| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2010-0760 |
22 |
|
Dir. Trav. |
2010-02-27 |
2010-03-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
2 |
CVE-2010-0759 |
22 |
2
|
Dir. Trav. |
2010-02-27 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760. |
|
3 |
CVE-2010-0758 |
89 |
2
|
Exec Code Sql |
2010-02-27 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
4 |
CVE-2010-0757 |
|
2
|
Exec Code |
2010-02-27 |
2017-08-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/. |
|
5 |
CVE-2010-0756 |
287 |
2
|
|
2010-02-27 |
2017-08-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main. |
|
6 |
CVE-2010-0755 |
94 |
2
|
Exec Code File Inclusion |
2010-02-27 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter. |
|
7 |
CVE-2010-0754 |
79 |
2
|
XSS |
2010-02-27 |
2018-01-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action. |
|
8 |
CVE-2010-0753 |
89 |
2
|
Exec Code Sql |
2010-02-27 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information. |
|
9 |
CVE-2010-0752 |
264 |
|
|
2010-02-27 |
2017-08-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors. |
|
10 |
CVE-2010-0725 |
79 |
2
|
XSS |
2010-02-26 |
2010-04-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
|
11 |
CVE-2010-0724 |
89 |
2
|
Exec Code Sql |
2010-02-26 |
2010-04-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
12 |
CVE-2010-0723 |
89 |
4
|
Exec Code Sql |
2010-02-26 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
13 |
CVE-2010-0722 |
89 |
1
|
Exec Code Sql |
2010-02-26 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in news.php in Php Auktion Pro allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
14 |
CVE-2010-0721 |
89 |
2
|
Exec Code Sql |
2010-02-26 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
15 |
CVE-2010-0720 |
89 |
2
|
Exec Code Sql |
2010-02-26 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in news.php in Erotik Auktionshaus allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
16 |
CVE-2010-0719 |
20 |
|
DoS |
2010-02-26 |
2017-08-17 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. |
|
17 |
CVE-2010-0718 |
119 |
1
|
DoS Overflow |
2010-02-26 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. |
|
18 |
CVE-2010-0717 |
16 |
|
|
2010-02-26 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors. |
|
19 |
CVE-2010-0716 |
79 |
|
XSS |
2010-02-26 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed. |
|
20 |
CVE-2010-0715 |
|
|
|
2010-02-26 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string. |
|
21 |
CVE-2010-0714 |
79 |
|
XSS |
2010-02-26 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string. |
|
22 |
CVE-2010-0713 |
352 |
|
Exec Code CSRF |
2010-02-26 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/. |
|
23 |
CVE-2010-0712 |
89 |
|
Exec Code Sql |
2010-02-26 |
2017-08-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters. |
|
24 |
CVE-2010-0711 |
352 |
1
|
CSRF |
2010-02-25 |
2013-07-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the delete action in the ma2 parameter or (2) create administrators via the update action in the ma2 parameter. |
|
25 |
CVE-2010-0710 |
89 |
|
Exec Code Sql |
2010-02-25 |
2010-02-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when the sec parameter is 26. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
26 |
CVE-2010-0709 |
352 |
2
|
CSRF |
2010-02-25 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php. |
|
27 |
CVE-2010-0708 |
|
|
DoS |
2010-02-25 |
2017-08-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe in Sun Directory Server Enterprise Edition 7.0, Sun Java System Directory Server 5.2, and Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allow remote attackers to cause a denial of service (daemon crash) via a crafted LDAP search request. |
|
28 |
CVE-2010-0707 |
352 |
1
|
CSRF |
2010-02-25 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these details are obtained from third party information. |
|
29 |
CVE-2010-0706 |
79 |
|
XSS |
2010-02-25 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the login/prompt component in Subex Nikira Fraud Management System allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
|
30 |
CVE-2010-0705 |
20 |
|
DoS Exec Code +Priv Mem. Corr. |
2010-02-25 |
2018-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. |
|
31 |
CVE-2010-0704 |
79 |
|
XSS |
2010-02-25 |
2010-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field. |
|
32 |
CVE-2010-0703 |
79 |
1
|
XSS |
2010-02-23 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter. |
|
33 |
CVE-2010-0702 |
89 |
2
|
Exec Code Sql |
2010-02-23 |
2022-04-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
|
34 |
CVE-2010-0701 |
89 |
2
|
Exec Code Sql |
2010-02-23 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
35 |
CVE-2010-0700 |
79 |
|
XSS |
2010-02-23 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter. |
|
36 |
CVE-2010-0699 |
79 |
1
|
XSS |
2010-02-23 |
2010-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
|
37 |
CVE-2010-0698 |
89 |
2
|
Exec Code Sql |
2010-02-23 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information. |
|
38 |
CVE-2010-0697 |
79 |
|
XSS |
2010-02-23 |
2017-08-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file. |
|
39 |
CVE-2010-0696 |
22 |
1
|
Dir. Trav. |
2010-02-23 |
2013-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. |
|
40 |
CVE-2010-0695 |
79 |
1
|
XSS |
2010-02-23 |
2010-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter. |
|
41 |
CVE-2010-0694 |
89 |
2
|
Exec Code Sql |
2010-02-23 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php. |
|
42 |
CVE-2010-0693 |
89 |
2
|
Exec Code Sql |
2010-02-23 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
|
43 |
CVE-2010-0692 |
89 |
|
Exec Code Sql |
2010-02-23 |
2010-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information. |
|
44 |
CVE-2010-0691 |
89 |
1
|
Exec Code Sql |
2010-02-23 |
2010-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows remote attackers to execute arbitrary SQL commands via the s parameter. |
|
45 |
CVE-2010-0690 |
89 |
2
|
Exec Code Sql |
2010-02-23 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action. |
|
46 |
CVE-2010-0689 |
|
|
Exec Code |
2010-02-26 |
2018-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors. |
|
47 |
CVE-2010-0685 |
|
|
|
2010-02-23 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available. |
|
48 |
CVE-2010-0683 |
|
|
Exec Code |
2010-02-25 |
2010-02-26 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative credentials. |
|
49 |
CVE-2010-0682 |
264 |
|
|
2010-02-23 |
2011-01-19 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. |
|
50 |
CVE-2010-0681 |
264 |
1
|
+Info |
2010-02-22 |
2010-02-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql. |
