Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3043 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2017-08-16 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044. | |||||
| CVE-2010-3044 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2017-08-16 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043. | |||||
| CVE-2010-3082 | 1 Djangoproject | 1 Django | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie. | |||||
| CVE-2010-3135 | 1 Cisco | 1 Packet Tracer | 2017-08-16 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .pkt or .pkz file. | |||||
| CVE-2010-3158 | 1 Lhaplus | 1 Lhaplus | 2017-08-16 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2010-3164 | 1 Fenrir | 2 Grani, Sleipnir | 2017-08-16 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and earlier and Grani 4.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2010-3186 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 10.0 HIGH | N/A |
| IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors. | |||||
| CVE-2010-3204 | 1 Pecio-cms | 1 Pecio Cms | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) post.php, (2) article.php, (3) blog.php, or (4) home.php in pec_templates/nova-blue/. | |||||
| CVE-2010-3205 | 1 Textpattern | 1 Textpattern | 2017-08-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. | |||||
| CVE-2010-3206 | 1 Diy-cms | 1 Diy-cms | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to modules/guestbook/blocks/control.block.php, (2) main_module parameter to index.php, and (3) getFile parameter to includes/general.functions.php. | |||||
| CVE-2010-3207 | 1 Galeriashqip | 1 Galeriashqip | 2017-08-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the album_id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3208 | 1 Wiccle | 1 Wiccle Web Builder | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle Web Builder (WWB) 1.00 and 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the post_text parameter in a site custom_search action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3209 | 1 Seagullproject.org | 1 Seagull | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to (1) Config/Container.php and (2) HTML/QuickForm.php in fog/lib/pear/, the (3) driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the (4) path parameter to fog/lib/pear/DB/NestedSet/Output.php. | |||||
| CVE-2010-3210 | 1 Martin Lee | 1 Multi-lingual E-commerce System | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/. | |||||
| CVE-2010-3211 | 2 Jextn, Joomla | 2 Com Jefaqpro, Joomla\! | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action. | |||||
| CVE-2010-3212 | 1 Seagullproject.org | 1 Seagull | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO. | |||||
| CVE-2010-3213 | 1 Microsoft | 1 Outlook Web Access | 2017-08-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. | |||||
| CVE-2010-3263 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. | |||||
| CVE-2010-3279 | 1 Alcatel-lucent | 2 Ccagent, Omnitouch Contact Center | 2017-08-16 | 7.6 HIGH | N/A |
| The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe. | |||||
| CVE-2010-3280 | 1 Alcatel-lucent | 2 Ccagent, Omnitouch Contact Center | 2017-08-16 | 6.9 MEDIUM | N/A |
| The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application. | |||||