| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2010-2112 |
22 |
|
Dir. Trav. |
2010-05-28 |
2010-06-01 |
8.8 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
None |
|
Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
2 |
CVE-2010-2110 |
|
|
Exec Code |
2010-05-28 |
2020-08-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors. |
|
3 |
CVE-2010-2109 |
|
|
DoS |
2010-05-28 |
2020-08-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality. |
|
4 |
CVE-2010-2108 |
|
|
Bypass |
2010-05-28 |
2020-08-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors. |
|
5 |
CVE-2010-2107 |
|
|
DoS |
2010-05-28 |
2020-08-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality. |
|
6 |
CVE-2010-2105 |
|
|
|
2010-05-28 |
2020-08-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors. |
|
7 |
CVE-2010-2102 |
119 |
1
|
Exec Code Overflow |
2010-05-27 |
2018-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Webby Webserver 1.01 allows remote attackers to execute arbitrary code via a long HTTP GET request. |
|
8 |
CVE-2010-2099 |
264 |
|
Exec Code |
2010-05-27 |
2010-05-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method. |
|
9 |
CVE-2010-2098 |
|
|
Sql |
2010-05-27 |
2012-12-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter. |
|
10 |
CVE-2010-2096 |
22 |
|
Dir. Trav. |
2010-05-27 |
2010-05-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. |
|
11 |
CVE-2010-2095 |
89 |
|
Exec Code Sql |
2010-05-27 |
2010-05-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter. |
|
12 |
CVE-2010-2092 |
89 |
|
Exec Code Sql Bypass |
2010-05-27 |
2012-02-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query. |
|
13 |
CVE-2010-2051 |
89 |
2
|
Exec Code Sql |
2010-05-25 |
2010-05-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in article.php in Debliteck DBCart allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
14 |
CVE-2010-2050 |
22 |
2
|
Dir. Trav. |
2010-05-25 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
|
15 |
CVE-2010-2047 |
89 |
1
|
Exec Code Sql |
2010-05-25 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information. |
|
16 |
CVE-2010-2045 |
22 |
2
|
Dir. Trav. |
2010-05-25 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. |
|
17 |
CVE-2010-2044 |
89 |
2
|
Exec Code Sql |
2010-05-25 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.php. |
|
18 |
CVE-2010-2042 |
89 |
2
|
Exec Code Sql |
2010-05-25 |
2010-05-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information. |
|
19 |
CVE-2010-2037 |
22 |
1
|
Dir. Trav. |
2010-05-25 |
2010-05-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. |
|
20 |
CVE-2010-2036 |
22 |
1
|
Dir. Trav. |
2010-05-25 |
2010-05-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. |
|
21 |
CVE-2010-2035 |
22 |
1
|
Dir. Trav. |
2010-05-25 |
2010-05-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. |
|
22 |
CVE-2010-2034 |
22 |
1
|
Dir. Trav. |
2010-05-25 |
2010-05-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. |
|
23 |
CVE-2010-2033 |
22 |
1
|
Dir. Trav. |
2010-05-25 |
2010-05-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. |
|
24 |
CVE-2010-2031 |
119 |
1
|
Overflow |
2010-05-24 |
2017-08-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device. |
|
25 |
CVE-2010-2028 |
119 |
2
|
DoS Exec Code Overflow |
2010-05-24 |
2017-08-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long transport mode. |
|
26 |
CVE-2010-2016 |
89 |
2
|
Exec Code Sql |
2010-05-24 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in details.php in Iceberg CMS allows remote attackers to execute arbitrary SQL commands via the p_id parameter. |
|
27 |
CVE-2010-2009 |
119 |
|
Exec Code Overflow |
2010-05-21 |
2010-05-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the media library in BS.Global BS.Player 2.51 build 1022, 2.41 build 1003, and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long ID3 tag in a .MP3 file. NOTE: some of these details are obtained from third party information. |
|
28 |
CVE-2010-2005 |
94 |
1
|
Exec Code File Inclusion |
2010-05-20 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php. |
|
29 |
CVE-2010-2004 |
119 |
1
|
Exec Code Overflow |
2010-05-20 |
2017-08-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vulnerability than CVE-2009-1068. |
|
30 |
CVE-2010-1994 |
89 |
|
Exec Code Sql |
2010-05-20 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO. |
|
31 |
CVE-2010-1988 |
|
1
|
DoS Exec Code |
2010-05-20 |
2018-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. |
|
32 |
CVE-2010-1983 |
22 |
2
|
Dir. Trav. |
2010-05-19 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. |
|
33 |
CVE-2010-1980 |
22 |
2
|
Dir. Trav. |
2010-05-19 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. |
|
34 |
CVE-2010-1977 |
22 |
1
|
Dir. Trav. |
2010-05-19 |
2010-05-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
|
35 |
CVE-2010-1957 |
22 |
2
|
Dir. Trav. |
2010-05-19 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
|
36 |
CVE-2010-1956 |
22 |
2
|
Dir. Trav. |
2010-05-19 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. |
|
37 |
CVE-2010-1955 |
22 |
2
|
Dir. Trav. |
2010-05-19 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
|
38 |
CVE-2010-1954 |
22 |
1
|
Dir. Trav. |
2010-05-19 |
2010-05-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. |
|
39 |
CVE-2010-1953 |
22 |
1
|
Dir. Trav. |
2010-05-19 |
2010-05-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
|
40 |
CVE-2010-1952 |
22 |
2
|
Dir. Trav. |
2010-05-19 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
|
41 |
CVE-2010-1949 |
89 |
1
|
Exec Code Sql |
2010-05-19 |
2010-05-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information. |
|
42 |
CVE-2010-1943 |
|
|
DoS |
2010-05-19 |
2010-05-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015. |
|
43 |
CVE-2010-1941 |
|
|
DoS |
2010-05-19 |
2010-05-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and earlier, allows remote attackers to cause a denial of service (OS shutdown or restart) via unknown vectors related to Client Service for DPM and crafted packets to port 56010. |
|
44 |
CVE-2010-1939 |
399 |
|
Exec Code |
2010-05-13 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. |
|
45 |
CVE-2010-1938 |
189 |
1
|
DoS Exec Code |
2010-05-28 |
2011-07-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd. |
|
46 |
CVE-2010-1925 |
89 |
2
|
Exec Code Sql |
2010-05-12 |
2010-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817. |
|
47 |
CVE-2010-1924 |
89 |
1
|
Exec Code Sql |
2010-05-12 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter. |
|
48 |
CVE-2010-1923 |
89 |
1
|
Exec Code Sql |
2010-05-12 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action. |
|
49 |
CVE-2010-1922 |
94 |
2
|
Exec Code File Inclusion |
2010-05-12 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the LibDir parameter to (1) lib/page/pageDescriptionObject.php, and (2) layoutHeaderFuncs.php, (3) layoutManager.php, and (4) layoutParser.php in lib/layout/. |
|
50 |
CVE-2010-1919 |
|
|
DoS |
2010-05-28 |
2014-05-05 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP. |
