Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1027 | 2 Dietmar Schffer, Typo3 | 2 Travelmate, Typo3 | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-1033 | 1 Hp | 1 Operations Manager | 2017-08-16 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll. | |||||
| CVE-2010-1042 | 1 Microsoft | 1 Windows Media Player | 2017-08-16 | 4.3 MEDIUM | N/A |
| Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1044 | 1 Manageengine | 1 Oputils | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter. | |||||
| CVE-2010-1047 | 1 Masa2el | 1 Music City | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action. | |||||
| CVE-2010-1053 | 1 Zentracking | 1 Zen Time Tracking | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1055 | 1 Tufat | 1 Osdate | 2017-08-16 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1056 | 2 Joomla, Rockettheme | 2 Joomla\!, Com Rokdownloads | 2017-08-16 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1057 | 1 Phpkobo | 1 Adfreely | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1058 | 1 Phpkobo | 1 Address Book Script | 2017-08-16 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. | |||||
| CVE-2010-1064 | 1 Aspindir | 1 Erolife Ajxgaleri Vt | 2017-08-16 | 5.0 MEDIUM | N/A |
| Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb. | |||||
| CVE-2010-1065 | 1 Lebisoft | 1 Ziyaretci Defteri | 2017-08-16 | 5.0 MEDIUM | N/A |
| Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb. | |||||
| CVE-2010-1066 | 1 The-ghost | 1 Ar Web Content Manager | 2017-08-16 | 5.0 MEDIUM | N/A |
| AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php. | |||||
| CVE-2010-1067 | 1 Hasmir Alic | 1 E-membres | 2017-08-16 | 5.0 MEDIUM | N/A |
| E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb. | |||||
| CVE-2010-1068 | 1 Netwin | 1 Surgeftp | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action. | |||||
| CVE-2010-1070 | 1 Imagoscripts | 1 Deviant Art Clone | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ImagoScripts Deviant Art Clone allows remote attackers to execute arbitrary SQL commands via the seid parameter in a forums viewcat action. | |||||
| CVE-2010-1071 | 1 Phpmdj | 1 Phpmdj | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-1072 | 1 Sniggabo | 1 Sniggabo Cms | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS 2.21 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2010-1073 | 2 Joomla, Joshprakash | 2 Joomla\!, Com Jembed | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php. | |||||
| CVE-2010-1074 | 2 2bits, Drupal | 2 Currency, Drupal | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging. | |||||