Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2049 | 1 Manageengine | 1 Adaudit Plus | 2010-05-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-2051 | 1 Debliteck | 1 Dbcart | 2010-05-25 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in Debliteck DBCart allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2077 | 2010-05-25 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1640. Reason: This candidate is a duplicate of CVE-2010-1640. Notes: All CVE users should reference CVE-2010-1640 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2010-0559 | 1 Sun | 1 Opensolaris | 2010-05-24 | 7.5 HIGH | N/A |
| The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain. | |||||
| CVE-2009-4498 | 1 Zabbix | 1 Zabbix | 2010-05-24 | 6.8 MEDIUM | N/A |
| The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2009-2268 | 1 Sun | 1 Java System Access Manager | 2010-05-24 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2001-1268 | 1 Info-zip | 1 Unzip | 2010-05-24 | 2.1 LOW | N/A |
| Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. | |||||
| CVE-2001-1269 | 1 Info-zip | 1 Unzip | 2010-05-24 | 2.1 LOW | N/A |
| Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. | |||||
| CVE-2001-1409 | 1 Xfree86 Project | 1 Xfree86 X Server | 2010-05-24 | 3.6 LOW | N/A |
| dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system. | |||||
| CVE-2010-2012 | 1 Sebrac.webcindario | 1 Migascms | 2010-05-24 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2014 | 1 Createch-group | 1 Lisk Cms | 2010-05-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cp/list_content.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the cl or possibly id parameter. | |||||
| CVE-2010-2015 | 1 Createch-group | 1 Lisk Cms | 2010-05-24 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a view_inbox action to cp/cp_messages.php or (2) the id parameter to cp/edit_email.php. | |||||
| CVE-2010-2017 | 1 Bukulokomedia | 1 Lokomedia Cms | 2010-05-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to inject arbitrary web script or HTML via the kata parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2019 | 1 Bukulokomedia | 1 Lokomedia Cms | 2010-05-24 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4826 | 1 Scriptsez | 1 Mini Hosting Panel | 2010-05-23 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action. | |||||
| CVE-2009-4827 | 1 Scriptez | 1 Mail Manager Pro | 2010-05-23 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action. | |||||
| CVE-2009-4828 | 1 Phpwebscripts | 1 Ad Manager Pro | 2010-05-23 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0538 | 1 Apple | 2 Java, Mac Os X | 2010-05-23 | 6.8 MEDIUM | N/A |
| Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package. | |||||
| CVE-2010-0539 | 1 Apple | 3 Java 1.5, Java 1.6, Mac Os X | 2010-05-23 | 6.8 MEDIUM | N/A |
| Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet. | |||||
| CVE-2010-1533 | 2 Joomla, Peter Hocherl | 2 Joomla\!, Com Tweetla | 2010-05-23 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||