Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2359 | 1 Activewebsoftwares | 1 Ewebquiz | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706. | |||||
| CVE-2010-2360 | 1 Isamu Kaneko | 1 Winny | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-2007. | |||||
| CVE-2010-2361 | 1 Winny | 1 Winny | 2017-08-16 | 10.0 HIGH | N/A |
| Winny 2.0b7.1 and earlier does not properly process BBS information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks. | |||||
| CVE-2010-2362 | 1 Winny | 1 Winny | 2017-08-16 | 10.0 HIGH | N/A |
| Winny 2.0b7.1 and earlier does not properly process node information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks. | |||||
| CVE-2010-2363 | 1 Iij | 6 Seil\/b1, Seil\/b1 Firmware, Seil\/x1 and 3 more | 2017-08-16 | 5.8 MEDIUM | N/A |
| The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the SEIL/X1, SEIL/X2, and SEIL/B1 routers with firmware 1.00 through 2.73, when strict mode is used, does not properly drop packets, which might allow remote attackers to bypass intended access restrictions via a spoofed IP address. | |||||
| CVE-2010-2387 | 1 Gnome | 1 Gnome Display Manager | 2017-08-16 | 1.9 LOW | N/A |
| vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. | |||||
| CVE-2010-2420 | 1 Fenrir-inc | 2 Activegeckobrowser, Sleipnir | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser 1.0.0 and 1.0.5 alpha, a module for the Sleipnir web browser, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the Gecko engine. | |||||
| CVE-2010-2428 | 2 Microsoft, Wftpserver | 2 Windows, Wing Ftp Server | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request. | |||||
| CVE-2010-2433 | 1 Ibm | 1 Websphere Ilog Jrules | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/. | |||||
| CVE-2010-2438 | 1 Laubrotel | 1 G.cms Generator | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php. | |||||
| CVE-2010-2439 | 1 Moreforge | 1 Moreamp | 2017-08-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file). | |||||
| CVE-2010-2454 | 1 Apple | 1 Safari | 2017-08-16 | 4.3 MEDIUM | N/A |
| Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. | |||||
| CVE-2010-2456 | 1 Codelib | 1 Linker Img | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate. | |||||
| CVE-2010-2458 | 1 2daybiz | 1 Video Community Portal Script | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter. | |||||
| CVE-2010-2459 | 1 2daybiz | 1 Video Community Portal Script | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter. | |||||
| CVE-2010-2460 | 1 Jce-tech | 1 Shareasale Script | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter. | |||||
| CVE-2010-2461 | 1 Jce-tech | 1 Overstock Script | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter. | |||||
| CVE-2010-2462 | 1 Tomacero | 1 Orohyip | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP allows remote attackers to execute arbitrary SQL commands via the id parameter in a cancel action. | |||||
| CVE-2010-2464 | 2 Joomla, Rsjoomla | 2 Joomla\!, Com Rscomments | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php. | |||||
| CVE-2010-2466 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2017-08-16 | 5.0 MEDIUM | N/A |
| The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames. | |||||