Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0357 | 1 Ibm | 1 Lotus Web Content Management | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2010-0365 | 1 Bitscripts | 1 Bits Video Script | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter. | |||||
| CVE-2010-0366 | 1 Bitscripts | 1 Bits Video Script | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2010-0367 | 1 Bitscripts | 1 Bits Video Script | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php. | |||||
| CVE-2010-0371 | 1 Hitmaaan | 1 Hitmaaan Gallery | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hitmaaan Gallery 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gall and (2) levela parameters. | |||||
| CVE-2010-0372 | 2 Hong Chuyen, Joomla | 2 Com Articlemanager, Joomla\! | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php. | |||||
| CVE-2010-0373 | 1 Joomla | 2 Com Libros, Joomla\! | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||
| CVE-2010-0374 | 2 Codingfish, Joomla | 2 Com Marketplace, Joomla\! | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php. | |||||
| CVE-2010-0375 | 1 Jce-tech | 1 Php Calendars Script | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-0376 | 1 Jce-tech | 1 Php Calendars Script | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375. | |||||
| CVE-2010-0387 | 1 Sun | 1 Java System Web Server | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header. | |||||
| CVE-2010-0388 | 1 Sun | 1 Java System Web Server | 2017-08-16 | 7.5 HIGH | N/A |
| Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. | |||||
| CVE-2010-0394 | 3 Debian, Edgewall Software, Nanosleep | 3 Debian Linux, Trac, Trac-git | 2017-08-16 | 6.8 MEDIUM | N/A |
| PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command. | |||||
| CVE-2010-0396 | 1 Debian | 1 Dpkg | 2017-08-16 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive. | |||||
| CVE-2010-0422 | 1 Gnome | 1 Screensaver | 2017-08-16 | 4.0 MEDIUM | N/A |
| gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414. | |||||
| CVE-2009-0732 | 1 Lingx | 1 Downloadcenter | 2017-08-16 | 5.0 MEDIUM | N/A |
| Downloadcenter 2.1 stores common.h under the web root with insufficient access control, which allows remote attackers to obtain user credentials and other sensitive information via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0743 | 1 Cisco | 1 Unified Meetingplace | 2017-08-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field. | |||||
| CVE-2009-0749 | 1 Cosmin Truta | 1 Optipng | 2017-08-16 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed. | |||||
| CVE-2009-0770 | 1 Dkim | 1 Dkim-milter | 2017-08-16 | 5.0 MEDIUM | N/A |
| dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a denial of service (crash) by signing a message with a key that has been revoked in DNS, which triggers an assertion error. | |||||
| CVE-2009-0780 | 1 Openbsd | 1 Openbsd | 2017-08-16 | 5.0 MEDIUM | N/A |
| The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing a long AS path. | |||||