CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2010 (CVSS score >= 7)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-0759 22 2 Dir. Trav. 2010-02-27 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760.
2 CVE-2010-0758 89 2 Exec Code Sql 2010-02-27 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter.
3 CVE-2010-0755 94 2 Exec Code File Inclusion 2010-02-27 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter.
4 CVE-2010-0753 89 2 Exec Code Sql 2010-02-27 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information.
5 CVE-2010-0724 89 2 Exec Code Sql 2010-02-26 2010-04-15
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
6 CVE-2010-0723 89 4 Exec Code Sql 2010-02-26 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
7 CVE-2010-0722 89 1 Exec Code Sql 2010-02-26 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Php Auktion Pro allows remote attackers to execute arbitrary SQL commands via the id parameter.
8 CVE-2010-0721 89 2 Exec Code Sql 2010-02-26 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
9 CVE-2010-0720 89 2 Exec Code Sql 2010-02-26 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Erotik Auktionshaus allows remote attackers to execute arbitrary SQL commands via the id parameter.
10 CVE-2010-0717 16 2010-02-26 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.
11 CVE-2010-0710 89 Exec Code Sql 2010-02-25 2010-02-26
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when the sec parameter is 26. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
12 CVE-2010-0705 20 DoS Exec Code +Priv Mem. Corr. 2010-02-25 2018-10-10
7.2
 None Local Low Not required Complete Complete Complete
Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
13 CVE-2010-0702 89 2 Exec Code Sql 2010-02-23 2022-04-18
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
14 CVE-2010-0701 89 2 Exec Code Sql 2010-02-23 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
15 CVE-2010-0698 89 2 Exec Code Sql 2010-02-23 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.
16 CVE-2010-0694 89 2 Exec Code Sql 2010-02-23 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php.
17 CVE-2010-0693 89 2 Exec Code Sql 2010-02-23 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
18 CVE-2010-0692 89 Exec Code Sql 2010-02-23 2010-03-03
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information.
19 CVE-2010-0691 89 1 Exec Code Sql 2010-02-23 2010-03-03
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows remote attackers to execute arbitrary SQL commands via the s parameter.
20 CVE-2010-0690 89 2 Exec Code Sql 2010-02-23 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action.
21 CVE-2010-0689 Exec Code 2010-02-26 2018-10-10
10.0
 None Remote Low Not required Complete Complete Complete
The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors.
22 CVE-2010-0680 22 1 Dir. Trav. 2010-02-22 2010-02-23
7.5
 None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
23 CVE-2010-0679 119 3 Exec Code Overflow 2010-02-22 2010-02-23
9.3
 None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.
24 CVE-2010-0677 89 2 Exec Code Sql 2010-02-22 2010-02-23
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter.
25 CVE-2010-0673 89 2 Exec Code Sql 2010-02-22 2010-02-23
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter.
26 CVE-2010-0672 89 2 Exec Code Sql 2010-02-22 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter.
27 CVE-2010-0671 89 2 Exec Code Sql 2010-02-22 2018-10-10
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action.
28 CVE-2010-0669 2010-02-26 2010-03-31
7.5
 None Remote Low Not required Partial Partial Partial
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.
29 CVE-2010-0659 399 Exec Code 2010-02-18 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.
30 CVE-2010-0658 189 DoS Exec Code Overflow Mem. Corr. 2010-02-18 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in Skia, as used in Google Chrome before 4.0.249.78, allow remote attackers to execute arbitrary code in the Chrome sandbox or cause a denial of service (memory corruption and application crash) via vectors involving CANVAS elements.
31 CVE-2010-0657 +Info 2010-02-18 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.
32 CVE-2010-0655 399 DoS Exec Code 2010-02-18 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site.
33 CVE-2010-0649 189 DoS Overflow Mem. Corr. 2010-02-18 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Integer overflow in the CrossCallParamsEx::CreateFromBuffer function in sandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89 allows attackers to leverage renderer access to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a malformed message, related to deserializing of sandbox messages.
34 CVE-2010-0647 94 Exec Code 2010-02-18 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.
35 CVE-2010-0646 189 Exec Code 2010-02-18 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.
36 CVE-2010-0645 189 Exec Code Overflow 2010-02-18 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.
37 CVE-2010-0635 89 Exec Code Sql 2010-02-12 2010-02-15
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
38 CVE-2010-0634 2010-02-12 2010-02-15
7.5
 None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.35 has unknown impact and attack vectors.
39 CVE-2010-0632 89 2 Exec Code Sql 2010-02-12 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to index.php.
40 CVE-2010-0631 89 1 Exec Code Sql 2010-02-12 2010-02-15
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in Eicra Car Rental-Script, when the plugin_id parameter is 4, allow remote attackers to execute arbitrary SQL commands via the (1) users (username) and (2) passwords parameters.
41 CVE-2010-0630 89 2 Exec Code Sql 2010-02-12 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewjokes.php in Evernew Free Joke Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
42 CVE-2010-0620 22 Exec Code Dir. Trav. 2010-02-25 2018-10-10
9.3
 None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter.
43 CVE-2010-0616 255 1 +Priv Sql 2010-02-11 2018-10-10
7.5
 None Remote Low Not required Partial Partial Partial
evalSMSI 2.1.03 stores passwords in cleartext in the database, which allows attackers with database access to gain privileges. NOTE: remote attack vectors are possible by leveraging a separate SQL injection vulnerability.
44 CVE-2010-0614 89 1 Exec Code Sql 2010-02-11 2018-10-10
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions.
45 CVE-2010-0612 2010-02-11 2010-03-18
7.5
 None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in DocumentManager before 4.0 has unknown impact and attack vectors, related to file rights.
46 CVE-2010-0611 89 2 Exec Code Sql 2010-02-11 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
47 CVE-2010-0610 89 2 Exec Code Sql 2010-02-11 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist.
48 CVE-2010-0609 89 Exec Code Sql 2010-02-11 2010-11-03
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the nova_name cookie parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
49 CVE-2010-0608 89 2 Exec Code Sql 2010-02-11 2010-02-12
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter in a search action.
50 CVE-2010-0605 89 2 Exec Code Sql 2010-02-11 2010-02-12
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
Total number of vulnerabilities : 136   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.