Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1362 | 2 Ben Jeavons, Drupal | 2 Ownterm, Drupal | 2010-04-14 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page. | |||||
| CVE-2009-4766 | 1 Yasirpro | 1 Ms-pro Portal Scripti | 2010-04-14 | 5.0 MEDIUM | N/A |
| YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for galeri/database/db.mdb. | |||||
| CVE-2009-4765 | 1 Cnr.somee | 1 Hikaye Portal | 2010-04-14 | 5.0 MEDIUM | N/A |
| CNR Hikaye Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/hikaye.mdb. | |||||
| CVE-2010-1358 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2010-04-14 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1359 | 2 Bluegate, Xt-commerce | 2 Direct Url, Xt\ | 2010-04-14 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL module for xt:Commerce, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the coID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1365 | 1 Uiga | 1 Fan Club | 2010-04-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. | |||||
| CVE-2010-1367 | 1 Uiga | 1 Fan Club | 2010-04-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_login.php in Uiga Fan Club, as downloaded on 20100310, allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name and (2) admin_password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1370 | 1 Preprojects | 1 Pre Classified Listings Asp | 2010-04-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detailad.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the siteid parameter. | |||||
| CVE-2010-1352 | 2 Jooforge, Joomla | 2 Com Jukebox, Joomla\! | 2010-04-13 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0579 | 1 Cisco | 1 Ios | 2010-04-13 | 7.8 HIGH | N/A |
| The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability." | |||||
| CVE-2010-0580 | 1 Cisco | 1 Ios | 2010-04-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability." | |||||
| CVE-2010-0581 | 1 Cisco | 1 Ios | 2010-04-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability." | |||||
| CVE-2010-0582 | 1 Cisco | 1 Ios | 2010-04-13 | 7.8 HIGH | N/A |
| Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962. | |||||
| CVE-2010-1149 | 1 Freedesktop | 1 Udisks | 2010-04-13 | 2.1 LOW | N/A |
| probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/. | |||||
| CVE-2010-1334 | 1 Pulsecms | 1 Pulse Cms | 2010-04-12 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory, a different vulnerability than CVE-2010-0993. | |||||
| CVE-2010-1339 | 2 Robertotto, Woltlab | 2 Teamsite Hack Plugin, Burning Board | 2010-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1342 | 1 Directnews | 1 Direct News | 2010-04-12 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to (1) admin/menu.php and (2) library/lib.menu.php; and the adminroot parameter to (3) admin/media/update_content.php and (4) library/class.backup.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1345 | 2 Cookex, Joomla | 2 Com Ckforms, Joomla\! | 2010-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1310 | 1 Opera | 1 Opera Browser | 2010-04-09 | 5.0 MEDIUM | N/A |
| Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages. | |||||
| CVE-2010-0513 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. | |||||
| CVE-2010-1308 | 2 Joomla, La-souris-verte | 2 Joomla\!, Com Svmap | 2010-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1309 | 1 Ermenegildo Fiorito | 1 Irmin Cms | 2010-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w parameter to index.php. | |||||
| CVE-2010-1313 | 2 Joomla, Seber | 2 Joomla\!, Com Sebercart | 2010-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1314 | 2 Joomla, Joomlanook | 2 Joomla\!, Com Hsconfig | 2010-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0400 | 1 Mahara | 1 Mahara | 2010-04-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username. | |||||
| CVE-2008-7254 | 1 Ermenegildo Fiorito | 1 Irmin Cms | 2010-04-08 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in includes/template-loader.php in Irmin CMS (formerly Pepsi CMS) 0.5 and 0.6 BETA2, when register_globals is enabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the _Root_Path parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1302 | 2 Decryptweb, Joomla | 2 Com Dwgraphs, Joomla\! | 2010-04-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. | |||||
| CVE-2010-1265 | 2 Ekith, Joomla | 2 Com Dcs Flashgames, Joomla\! | 2010-04-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2010-1267 | 1 Kjetiltroan | 1 Webmaid Cms | 2010-04-07 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php. | |||||
| CVE-2010-1276 | 1 Bbsxp | 1 Bbsxp | 2010-04-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) Admin_Default.asp, (4) Bank.asp, (5) Manage.asp, and (6) ShowPost.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1298 | 1 Pulsecms | 1 Pulse Cms | 2010-04-07 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to read arbitrary files via directory traversal sequences in the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1144 | 2010-04-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0751, CVE-2010-1277. Reason: this candidate was intended for one issue, but it was accidentally assigned to two different issues, one for libnids and another for Zabbix. Notes: All CVE users should consult CVE-2010-0751 (libnids) and CVE-2010-1277 (Zabbix) to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2007-6735 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 7.5 HIGH | N/A |
| NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session. | |||||
| CVE-2003-1592 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password. | |||||
| CVE-2003-1593 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 7.5 HIGH | N/A |
| NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection. | |||||
| CVE-2003-1594 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 7.5 HIGH | N/A |
| NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session. | |||||
| CVE-2003-1595 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 10.0 HIGH | N/A |
| NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors. | |||||
| CVE-2004-2767 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 4.3 MEDIUM | N/A |
| NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session. | |||||
| CVE-2005-4887 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 7.5 HIGH | N/A |
| NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords. | |||||
| CVE-2005-4888 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 5.0 MEDIUM | N/A |
| NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in the Not-Logged-In state after each session is completed. | |||||
| CVE-2007-6734 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-06 | 4.0 MEDIUM | N/A |
| NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors. | |||||
| CVE-2010-1239 | 1 Foxitsoftware | 1 Foxit Reader | 2010-04-06 | 9.3 HIGH | N/A |
| Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836. | |||||
| CVE-2000-1246 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-05 | 3.5 LOW | N/A |
| NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command. | |||||
| CVE-2000-1245 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-05 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vectors. | |||||
| CVE-2001-1587 | 1 Novell | 1 Netware | 2010-04-05 | 5.0 MEDIUM | N/A |
| NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command. | |||||
| CVE-2002-2432 | 1 Novell | 2 Netware, Netware Ftp Server | 2010-04-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via a crafted username. | |||||
| CVE-2009-2288 | 1 Nagios | 1 Nagios | 2010-04-03 | 7.5 HIGH | N/A |
| statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. | |||||
| CVE-2006-2789 | 1 Gnome | 1 Evolution | 2010-04-02 | 2.6 LOW | N/A |
| Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. | |||||
| CVE-2006-1655 | 1 Mpg123 | 1 Mpg123 | 2010-04-02 | 6.5 MEDIUM | N/A |
| Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear. | |||||
| CVE-2005-4828 | 1 Kolab | 1 Kolab Groupware Server | 2010-04-02 | 6.4 MEDIUM | N/A |
| Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability. | |||||