Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0750 | 1 Freedesktop | 1 Policykit | 2017-08-16 | 2.1 LOW | N/A |
| pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument. | |||||
| CVE-2010-0752 | 2 Drupal, Earl Dunovant | 2 Drupal, Week | 2017-08-16 | 5.0 MEDIUM | N/A |
| The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors. | |||||
| CVE-2010-0753 | 2 Componentslab, Joomla | 2 Com Sqlreport, Joomla\! | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0755 | 1 Wikyblog | 1 Wikyblog | 2017-08-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter. | |||||
| CVE-2010-0756 | 1 Wikyblog | 1 Wikyblog | 2017-08-16 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main. | |||||
| CVE-2010-0757 | 1 Wikyblog | 1 Wikyblog | 2017-08-16 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/. | |||||
| CVE-2010-0758 | 1 Softbizscripts | 1 Softbiz Jobs And Recruitment Script | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-0759 | 2 Greatjoomla, Joomla | 2 Scriptegrator Plugin, Joomla\! | 2017-08-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760. | |||||
| CVE-2010-0761 | 1 Commodityrentals | 1 Books\/ebooks Rentals Script | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action. | |||||
| CVE-2010-0762 | 1 Commodityrentals | 1 Cd Rental Software | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action. | |||||
| CVE-2010-0764 | 1 Kuwaitphp | 1 Esmile | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action. | |||||
| CVE-2010-0765 | 1 Fipsasp | 1 Fipsforum | 2017-08-16 | 5.0 MEDIUM | N/A |
| fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for _database/forumFips.mdb. | |||||
| CVE-2010-0768 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI. | |||||
| CVE-2010-0769 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 1.9 LOW | N/A |
| IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file. | |||||
| CVE-2010-0770 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 4.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. | |||||
| CVE-2010-0772 | 1 Ibm | 1 Websphere Mq | 2017-08-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via "incorrect channel control data." | |||||
| CVE-2010-0774 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 4.3 MEDIUM | N/A |
| The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2010-0775 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. | |||||
| CVE-2010-0776 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 5.0 MEDIUM | N/A |
| The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request. | |||||
| CVE-2010-0777 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 2.6 LOW | N/A |
| The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. | |||||