Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0381 | 1 Phpmyspace | 1 Phpmyspace | 2010-01-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a show_stats action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-0377 | 1 Phpmyspace | 1 Phpmyspace | 2010-01-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0359 | 1 Zeus | 1 Zeus Web Server | 2010-01-20 | 10.0 HIGH | N/A |
| Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message. | |||||
| CVE-2010-0327 | 2 Julian Kleinhans, Typo3 | 2 Kj Imagelightbox2, Typo3 | 2010-01-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490. | |||||
| CVE-2010-0322 | 2 Matthias Karr, Typo3 | 2 Mk Anydropdownmenu, Typo3 | 2010-01-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-0323 | 2 Arco Van Geest, Typo3 | 2 Goof Fotoboek, Typo3 | 2010-01-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | |||||
| CVE-2010-0324 | 2 Patrick Bauerochse, Typo3 | 2 Ref List, Typo3 | 2010-01-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-0325 | 2 Sebastian Baumann, Typo3 | 2 Sb Folderdownload, Typo3 | 2010-01-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | |||||
| CVE-2010-0326 | 3 Francois Suter, Rene Fritz, Typo3 | 3 Devlog, Devlog, Typo3 | 2010-01-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0328 | 2 Rastislav Birka, Typo3 | 2 Cs2 Unitconv, Typo3 | 2010-01-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0330 | 2 Julian Fries, Typo3 | 2 Jf Easymaps, Typo3 | 2010-01-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-0345 | 1 Typo3 | 2 Majordomo, Typo3 | 2010-01-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2000-0835 | 1 Sambar | 1 Sambar Server | 2010-01-15 | 5.0 MEDIUM | N/A |
| search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query parameter. | |||||
| CVE-2002-0596 | 1 Webtrends | 1 Reporting Center | 2010-01-15 | 5.0 MEDIUM | N/A |
| WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message. | |||||
| CVE-2010-0014 | 1 Fedoraproject | 1 Sssd | 2010-01-14 | 3.7 LOW | N/A |
| System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT. | |||||
| CVE-2009-4481 | 2010-01-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3111. Reason: This candidate is a duplicate of CVE-2009-3111. Notes: All CVE users should reference CVE-2009-3111 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-4603 | 1 Sap | 3 Sap Kernel, Sap Netweaver, Sap Web Application Server | 2010-01-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4601 | 1 Zeeways | 1 Zeejobsite | 2010-01-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in basic_search_result.php in Zeeways ZeeJobsite 3x allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||||
| CVE-2009-4595 | 1 Phpwares | 1 Php Inventory | 2010-01-12 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4602 | 1 Drupal | 2 Drupal, Randomizer | 2010-01-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||