 Gnustep | 1 Gnustep Base | 2010-05-12 | 4.9 MEDIUM | N/A |
| Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message. | |||||
| CVE-2010-1872 | 1 Tufat | 1 Flashcard | 2010-05-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1686 | 2 Abcbackup, Internet-soft | 2 Abc Backup, Urgent Backup | 2010-05-12 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive. | |||||
| CVE-2009-4858 | 1 Turnkeyforms | 1 Yahoo-answers-clone | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. | |||||
| CVE-2009-4859 | 1 Onlinetechtools.com | 1 Owos Lite | 2010-05-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp. | |||||
| CVE-2009-4861 | 1 Supportpro | 1 Supportdesk | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2009-4868 | 1 Hitronsoft | 1 Answer Me | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4869 | 1 Hitronsoft | 1 Nasim Guest Book | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2009-4375 | 1 Alienvault | 1 Open Source Security Information Management | 2010-05-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter. | |||||
| CVE-2009-4835 | 1 Mega-nerd | 1 Libsndfile | 2010-05-11 | 4.3 MEDIUM | N/A |
| The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file. | |||||
| CVE-2010-0401 | 1 Openttd | 1 Openttd | 2010-05-11 | 6.5 MEDIUM | N/A |
| OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet. | |||||
| CVE-2010-0406 | 1 Openttd | 1 Openttd | 2010-05-11 | 4.0 MEDIUM | N/A |
| OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map. | |||||
| CVE-2010-1279 | 1 Adobe | 1 Photoshop Cs4 | 2010-05-11 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. | |||||
| CVE-2010-1438 | 1 Mytty | 1 Webapplication Finger Printer | 2010-05-11 | 4.4 MEDIUM | N/A |
| Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by creating a file with a pathname that the product expects is available for its own internal use, (2) allows local users to overwrite arbitrary files via symlink attacks on certain files in /tmp, (3) might allow local users to delete arbitrary files and directories via a symlink attack on a directory under /tmp, and (4) might make it easier for local users to obtain sensitive information by reading files in a directory under /tmp, related to (a) lib/wafp_pidify.rb, (b) utils/generate_wafp_fingerprint.sh, (c) utils/online_update.sh, and (d) utils/extract_from_db.sh. | |||||
| CVE-2010-1732 | 1 Zikula | 1 Zikula Application Framework | 2010-05-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action). | |||||
| CVE-2010-1853 | 1 Transmissionbt | 1 Transmission | 2010-05-11 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links. | |||||
| CVE-2010-1868 | 1 Php | 1 Php | 2010-05-11 | 7.5 HIGH | N/A |
| The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. | |||||
| CVE-2009-4852 | 1 Festic | 1 Semanticscuttle | 2010-05-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1854 | 1 Phpscripte24 | 1 Pay Per Watch \& Bid Auktions System | 2010-05-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the id_auk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be resultant from CVE-2010-1855. | |||||
| CVE-2010-1856 | 1 Realitymedias | 1 Repairshop2 | 2010-05-10 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action. | |||||
| CVE-2010-1859 | 1 Deluxebb | 1 Deluxebb | 2010-05-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread. | |||||
| CVE-2010-1861 | 1 Php | 1 Php | 2010-05-10 | 6.4 MEDIUM | N/A |
| The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource. | |||||
| CVE-2010-1863 | 1 Clantiger | 1 Clantiger | 2010-05-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the shoutbox module (modules/shoutbox.php) in ClanTiger 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the s_email parameter. | |||||
| CVE-2010-1147 | 1 Roshan Singh | 1 Open Direct Connect Hub | 2010-05-08 | 6.0 MEDIUM | N/A |
| Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message. | |||||
| CVE-2010-1150 | 1 Mediawiki | 1 Mediawiki | 2010-05-08 | 6.0 MEDIUM | N/A |
| MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue. | |||||
| CVE-2010-0101 | 1 Lexmark | 61 25xxn, C510, C52x and 58 more | 2010-05-07 | 7.8 HIGH | N/A |
| The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header. | |||||
| CVE-2010-1737 | 1 Carlos Eduardo Sotelo Pinto | 1 0.1.0 | 2010-05-07 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter. | |||||
| CVE-2010-1730 | 2 Dolphin, Htc | 2 Dolphin Browser, Hero | 2010-05-06 | 5.0 MEDIUM | N/A |
| Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. | |||||
| CVE-2009-4605 | 1 Phpmyadmin | 1 Phpmyadmin | 2010-05-06 | 5.0 MEDIUM | N/A |
| scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | |||||
| CVE-2008-7251 | 1 Phpmyadmin | 1 Phpmyadmin | 2010-05-06 | 10.0 HIGH | N/A |
| libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. | |||||
| CVE-2010-0402 | 1 Openttd | 1 Openttd | 2010-05-05 | 6.5 MEDIUM | N/A |
| OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command. | |||||
| CVE-2010-1687 | 1 Mochasoft | 1 Mocha W32 Lpd | 2010-05-05 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs" request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1723 | 2 Joomla, Joomlacomponent.inetlanka | 2 Joomla\!, Com Drawroot | 2010-05-05 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-0594 | 1 Cisco | 1 Router And Security Device Manager | 2010-05-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467. | |||||
| CVE-2010-1701 | 1 Rocky.nu | 1 Php Video Battle Script | 2010-05-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2010-1705 | 1 Rocky.nu | 1 Modelbook | 2010-05-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter. | |||||
| CVE-2010-1707 | 1 Piwigo | 1 Piwigo | 2010-05-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters. | |||||
| CVE-2009-4823 | 1 Cpanel | 1 Cpanel | 2010-05-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter. | |||||
| CVE-2009-4631 | 1 Ffmpeg | 1 Ffmpeg | 2010-05-04 | 9.3 HIGH | N/A |
| Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption. | |||||
| CVE-2009-4638 | 1 Ffmpeg | 1 Ffmpeg | 2010-05-04 | 4.3 MEDIUM | N/A |
| Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2009-1859 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2010-05-04 | 9.3 HIGH | N/A |
| Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | |||||
| CVE-2009-1861 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2010-05-04 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption. | |||||
| CVE-2009-0510 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2010-05-04 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889. | |||||