Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0710 | 1 Aspcodecms | 1 Aspcode Cms | 2010-02-25 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when the sec parameter is 26. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4568 | 1 Webmin | 2 Usermin, Webmin | 2010-02-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0699 | 1 Videosearchscript | 1 Videosearchscript Pro | 2010-02-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2010-0680 | 1 Zeuscms | 1 Zeuscms | 2010-02-23 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | |||||
| CVE-2010-0681 | 1 Zeuscms | 1 Zeuscms | 2010-02-23 | 5.0 MEDIUM | N/A |
| ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql. | |||||
| CVE-2010-0676 | 2 Joomla, Weberr | 2 Joomla\!, Com Rwcards | 2010-02-23 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter. | |||||
| CVE-2009-4650 | 2 Joomla, Onnogroen | 2 Joomla\!, Com Webeecomment | 2010-02-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4651 | 2 Joomla, Onnogroen | 2 Joomla\!, Com Webeecomment | 2010-02-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors. | |||||
| CVE-2010-0673 | 2 Copperleaf, Wordpress | 2 Photolog, Wordpress | 2010-02-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter. | |||||
| CVE-2010-0675 | 1 Bgsvetionik | 1 Bgs Cms | 2010-02-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0677 | 1 Katalog.hurricane | 1 Katalog Stron Hurricane | 2010-02-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter. | |||||
| CVE-2010-0678 | 1 Katalog.hurricane | 1 Katalog Stron Hurricane | 2010-02-22 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter. | |||||
| CVE-2010-0679 | 1 Hyleos | 1 Chemview | 2010-02-22 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods. | |||||
| CVE-2009-4646 | 1 Accellion | 1 Secure File Transfer Appliance | 2010-02-21 | 9.0 HIGH | N/A |
| Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string. | |||||
| CVE-2010-0666 | 1 Novell | 1 Edirectory | 2010-02-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926. | |||||
| CVE-2009-4643 | 1 Juniper | 1 Odyssey Access Client | 2010-02-15 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in dsInstallerService.dll in the Juniper Installer Service, as used in Juniper Odyssey Access Client 4.72.11421.0 and other products, allows remote attackers to execute arbitrary code via a long string in a malformed DSSETUPSERVICE_CMD_UNINSTALL command to the NeoterisSetupService named pipe. | |||||
| CVE-2010-0638 | 1 K5n | 1 Webcalendar | 2010-02-15 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-0631 | 1 Eicrasoft | 1 Eicra Car Rental-script | 2010-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Eicra Car Rental-Script, when the plugin_id parameter is 4, allow remote attackers to execute arbitrary SQL commands via the (1) users (username) and (2) passwords parameters. | |||||
| CVE-2010-0634 | 1 Will Estes | 1 Flex | 2010-02-14 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.35 has unknown impact and attack vectors. | |||||
| CVE-2010-0635 | 2 Jevents, Joomla | 2 Jevents Search Plugin, Joomla\! | 2010-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||