CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2010 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-4756 119 4 Exec Code Overflow 2010-03-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
2 CVE-2010-1090 89 2 Exec Code Sql 2010-03-24 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter.
3 CVE-2010-1077 22 2 Dir. Trav. 2010-03-23 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.
4 CVE-2010-1071 89 2 Exec Code Sql 2010-03-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
5 CVE-2010-1070 89 2 Exec Code Sql 2010-03-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in ImagoScripts Deviant Art Clone allows remote attackers to execute arbitrary SQL commands via the seid parameter in a forums viewcat action.
6 CVE-2010-1069 89 2 Exec Code Sql 2010-03-23 2010-03-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in games/game.php in ProArcadeScript allows remote attackers to execute arbitrary SQL commands via the id parameter.
7 CVE-2010-1062 22 2 Exec Code Dir. Trav. 2010-03-23 2010-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information.
8 CVE-2010-1060 22 2 Exec Code Dir. Trav. 2010-03-23 2010-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
9 CVE-2010-1058 22 2 Exec Code Dir. Trav. 2010-03-23 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
10 CVE-2010-1056 22 2 Dir. Trav. 2010-03-23 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
11 CVE-2010-1050 89 2 Exec Code Sql 2010-03-23 2010-03-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter.
12 CVE-2010-1047 89 2 Exec Code Sql 2010-03-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action.
13 CVE-2010-1044 89 2 Exec Code Sql 2010-03-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter.
14 CVE-2010-0983 94 2 Exec Code File Inclusion 2010-03-16 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156.
15 CVE-2010-0981 89 2 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php.
16 CVE-2010-0980 89 2 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter.
17 CVE-2010-0976 264 2 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory."
18 CVE-2010-0975 94 2 Exec Code File Inclusion 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in external.php in PHPCityPortal allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
19 CVE-2010-0974 89 2 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) video_show.php, (2) spotlight_detail.php, (3) real_estate_details.php, and (4) auto_details.php.
20 CVE-2010-0964 89 2 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.
21 CVE-2010-0958 22 2 Dir. Trav. 2010-03-10 2010-03-10
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information.
22 CVE-2010-0957 22 2 Dir. Trav. 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter.
23 CVE-2010-0955 89 2 Exec Code Sql 2010-03-10 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
24 CVE-2010-0952 89 2 Exec Code Sql 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action.
25 CVE-2010-0951 89 2 Exec Code Sql 2010-03-10 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter.
26 CVE-2010-0948 89 2 Exec Code Sql 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
27 CVE-2010-0803 89 2 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php.
28 CVE-2010-0802 89 2 Exec Code Sql 2010-03-02 2010-03-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
29 CVE-2010-0796 89 2 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to index.php.
30 CVE-2010-0764 89 2 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action.
31 CVE-2010-0762 89 2 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
32 CVE-2010-0761 89 2 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action.
33 CVE-2009-4761 119 2 Exec Code Overflow 2010-03-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file.
34 CVE-2009-4755 119 2 Exec Code Overflow 2010-03-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Mercury Audio Player 1.21 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .b4s or (2) .pls playlist file.
35 CVE-2009-4754 119 2 Exec Code Overflow 2010-03-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
36 CVE-2009-4749 89 2 Exec Code Sql 2010-03-26 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php.
37 CVE-2009-4748 89 2 Exec Code Sql 2010-03-26 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.
38 CVE-2009-4698 89 2 Exec Code Sql 2010-03-15 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.
39 CVE-2009-4680 89 2 Exec Code Sql 2010-03-10 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter.
40 CVE-2009-4660 119 2 Exec Code Overflow 2010-03-03 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to execute arbitrary code via a long GET request to TCP port 6660.
41 CVE-2010-1219 22 1 Dir. Trav. 2010-03-30 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
42 CVE-2010-1216 94 1 Exec Code File Inclusion 2010-03-30 2010-06-18
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. NOTE: some of these details are obtained from third party information.
43 CVE-2010-1179 189 1 DoS Exec Code 2010-03-29 2010-03-30
9.3
None Remote Medium Not required Complete Complete Complete
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024.
44 CVE-2010-1176 94 1 DoS Exec Code 2010-03-29 2010-03-30
9.3
None Remote Medium Not required Complete Complete Complete
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075.
45 CVE-2010-1132 78 1 Exec Code 2010-03-27 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
46 CVE-2010-1114 94 1 Exec Code File Inclusion 2010-03-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php.
47 CVE-2010-1109 89 1 Exec Code Sql 2010-03-25 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) v2 parameter in a member view action, (2) v1 parameter in a news action, (3) v1 parameter in an information action, (4) v2 parameter in a team view action, (5) v2 parameter in a club view action, or (6) v2 parameter in a matches view action.
48 CVE-2010-1106 94 1 Exec Code File Inclusion 2010-03-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
49 CVE-2010-1094 89 1 Exec Code Sql 2010-03-24 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.
50 CVE-2010-1092 89 1 Exec Code Sql 2010-03-24 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters.
Total number of vulnerabilities : 319   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.