Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2635 | 1 Ibm | 1 Websphere Commerce | 2017-08-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages." | |||||
| CVE-2010-2636 | 1 Ibm | 1 Websphere Commerce | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2010-2637 | 1 Ibm | 1 Websphere Mq | 2017-08-16 | 4.3 MEDIUM | N/A |
| IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. | |||||
| CVE-2010-2638 | 1 Ibm | 1 Websphere Mq | 2017-08-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value. | |||||
| CVE-2010-2639 | 1 Ibm | 1 Websphere Commerce | 2017-08-16 | 5.0 MEDIUM | N/A |
| IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues." | |||||
| CVE-2010-2644 | 1 Ibm | 1 Websphere Service Registry And Repository | 2017-08-16 | 5.0 MEDIUM | N/A |
| IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface. | |||||
| CVE-2010-2669 | 1 Novo-ws | 1 Orbis Cms | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2010-2670 | 1 Brotherscripts | 1 Recipe Website | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2674 | 1 Alanzard | 1 Tsoka\ | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action. | |||||
| CVE-2010-2676 | 1 Openwebanalytics | 1 Open Web Analytics | 2017-08-16 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters. | |||||
| CVE-2010-2677 | 1 Openwebanalytics | 1 Open Web Analytics | 2017-08-16 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2680 | 2 Harmistechnology, Joomla | 2 Com Jesectionfinder, Joomla\! | 2017-08-16 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. | |||||
| CVE-2010-2682 | 2 Joomla, Realtyna | 2 Joomla\!, Com Realtyna | 2017-08-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-2684 | 1 Customerparadigm | 1 Pagedirector Cms | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2687 | 1 Site2nite | 1 Boat Classifieds | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printdetail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the Id parameter. | |||||
| CVE-2010-2688 | 1 Site2nite | 1 Boat Classifieds | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2010-2691 | 1 2daybiz | 1 Custom T-shirt Design Script | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php. | |||||
| CVE-2010-2692 | 1 2daybiz | 1 Custom T-shirt Design Script | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment. | |||||
| CVE-2010-2696 | 1 Sijio | 1 Community Software | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter. | |||||
| CVE-2010-2697 | 1 Sijio | 1 Community Software | 2017-08-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information. | |||||