CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2010 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-2518 264 +Priv 2010-06-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), allows remote attackers to gain privileges via unknown vectors. NOTE: some of these details are obtained from third party information.
2 CVE-2010-2517 2010-06-30 2010-07-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.
3 CVE-2010-2516 89 Exec Code Sql 2010-06-29 2010-06-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
4 CVE-2010-2515 89 1 Exec Code Sql 2010-06-28 2010-06-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information.
5 CVE-2010-2513 89 2 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
6 CVE-2010-2512 89 1 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
7 CVE-2010-2511 89 1 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter.
8 CVE-2010-2510 89 1 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter.
9 CVE-2010-2508 89 1 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter.
10 CVE-2010-2507 22 2 Dir. Trav. 2010-06-28 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
11 CVE-2010-2504 +Info 2010-06-28 2010-06-29
6.0
None Remote Medium ??? Partial Partial Partial
Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.
12 CVE-2010-2502 22 Dir. Trav. 2010-06-28 2010-06-29
7.5
None Remote Medium ??? Complete Partial Partial
Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067.
13 CVE-2010-2468 310 2010-06-25 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password.
14 CVE-2010-2462 89 2 Exec Code Sql 2010-06-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP allows remote attackers to execute arbitrary SQL commands via the id parameter in a cancel action.
15 CVE-2010-2461 89 2 Exec Code Sql 2010-06-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter.
16 CVE-2010-2460 89 1 Exec Code Sql 2010-06-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter.
17 CVE-2010-2459 89 2 Exec Code Sql 2010-06-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter.
18 CVE-2010-2456 22 2 Dir. Trav. File Inclusion 2010-06-25 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate.
19 CVE-2010-2452 22 Dir. Trav. 2010-06-29 2012-11-06
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors.
20 CVE-2010-2451 134 2010-06-29 2012-11-06
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors.
21 CVE-2010-2440 119 1 Exec Code Overflow 2010-06-24 2010-06-25
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in st-wizard.exe in Subtitle Translation Wizard 3.0 allows user-assisted remote attackers to execute arbitrary code via a crafted SRT file with a long line after a time range. NOTE: some of these details are obtained from third party information.
22 CVE-2010-2439 119 2 Exec Code Overflow 2010-06-24 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file).
23 CVE-2010-2438 89 1 Exec Code Sql 2010-06-24 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php.
24 CVE-2010-2436 89 Exec Code Sql 2010-06-24 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
25 CVE-2010-2434 120 Exec Code Overflow 2010-06-25 2020-08-05
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion.
26 CVE-2010-2425 22 Dir. Trav. 2010-06-24 2018-10-10
6.5
None Remote Low ??? Partial Partial Partial
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command.
27 CVE-2010-2421 2010-06-22 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues.
28 CVE-2010-2420 DoS Exec Code 2010-06-22 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser 1.0.0 and 1.0.5 alpha, a module for the Sleipnir web browser, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the Gecko engine.
29 CVE-2010-2359 89 1 Exec Code Sql 2010-06-21 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706.
30 CVE-2010-2357 89 1 Exec Code Sql 2010-06-21 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.
31 CVE-2010-2354 89 2 Exec Code Sql 2010-06-21 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.
32 CVE-2010-2351 119 1 Exec Code Overflow 2010-06-21 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.
33 CVE-2010-2350 119 DoS Exec Code Overflow 2010-06-21 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNG file.
34 CVE-2010-2348 119 1 Exec Code Overflow 2010-06-21 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0.0.0 and earlier allows remote attackers to execute arbitrary code via a long line in a .WAV file.
35 CVE-2010-2345 352 CSRF 2010-06-21 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password, and other unspecified requests.
36 CVE-2010-2343 119 2 Exec Code Overflow 2010-06-21 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
37 CVE-2010-2342 89 1 Exec Code Sql 2010-06-21 2010-06-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady Online Notebook Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
38 CVE-2010-2341 94 2 Exec Code File Inclusion 2010-06-18 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter.
39 CVE-2010-2340 89 1 Exec Code Sql 2010-06-18 2010-06-21
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action.
40 CVE-2010-2339 89 1 Exec Code Sql 2010-06-18 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x allows remote attackers to execute arbitrary SQL commands via the categoryids[] parameter in an update_pages action.
41 CVE-2010-2338 89 2 Exec Code Sql 2010-06-18 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information.
42 CVE-2010-2335 89 1 Exec Code Sql 2010-06-18 2010-06-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter.
43 CVE-2010-2331 119 1 Exec Code Overflow 2010-06-18 2010-06-21
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to execute arbitrary code via a long HEAD request.
44 CVE-2010-2330 119 1 DoS Exec Code Overflow 2010-06-18 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Length header.
45 CVE-2010-2329 119 2 Exec Code Overflow 2010-06-18 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote attackers to execute arbitrary code via a long playlist entry in a .m3u file.
46 CVE-2010-2324 2010-06-18 2010-06-24
7.5
None Remote Low Not required Partial Partial Partial
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors.
47 CVE-2010-2321 119 1 Exec Code Overflow 2010-06-18 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote attackers to execute arbitrary code via a crafted .indd file.
48 CVE-2010-2319 89 1 Exec Code Sql 2010-06-17 2010-06-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter.
49 CVE-2010-2317 89 1 Exec Code Sql 2010-06-17 2010-06-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp.
50 CVE-2010-2315 94 1 Exec Code File Inclusion 2010-06-17 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter.
Total number of vulnerabilities : 297   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.