CVE Daily
← All years

All CVEs — 2010

Page 22/25.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2010-03-08
High

CVE-2010-0946

SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid para…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-0945

SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-0944

Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.ph…

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2010-0943

Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowc…

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2010-0942

Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.…

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2010-0941

Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-0940

Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-0938

Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-0936

Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname para…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2009-4679

Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot do…

CVSS: 7.5 CWE: CWE-22
Read more
Medium

CVE-2009-4678

Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2009-4677

Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Forum ohne 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of…

CVSS: 4.3 CWE: CWE-79
Read more
2010-03-05
High

CVE-2010-0934

The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjuncti…

CVSS: 7.1 CWE: CWE-78
Read more
Medium

CVE-2010-0933

Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.

CVSS: 6.8 CWE: CWE-22
Read more
Medium

CVE-2010-0932

The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command.

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2010-0931

The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value.

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2010-0929

The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff,…

CVSS: 5.0 CWE: CWE-20
Read more
Low

CVE-2010-0792

fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file.

CVSS: 1.9 CWE: CWE-59
Read more
High

CVE-2010-0572

Cisco Digital Media Manager (DMM) before 5.2 allows remote authenticated users to discover Cisco Digital Media Player credentials via vectors related to reading a (1) error log or (2) stack trace, ak…

CVSS: 7.1 CWE: CWE-200
Read more
Medium

CVE-2010-0434

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumsta…

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2010-0433

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which…

CVSS: 4.3 CWE: CWE-20
Read more
High

CVE-2010-0302

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epol…

CVSS: 7.5 CWE: CWE-416
Read more
Critical

CVE-2009-4676

Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long title in a FLAC file. NOTE: the provenance of this i…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2009-3245

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, wh…

CVSS: 10.0 CWE: CWE-20
Read more
High

CVE-2009-4675

admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not require administrative authentication, which allows remote attackers to change the admin password via…

CVSS: 7.5 CWE: CWE-287
Read more
High

CVE-2009-4673

SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2009-4672

Directory traversal vulnerability in main.php in the WP-Lytebox plugin 1.3 for WordPress allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pg parameter.

CVSS: 7.5 CWE: CWE-22
Read more
High

CVE-2009-4671

Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account.

CVSS: 7.5 CWE: CWE-287
Read more
High

CVE-2009-4670

admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room…

CVSS: 7.5 CWE: CWE-287
Read more
High

CVE-2009-4669

Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to chang…

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2009-4668

Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of these details…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2009-4667

SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter.

CVSS: 6.5 CWE: CWE-89
Read more
High

CVE-2009-4666

Multiple PHP remote file inclusion vulnerabilities in Webradev Download Protect 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[RootPath] parameter to (1) Framework/…

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2009-4665

Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the file…

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2010-0927

Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web scri…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2009-2753

Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10…

CVSS: 10.0 CWE: CWE-119
Read more
2010-03-03
Low

CVE-2009-4664

Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.

CVSS: 3.3 CWE: CWE-59
Read more
Critical

CVE-2009-4663

Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX control allows remote attackers to execute arbitrary code via a long argument to the AddAttachment method.

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2009-4662

Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via t…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2009-4661

Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handl…

CVSS: 4.3 CWE: CWE-119
Read more
Critical

CVE-2009-4660

Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to execute arbitrary code via a long GET request to TCP port 6660.

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2009-4658

Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authen…

CVSS: 4.0 CWE: CWE-20
Read more
High

CVE-2009-4657

The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated…

CVSS: 7.5 CWE: CWE-287
Read more
Critical

CVE-2009-4656

Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and po…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2010-0923

Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an una…

CVSS: 6.9 CWE: CWE-362
Read more
Medium

CVE-2010-0921

Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecif…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2010-0920

Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vect…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-0919

Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP…

CVSS: 7.6 CWE: CWE-119
Read more
High

CVE-2010-0917

Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbit…

CVSS: 7.6 CWE: CWE-119
Read more
High

CVE-2010-0483

vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute ar…

CVSS: 7.6 CWE: CWE-94
Read more
Medium

CVE-2010-0205

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a dispropo…

CVSS: 4.3 CWE: CWE-400
Read more
Low

CVE-2010-0156

Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or…

CVSS: 3.3 CWE: CWE-59
Read more
2010-03-02
Medium

CVE-2010-0804

Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter in a products action.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-0803

SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-0802

SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view actio…

CVSS: 7.5 CWE: CWE-89
Read more
Low

CVE-2010-0801

Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary fil…

CVSS: 3.5 CWE: CWE-22
Read more
High

CVE-2010-0800

SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id param…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-0799

Directory traversal vulnerability in misc/tell_a_friend/tell.php in phpunity.newsmanager allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

CVSS: 5.0 CWE: CWE-22
Read more
High

CVE-2010-0798

SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-0797

Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-0796

SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to i…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-0795

SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-0726

Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vecto…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2010-0789

fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.

CVSS: 3.3 CWE: CWE-59
Read more
Medium

CVE-2010-0788

ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.

CVSS: 4.4 CWE: CWE-59
Read more
Medium

CVE-2010-0787

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a sym…

CVSS: 4.4 CWE: CWE-59
Read more
High

CVE-2010-0764

SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-0763

SQL injection vulnerability in index.php in CommodityRentals Vacation Rental Software allows remote attackers to execute arbitrary SQL commands via the rental_id parameter in a CalendarView action.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-0762

SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-0761

SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action.

CVSS: 7.5 CWE: CWE-89
Read more
2010-02-27
Medium

CVE-2010-0760

Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequ…

CVSS: 6.8 CWE: CWE-22
Read more
High

CVE-2010-0759

Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and…

CVSS: 7.5 CWE: CWE-22
Read more
High

CVE-2010-0758

SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-0756

Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_…

CVSS: 5.8 CWE: CWE-287
Read more
High

CVE-2010-0755

PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter.

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2010-0754

Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-0753

SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE:…

CVSS: 7.5 CWE: CWE-89
Read more
2010-02-26
Medium

CVE-2010-0725

Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-0724

SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-0723

SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-0722

SQL injection vulnerability in news.php in Php Auktion Pro allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-0721

SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-0720

SQL injection vulnerability in news.php in Erotik Auktionshaus allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-0719

An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denia…

CVSS: 4.7 CWE: CWE-20
Read more
Medium

CVE-2010-0718

Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file.

CVSS: 4.3 CWE: CWE-119
Read more
Low

CVE-2010-0716

_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2010-0714

Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-0667

MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain s…

CVSS: 5.0 CWE: CWE-200
Read more
Critical

CVE-2009-4654

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a s…

CVSS: 9.0 CWE: CWE-119
Read more
Critical

CVE-2009-4653

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrar…

CVSS: 9.0 CWE: CWE-119
Read more
Medium

CVE-2010-0713

Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests tha…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2010-0712

Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the…

CVSS: 6.5 CWE: CWE-89
Read more
2010-02-25
Medium

CVE-2010-0711

Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administr…

CVSS: 6.8 CWE: CWE-352
Read more
High

CVE-2010-0710

SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-0709

Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address o…

CVSS: 6.8 CWE: CWE-352
Read more
Low

CVE-2010-0424

The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial o…

CVSS: 3.3 CWE: CWE-59
Read more
Medium

CVE-2010-0707

Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create n…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2010-0706

Cross-site scripting (XSS) vulnerability in the login/prompt component in Subex Nikira Fraud Management System allows remote attackers to inject arbitrary web script or HTML via the message parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-0705

Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial…

CVSS: 7.2 CWE: CWE-20
Read more
Medium

CVE-2010-0704

Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field.

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2010-0620

Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and conseq…

CVSS: 9.3 CWE: CWE-22
Read more
Low

CVE-2010-0119

Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its argum…

CVSS: 2.1 CWE: CWE-200
Read more
Low

CVE-2010-0118

Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check.

CVSS: 3.3 CWE: CWE-59
Read more
2010-02-24
Low

CVE-2010-0640

Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HT…

CVSS: 2.6 CWE: CWE-79
Read more
Medium

CVE-2010-0420

libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denia…

CVSS: 4.3 CWE: CWE-20
Read more
2010-02-23
Medium

CVE-2010-0703

Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-0702

SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-0701

SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-0700

Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-0699

Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-0698

SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are o…

CVSS: 7.5 CWE: CWE-89
Read more
Low

CVE-2010-0697

Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload fil…

CVSS: 3.5 CWE: CWE-79
Read more
Critical

CVE-2010-0189

A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are…

CVSS: 9.3 CWE: CWE-20
Read more
Medium

CVE-2010-0147

SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitr…

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2010-0146

Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.

CVSS: 6.8 CWE: CWE-22
Read more
Critical

CVE-2010-0107

Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2009-3036

Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-0696

Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../..…

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2010-0695

Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-0694

SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad…

CVSS: 7.5 CWE: CWE-89
Read more