CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-0723 89 4 Exec Code Sql 2010-02-26 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
2 CVE-2010-0679 119 3 Exec Code Overflow 2010-02-22 2010-02-23
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.
3 CVE-2010-0759 22 2 Dir. Trav. 2010-02-27 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760.
4 CVE-2010-0758 89 2 Exec Code Sql 2010-02-27 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter.
5 CVE-2010-0757 2 Exec Code 2010-02-27 2017-08-17
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/.
6 CVE-2010-0756 287 2 2010-02-27 2017-08-17
5.8
None Remote Medium Not required Partial Partial None
Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.
7 CVE-2010-0755 94 2 Exec Code File Inclusion 2010-02-27 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter.
8 CVE-2010-0754 79 2 XSS 2010-02-27 2018-01-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action.
9 CVE-2010-0753 89 2 Exec Code Sql 2010-02-27 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information.
10 CVE-2010-0725 79 2 XSS 2010-02-26 2010-04-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
11 CVE-2010-0724 89 2 Exec Code Sql 2010-02-26 2010-04-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
12 CVE-2010-0721 89 2 Exec Code Sql 2010-02-26 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
13 CVE-2010-0720 89 2 Exec Code Sql 2010-02-26 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Erotik Auktionshaus allows remote attackers to execute arbitrary SQL commands via the id parameter.
14 CVE-2010-0709 352 2 CSRF 2010-02-25 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php.
15 CVE-2010-0702 89 2 Exec Code Sql 2010-02-23 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
16 CVE-2010-0701 89 2 Exec Code Sql 2010-02-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
17 CVE-2010-0698 89 2 Exec Code Sql 2010-02-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.
18 CVE-2010-0694 89 2 Exec Code Sql 2010-02-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php.
19 CVE-2010-0693 89 2 Exec Code Sql 2010-02-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
20 CVE-2010-0690 89 2 Exec Code Sql 2010-02-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action.
21 CVE-2010-0678 94 2 Exec Code File Inclusion 2010-02-22 2010-02-23
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter.
22 CVE-2010-0677 89 2 Exec Code Sql 2010-02-22 2010-02-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter.
23 CVE-2010-0674 264 2 2010-02-22 2017-08-17
5.0
None Remote Low Not required Partial None None
StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb.
24 CVE-2010-0673 89 2 Exec Code Sql 2010-02-22 2010-02-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter.
25 CVE-2010-0672 89 2 Exec Code Sql 2010-02-22 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter.
26 CVE-2010-0671 89 2 Exec Code Sql 2010-02-22 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action.
27 CVE-2010-0632 89 2 Exec Code Sql 2010-02-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to index.php.
28 CVE-2010-0630 89 2 Exec Code Sql 2010-02-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewjokes.php in Evernew Free Joke Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
29 CVE-2010-0611 89 2 Exec Code Sql 2010-02-11 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
30 CVE-2010-0610 89 2 Exec Code Sql 2010-02-11 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist.
31 CVE-2010-0608 89 2 Exec Code Sql 2010-02-11 2010-02-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter in a search action.
32 CVE-2010-0605 89 2 Exec Code Sql 2010-02-11 2010-02-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
33 CVE-2010-0467 22 2 Dir. Trav. 2010-02-02 2019-09-27
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
34 CVE-2009-4655 310 2 2010-02-26 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
35 CVE-2010-0722 89 1 Exec Code Sql 2010-02-26 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Php Auktion Pro allows remote attackers to execute arbitrary SQL commands via the id parameter.
36 CVE-2010-0718 119 1 DoS Overflow 2010-02-26 2017-08-17
4.3
None Remote Medium Not required None None Partial
Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file.
37 CVE-2010-0711 352 1 CSRF 2010-02-25 2013-07-20
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the delete action in the ma2 parameter or (2) create administrators via the update action in the ma2 parameter.
38 CVE-2010-0707 352 1 CSRF 2010-02-25 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these details are obtained from third party information.
39 CVE-2010-0703 79 1 XSS 2010-02-23 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter.
40 CVE-2010-0699 79 1 XSS 2010-02-23 2010-02-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
41 CVE-2010-0696 22 1 Dir. Trav. 2010-02-23 2013-08-21
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
42 CVE-2010-0695 79 1 XSS 2010-02-23 2010-03-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter.
43 CVE-2010-0691 89 1 Exec Code Sql 2010-02-23 2010-03-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows remote attackers to execute arbitrary SQL commands via the s parameter.
44 CVE-2010-0681 264 1 +Info 2010-02-22 2010-02-23
5.0
None Remote Low Not required Partial None None
ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql.
45 CVE-2010-0680 22 1 Dir. Trav. 2010-02-22 2010-02-23
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
46 CVE-2010-0676 22 1 Dir. Trav. 2010-02-22 2010-02-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter.
47 CVE-2010-0675 79 1 XSS 2010-02-22 2010-02-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details are obtained from third party information.
48 CVE-2010-0665 264 1 +Info 2010-02-19 2017-08-17
5.0
None Remote Low Not required Partial None None
JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql.
49 CVE-2010-0642 200 1 +Info 2010-02-17 2017-08-17
5.0
None Remote Low Not required Partial None None
Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4) appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml, (d) webline/html/forms/callbackICM.jhtml, (e) webline/html/agent/AgentFrame.jhtml, (f) webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml, (h) webline/html/multichatui/nowDefunctWindow.jhtml, (i) browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k) msccallme/mscCallForm.jhtml, and (l) webline/html/admin/wcs/LoginPage.jhtml components.
50 CVE-2010-0641 79 1 XSS 2010-02-17 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter.
Total number of vulnerabilities : 308   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.