CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2010 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-0462 119 Overflow 2010-01-28 2017-09-19
6.5
None Remote Low ??? Partial Partial Partial
Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.
2 CVE-2010-0461 89 2 Exec Code Sql 2010-01-28 2017-08-17
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.
3 CVE-2010-0459 89 2 Exec Code Sql 2010-01-28 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
4 CVE-2010-0458 89 2 Exec Code Sql 2010-01-28 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to index.php and the (2) note parameter to blog.php.
5 CVE-2010-0457 89 2 Exec Code Sql 2010-01-28 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in home.php in magic-portal 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
6 CVE-2010-0456 89 1 Exec Code Sql 2010-01-28 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php.
7 CVE-2010-0454 89 1 Exec Code Sql 2010-01-28 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publique! 2.3 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
8 CVE-2010-0392 119 Exec Code Overflow 2010-01-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to "phase 2."
9 CVE-2010-0391 119 Exec Code Overflow 2010-01-26 2011-01-12
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in Embarcadero Technologies InterBase SMP 2009 9.0.3.437 allow remote attackers to execute arbitrary code via unknown vectors involving crafted packets. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
10 CVE-2010-0390 1 Exec Code 2010-01-26 2011-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
11 CVE-2010-0388 134 DoS 2010-01-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.
12 CVE-2010-0387 119 DoS Overflow 2010-01-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.
13 CVE-2010-0382 2010-01-22 2017-09-19
7.6
None Remote High Not required Complete Complete Complete
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
14 CVE-2010-0381 89 Exec Code Sql 2010-01-22 2010-01-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a show_stats action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
15 CVE-2010-0379 Exec Code 2010-01-21 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item.
16 CVE-2010-0378 Exec Code Mem. Corr. 2010-01-21 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability."
17 CVE-2010-0377 89 1 Exec Code Sql 2010-01-21 2010-01-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: some of these details are obtained from third party information.
18 CVE-2010-0375 89 1 Exec Code Sql 2010-01-21 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
19 CVE-2010-0373 89 2 Exec Code Sql 2010-01-21 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
20 CVE-2010-0372 89 2 Exec Code Sql 2010-01-21 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.
21 CVE-2010-0367 94 1 Exec Code File Inclusion 2010-01-21 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php.
22 CVE-2010-0366 20 1 Exec Code 2010-01-21 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
23 CVE-2010-0364 119 1 Exec Code Overflow 2010-01-21 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.
24 CVE-2010-0361 119 DoS Overflow 2010-01-20 2011-04-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.
25 CVE-2010-0360 20 Overflow 2010-01-20 2011-04-28
10.0
None Remote Low Not required Complete Complete Complete
Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.
26 CVE-2010-0359 119 DoS Exec Code Overflow 2010-01-20 2010-01-21
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message.
27 CVE-2010-0358 119 DoS Overflow 2010-01-20 2011-04-28
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087.
28 CVE-2010-0356 119 Exec Code Overflow 2010-01-18 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method.
29 CVE-2010-0350 22 Dir. Trav. 2010-01-15 2011-05-02
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors.
30 CVE-2010-0344 89 Exec Code Sql 2010-01-15 2011-04-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
31 CVE-2010-0343 89 Exec Code Sql 2010-01-15 2011-04-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
32 CVE-2010-0342 89 Exec Code Sql 2010-01-15 2011-04-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
33 CVE-2010-0341 89 Exec Code Sql 2010-01-15 2011-04-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
34 CVE-2010-0340 89 Exec Code Sql 2010-01-15 2011-04-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
35 CVE-2010-0339 89 Exec Code Sql 2010-01-15 2011-04-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
36 CVE-2010-0338 89 Exec Code Sql 2010-01-15 2011-02-01
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
37 CVE-2010-0337 89 Exec Code Sql 2010-01-15 2011-04-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
38 CVE-2010-0334 89 Exec Code Sql 2010-01-15 2011-07-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
39 CVE-2010-0333 89 Exec Code Sql 2010-01-15 2011-07-26
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
40 CVE-2010-0332 89 Exec Code Sql 2010-01-15 2011-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
41 CVE-2010-0330 89 Exec Code Sql 2010-01-15 2010-01-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
42 CVE-2010-0329 89 Exec Code Sql 2010-01-15 2011-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."
43 CVE-2010-0324 89 Exec Code Sql 2010-01-15 2010-01-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
44 CVE-2010-0323 +Info 2010-01-15 2010-01-18
7.8
None Remote Low Not required Complete None None
Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
45 CVE-2010-0322 89 Exec Code Sql 2010-01-15 2010-01-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
46 CVE-2010-0318 264 2010-01-15 2011-08-08
6.9
None Local Medium Not required Complete Complete Complete
The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure.
47 CVE-2010-0317 399 1 DoS 2010-01-15 2018-10-10
7.8
None Remote Low Not required None None Complete
Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information.
48 CVE-2010-0316 189 DoS Exec Code Overflow Mem. Corr. 2010-01-15 2011-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Google SketchUp before 7.1 M2 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a crafted SKP file.
49 CVE-2010-0311 2010-01-14 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors.
50 CVE-2010-0310 264 +Priv 2010-01-14 2017-09-19
6.8
None Local Low ??? Complete Complete Complete
Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.
Total number of vulnerabilities : 181   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.