Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1872 | 1 Tufat | 1 Flashcard | 2010-05-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1686 | 2 Abcbackup, Internet-soft | 2 Abc Backup, Urgent Backup | 2010-05-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive. | |||||
| CVE-2009-4858 | 1 Turnkeyforms | 1 Yahoo-answers-clone | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. | |||||
| CVE-2009-4859 | 1 Onlinetechtools.com | 1 Owos Lite | 2010-05-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp. | |||||
| CVE-2009-4861 | 1 Supportpro | 1 Supportdesk | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2009-4868 | 1 Hitronsoft | 1 Answer Me | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4869 | 1 Hitronsoft | 1 Nasim Guest Book | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2009-4375 | 1 Alienvault | 1 Open Source Security Information Management | 2010-05-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter. | |||||
| CVE-2009-4835 | 1 Mega-nerd | 1 Libsndfile | 2010-05-10 | 4.3 MEDIUM | N/A |
| The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file. | |||||
| CVE-2010-0401 | 1 Openttd | 1 Openttd | 2010-05-10 | 6.5 MEDIUM | N/A |
| OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet. | |||||
| CVE-2010-0406 | 1 Openttd | 1 Openttd | 2010-05-10 | 4.0 MEDIUM | N/A |
| OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map. | |||||
| CVE-2010-1279 | 1 Adobe | 1 Photoshop Cs4 | 2010-05-10 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. | |||||
| CVE-2010-1438 | 1 Mytty | 1 Webapplication Finger Printer | 2010-05-10 | 4.4 MEDIUM | N/A |
| Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by creating a file with a pathname that the product expects is available for its own internal use, (2) allows local users to overwrite arbitrary files via symlink attacks on certain files in /tmp, (3) might allow local users to delete arbitrary files and directories via a symlink attack on a directory under /tmp, and (4) might make it easier for local users to obtain sensitive information by reading files in a directory under /tmp, related to (a) lib/wafp_pidify.rb, (b) utils/generate_wafp_fingerprint.sh, (c) utils/online_update.sh, and (d) utils/extract_from_db.sh. | |||||
| CVE-2010-1732 | 1 Zikula | 1 Zikula Application Framework | 2010-05-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action). | |||||
| CVE-2010-1853 | 1 Transmissionbt | 1 Transmission | 2010-05-10 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links. | |||||
| CVE-2010-1868 | 1 Php | 1 Php | 2010-05-10 | 7.5 HIGH | N/A |
| The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. | |||||
| CVE-2009-4852 | 1 Festic | 1 Semanticscuttle | 2010-05-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1854 | 1 Phpscripte24 | 1 Pay Per Watch \& Bid Auktions System | 2010-05-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the id_auk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be resultant from CVE-2010-1855. | |||||
| CVE-2010-1856 | 1 Realitymedias | 1 Repairshop2 | 2010-05-09 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action. | |||||
| CVE-2010-1859 | 1 Deluxebb | 1 Deluxebb | 2010-05-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread. | |||||