Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1270 | 1 Phpscripte24 | 1 Multi Suktions Komplett System | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter. | |||||
| CVE-2010-1271 | 1 Smart-plugs | 1 Smartplugs | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows remote attackers to execute arbitrary SQL commands via the domain parameter. | |||||
| CVE-2010-1272 | 1 Komputer.boo | 1 Gnat-tgp | 2017-08-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | |||||
| CVE-2010-1274 | 1 Webtoolkit | 1 Wt | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to "insertions of the URL" that occur during a redirection. | |||||
| CVE-2010-1296 | 1 Adobe | 1 Photoshop Cs4 | 2017-08-16 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file. | |||||
| CVE-2010-1300 | 1 Yamamah | 1 Yamamah | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter. | |||||
| CVE-2010-1301 | 1 Merethis | 1 Centreon | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter. | |||||
| CVE-2010-1303 | 2 Drupal, Jim Berry | 2 Drupal, Taxonomy Filter | 2017-08-16 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus. | |||||
| CVE-2010-1304 | 2 Joomla, Joomlamo | 2 Joomla\!, Com Userstatus | 2017-08-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1305 | 2 Joomla, Joomlamo | 2 Joomla\!, Com Jinventory | 2017-08-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1306 | 2 Joomla, Roberto Aloi | 2 Joomla\!, Com Joomlapicasa2 | 2017-08-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1307 | 2 Joomla, Software.realtyna | 2 Joomla\!, Com Joomlaupdater | 2017-08-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1315 | 2 Joomla, Joomlamo | 2 Joomla\!, Com Weberpcustomer | 2017-08-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1325 | 1 Novell | 2 Suse Lifecycle Management Server, Suse Linux | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect. | |||||
| CVE-2010-1327 | 1 Tornadostore | 1 Tornadostore | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3. | |||||
| CVE-2010-1328 | 1 Tornadostore | 1 Tornadostore | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section. | |||||
| CVE-2010-1331 | 1 Heartlogic | 1 Hl-sitemanager | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Heartlogic HL-SiteManager allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2010-1332 | 1 Prettybook | 1 Prettyformmail | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1333 | 1 Almas | 1 Compiere | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc. Compiere J300_A02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1335 | 1 Miftahovn | 1 Insky Cms | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/. NOTE: some of these details are obtained from third party information. | |||||