Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2920 | 2 Foobla, Joomla | 2 Com Foobla Suggestions, Joomla\! | 2017-08-16 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. | |||||
| CVE-2010-2921 | 2 Joomla, Photoindochina | 2 Joomla\!, Com Golfcourseguide | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php. | |||||
| CVE-2010-2922 | 1 Ali Kenan | 1 Aky Blog | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2923 | 2 Joomla, Prasanna | 2 Joomla\!, Com Youtube | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php. | |||||
| CVE-2010-2924 | 2 Silvercover, Wordpress | 2 Mylinksdump Plugin, Wordpress | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2925 | 1 Openfreeway | 1 Freeway | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter. | |||||
| CVE-2010-2926 | 1 Solucija | 1 Snews | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2010-2927 | 1 Ibm | 1 Tivoli Directory Server | 2017-08-16 | 5.0 MEDIUM | N/A |
| The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts. | |||||
| CVE-2010-2929 | 1 Pharscape | 1 Hsolink | 2017-08-16 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the (1) route, (2) mv, and (3) cp programs, a different vulnerability than CVE-2010-1671. | |||||
| CVE-2010-2930 | 1 Pharscape | 1 Hsolink | 2017-08-16 | 7.2 HIGH | N/A |
| Multiple stack-based buffer overflows in hsolinkcontrol in hsolink 1.0.118 allow local users to gain privileges via long command-line arguments, a different vulnerability than CVE-2010-1671. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2932 | 1 Barcodewiz | 1 Barcode Activex Control | 2017-08-16 | 9.3 HIGH | N/A |
| Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument to the LoadProperties method. | |||||
| CVE-2010-2933 | 1 Avscripts | 1 Av Arcade | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote attackers to execute arbitrary SQL commands via the ava_code cookie to the "main page," related to index.php and the login task. | |||||
| CVE-2010-2940 | 1 Fedoraproject | 1 Sssd | 2017-08-16 | 5.1 MEDIUM | N/A |
| The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password. | |||||
| CVE-2010-2941 | 1 Apple | 1 Cups | 2017-08-16 | 7.9 HIGH | N/A |
| ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | |||||
| CVE-2010-3022 | 1 Drupal | 1 Devel Module | 2017-08-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL. | |||||
| CVE-2010-3024 | 1 Hulihanapplications | 1 Diamondlist | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration. | |||||
| CVE-2010-3028 | 2 Joomla, Simon Philips | 2 Joomla, Aardvertiser | 2017-08-16 | 3.6 LOW | N/A |
| The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. | |||||
| CVE-2010-3035 | 1 Cisco | 1 Ios Xr | 2017-08-16 | 5.0 MEDIUM | N/A |
| Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211. | |||||
| CVE-2010-3041 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2017-08-16 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3042, CVE-2010-3043, and CVE-2010-3044. | |||||
| CVE-2010-3042 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2017-08-16 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044. | |||||