| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2010-1219 |
22 |
1
|
Dir. Trav. |
2010-03-30 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. |
|
2 |
CVE-2010-1216 |
94 |
1
|
Exec Code File Inclusion |
2010-03-30 |
2010-06-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. NOTE: some of these details are obtained from third party information. |
|
3 |
CVE-2010-1194 |
310 |
|
|
2010-03-31 |
2010-05-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName. |
|
4 |
CVE-2010-1192 |
310 |
|
|
2010-03-31 |
2010-05-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
|
5 |
CVE-2010-1191 |
287 |
|
Bypass |
2010-03-31 |
2018-10-10 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Sahana disaster management system 0.6.2.2, and possibly other versions, allows remote attackers to bypass intended access restrictions and disable administrator authentication via a direct request to stream.php in an acl_enable_acl action to the admin module. |
|
6 |
CVE-2010-1188 |
399 |
|
DoS |
2010-03-31 |
2017-09-19 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled and causes the skb structure to be freed. |
|
7 |
CVE-2010-1185 |
119 |
|
Exec Code Overflow |
2010-03-29 |
2018-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information. |
|
8 |
CVE-2010-1184 |
310 |
|
+Info |
2010-03-29 |
2017-08-17 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2. |
|
9 |
CVE-2010-1182 |
|
|
|
2010-03-29 |
2010-03-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors. |
|
10 |
CVE-2010-1180 |
94 |
|
DoS Exec Code |
2010-03-29 |
2017-08-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514. |
|
11 |
CVE-2010-1179 |
189 |
1
|
DoS Exec Code |
2010-03-29 |
2010-03-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024. |
|
12 |
CVE-2010-1177 |
94 |
|
DoS Exec Code |
2010-03-29 |
2010-03-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings. |
|
13 |
CVE-2010-1176 |
94 |
1
|
DoS Exec Code |
2010-03-29 |
2010-03-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075. |
|
14 |
CVE-2010-1175 |
|
|
|
2010-03-29 |
2021-07-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." |
|
15 |
CVE-2010-1136 |
264 |
|
Bypass |
2010-03-27 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php. |
|
16 |
CVE-2010-1135 |
255 |
|
|
2010-03-27 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. |
|
17 |
CVE-2010-1134 |
89 |
|
Exec Code Sql |
2010-03-27 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable. |
|
18 |
CVE-2010-1133 |
89 |
|
Exec Code Sql |
2010-03-27 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php. |
|
19 |
CVE-2010-1132 |
78 |
1
|
Exec Code |
2010-03-27 |
2017-08-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message. |
|
20 |
CVE-2010-1129 |
20 |
|
Bypass |
2010-03-26 |
2010-08-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function. |
|
21 |
CVE-2010-1128 |
310 |
|
|
2010-03-26 |
2010-12-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function. |
|
22 |
CVE-2010-1124 |
|
|
DoS |
2010-03-26 |
2010-03-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading a certain address field after a successful getaddrinfo function call, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors, as demonstrated by IBM DB2 crashes on "systems with databases cataloged with alternate servers using IP addresses." |
|
23 |
CVE-2010-1122 |
119 |
|
DoS Overflow Mem. Corr. |
2010-03-25 |
2017-09-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a different vulnerability than CVE-2010-1028. |
|
24 |
CVE-2010-1121 |
94 |
|
Exec Code |
2010-03-25 |
2017-09-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. |
|
25 |
CVE-2010-1120 |
94 |
|
Exec Code |
2010-03-25 |
2010-06-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010. |
|
26 |
CVE-2010-1119 |
399 |
|
DoS Exec Code |
2010-03-25 |
2017-09-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. |
|
27 |
CVE-2010-1118 |
|
|
Exec Code |
2010-03-25 |
2021-07-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. |
|
28 |
CVE-2010-1117 |
119 |
|
Overflow |
2010-03-25 |
2021-07-23 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. |
|
29 |
CVE-2010-1114 |
94 |
1
|
Exec Code File Inclusion |
2010-03-25 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php. |
|
30 |
CVE-2010-1109 |
89 |
1
|
Exec Code Sql |
2010-03-25 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) v2 parameter in a member view action, (2) v1 parameter in a news action, (3) v1 parameter in an information action, (4) v2 parameter in a team view action, (5) v2 parameter in a club view action, or (6) v2 parameter in a matches view action. |
|
31 |
CVE-2010-1106 |
94 |
1
|
Exec Code File Inclusion |
2010-03-25 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. |
|
32 |
CVE-2010-1098 |
399 |
|
DoS |
2010-03-24 |
2017-08-17 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. |
|
33 |
CVE-2010-1097 |
287 |
|
Bypass |
2010-03-24 |
2010-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php. |
|
34 |
CVE-2010-1096 |
89 |
|
Exec Code Sql |
2010-03-24 |
2010-03-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attackers to execute arbitrary SQL commands via the (1) txtgender and (2) txtlookgender parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
35 |
CVE-2010-1094 |
89 |
1
|
Exec Code Sql |
2010-03-24 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
36 |
CVE-2010-1093 |
89 |
|
Exec Code Sql |
2010-03-24 |
2010-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action. |
|
37 |
CVE-2010-1092 |
89 |
1
|
Exec Code Sql |
2010-03-24 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters. |
|
38 |
CVE-2010-1090 |
89 |
2
|
Exec Code Sql |
2010-03-24 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter. |
|
39 |
CVE-2010-1089 |
89 |
1
|
Exec Code Sql |
2010-03-24 |
2010-03-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
40 |
CVE-2010-1078 |
89 |
|
Exec Code Sql Bypass |
2010-03-23 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism. |
|
41 |
CVE-2010-1077 |
22 |
2
|
Dir. Trav. |
2010-03-23 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter. |
|
42 |
CVE-2010-1075 |
89 |
1
|
Exec Code Sql |
2010-03-23 |
2010-03-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter. |
|
43 |
CVE-2010-1073 |
89 |
1
|
Exec Code Sql |
2010-03-23 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php. |
|
44 |
CVE-2010-1071 |
89 |
2
|
Exec Code Sql |
2010-03-23 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
45 |
CVE-2010-1070 |
89 |
2
|
Exec Code Sql |
2010-03-23 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in ImagoScripts Deviant Art Clone allows remote attackers to execute arbitrary SQL commands via the seid parameter in a forums viewcat action. |
|
46 |
CVE-2010-1069 |
89 |
2
|
Exec Code Sql |
2010-03-23 |
2010-03-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in games/game.php in ProArcadeScript allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
47 |
CVE-2010-1063 |
22 |
|
Exec Code Dir. Trav. |
2010-03-23 |
2010-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form/app/common.inc.php, and (3) staff/app/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
48 |
CVE-2010-1062 |
22 |
2
|
Exec Code Dir. Trav. |
2010-03-23 |
2010-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information. |
|
49 |
CVE-2010-1061 |
22 |
|
Exec Code Dir. Trav. |
2010-03-23 |
2010-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) url/app/common.inc.php and (2) codelib/cfg/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
50 |
CVE-2010-1060 |
22 |
2
|
Exec Code Dir. Trav. |
2010-03-23 |
2010-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. |
