Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2457 | 1 Qsoft-inc | 1 K-search | 2010-07-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in K-Search allows remote attackers to inject arbitrary web script or HTML via the term parameter. | |||||
| CVE-2010-2465 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2010-07-12 | 5.0 MEDIUM | N/A |
| The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests. | |||||
| CVE-2010-0584 | 1 Cisco | 1 Ios | 2010-07-12 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250. | |||||
| CVE-2009-4677 | 1 Frank-karau | 1 Phpfk Php Forum | 2010-07-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Forum ohne 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-2689 | 1 Internetdm | 1 Webdm Cms | 2010-07-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS allows remote attackers to execute arbitrary SQL commands via the cf_id parameter. | |||||
| CVE-2010-2694 | 2 Joomla, Redcomponent | 2 Joomla\!, Com Redshop | 2010-07-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php. | |||||
| CVE-2010-2699 | 1 Edgephp | 1 Clickbank Affiliate Marketplace Script | 2010-07-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2010-2700 | 1 Edgephp | 1 Clickbank Affiliate Marketplace Script | 2010-07-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2010-2448 | 1 Znc | 1 Znc | 2010-07-12 | 3.5 LOW | N/A |
| znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell. | |||||
| CVE-2009-4926 | 1 Esoftpro | 1 Online Contact Manager | 2010-07-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php. | |||||
| CVE-2009-4934 | 1 Esoftpro | 1 Online Photo Pro | 2010-07-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | |||||
| CVE-2010-2681 | 1 Joomla | 2 Com Sef, Joomla\! | 2010-07-12 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php. | |||||
| CVE-2010-2683 | 1 Customerparadigm | 1 Pagedirector Cms | 2010-07-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in result.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the sub_catid parameter. | |||||
| CVE-2010-2690 | 2 Jooforge, Joomla | 2 Com Gamesbox, Joomla\! | 2010-07-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php. | |||||
| CVE-2010-2671 | 1 Ez | 1 Ez Publish | 2010-07-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter. | |||||
| CVE-2010-2672 | 1 Ez | 1 Ez Publish | 2010-07-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature. | |||||
| CVE-2010-2673 | 1 Devana | 1 Devana | 2010-07-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6887 | 1 Logahead | 1 Logahead Unu | 2010-07-06 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4641 | 1 Gnome | 1 Screensaver | 2010-07-06 | 7.2 HIGH | N/A |
| gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. | |||||
| CVE-2010-1670 | 1 Mahara | 1 Mahara | 2010-07-06 | 7.5 HIGH | N/A |
| Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information. | |||||