CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2010-0680 22 1 Dir. Trav. 2010-02-22 2010-02-23
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
52 CVE-2010-0679 119 3 Exec Code Overflow 2010-02-22 2010-02-23
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.
53 CVE-2010-0678 94 2 Exec Code File Inclusion 2010-02-22 2010-02-23
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter.
54 CVE-2010-0677 89 2 Exec Code Sql 2010-02-22 2010-02-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter.
55 CVE-2010-0676 22 1 Dir. Trav. 2010-02-22 2010-02-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter.
56 CVE-2010-0675 79 1 XSS 2010-02-22 2010-02-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details are obtained from third party information.
57 CVE-2010-0674 264 2 2010-02-22 2017-08-17
5.0
None Remote Low Not required Partial None None
StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb.
58 CVE-2010-0673 89 2 Exec Code Sql 2010-02-22 2010-02-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter.
59 CVE-2010-0672 89 2 Exec Code Sql 2010-02-22 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter.
60 CVE-2010-0671 89 2 Exec Code Sql 2010-02-22 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action.
61 CVE-2010-0670 200 +Info 2010-02-22 2017-08-17
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors.
62 CVE-2010-0669 2010-02-26 2010-03-31
7.5
None Remote Low Not required Partial Partial Partial
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.
63 CVE-2010-0668 2010-02-26 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.
64 CVE-2010-0667 200 +Info 2010-02-26 2010-03-01
5.0
None Remote Low Not required Partial None None
MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.
65 CVE-2010-0666 DoS 2010-02-19 2010-02-22
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926.
66 CVE-2010-0665 264 1 +Info 2010-02-19 2017-08-17
5.0
None Remote Low Not required Partial None None
JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql.
67 CVE-2010-0664 399 DoS 2010-02-18 2017-09-19
5.0
None Remote Low Not required None None Partial
Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring.
68 CVE-2010-0663 200 +Info 2010-02-18 2017-09-19
5.0
None Remote Low Not required Partial None None
The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas.
69 CVE-2010-0662 189 DoS Overflow 2010-02-18 2017-09-19
5.0
None Remote Low Not required None None Partial
The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access to cause a denial of service or possibly have unspecified other impact via bitmap data, related to deserialization.
70 CVE-2010-0661 264 Bypass 2010-02-18 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.
71 CVE-2010-0660 200 +Info 2010-02-18 2017-09-19
5.0
None Remote Low Not required Partial None None
Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging.
72 CVE-2010-0659 399 Exec Code 2010-02-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.
73 CVE-2010-0658 189 DoS Exec Code Overflow Mem. Corr. 2010-02-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in Skia, as used in Google Chrome before 4.0.249.78, allow remote attackers to execute arbitrary code in the Chrome sandbox or cause a denial of service (memory corruption and application crash) via vectors involving CANVAS elements.
74 CVE-2010-0657 +Info 2010-02-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.
75 CVE-2010-0656 200 +Info 2010-02-18 2017-09-19
4.3
None Remote Medium Not required Partial None None
WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.
76 CVE-2010-0655 399 DoS Exec Code 2010-02-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site.
77 CVE-2010-0654 200 +Info 2010-02-18 2017-09-19
4.3
None Remote Medium Not required Partial None None
Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
78 CVE-2010-0653 200 +Info 2010-02-18 2010-09-21
4.3
None Remote Medium Not required Partial None None
Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
79 CVE-2010-0652 200 +Info 2010-02-18 2021-07-23
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document.
80 CVE-2010-0651 200 +Info 2010-02-18 2017-09-19
4.3
None Remote Medium Not required Partial None None
WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
81 CVE-2010-0650 264 Bypass 2010-02-18 2018-11-16
2.6
None Remote High Not required None Partial None
WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.
82 CVE-2010-0649 189 DoS Overflow Mem. Corr. 2010-02-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the CrossCallParamsEx::CreateFromBuffer function in sandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89 allows attackers to leverage renderer access to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a malformed message, related to deserializing of sandbox messages.
83 CVE-2010-0648 200 +Info 2010-02-18 2017-09-19
4.3
None Remote Medium Not required Partial None None
Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.
84 CVE-2010-0647 94 Exec Code 2010-02-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.
85 CVE-2010-0646 189 Exec Code 2010-02-18 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.
86 CVE-2010-0645 189 Exec Code Overflow 2010-02-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.
87 CVE-2010-0644 200 +Info 2010-02-18 2017-09-19
4.3
None Remote Medium Not required Partial None None
Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is configured, sends DNS queries directly, which allows remote DNS servers to obtain potentially sensitive information about the identity of a client user via request logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.
88 CVE-2010-0643 200 +Info 2010-02-18 2017-09-19
4.3
None Remote Medium Not required Partial None None
Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.
89 CVE-2010-0642 200 1 +Info 2010-02-17 2017-08-17
5.0
None Remote Low Not required Partial None None
Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4) appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml, (d) webline/html/forms/callbackICM.jhtml, (e) webline/html/agent/AgentFrame.jhtml, (f) webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml, (h) webline/html/multichatui/nowDefunctWindow.jhtml, (i) browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k) msccallme/mscCallForm.jhtml, and (l) webline/html/admin/wcs/LoginPage.jhtml components.
90 CVE-2010-0641 79 1 XSS 2010-02-17 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter.
91 CVE-2010-0640 79 XSS 2010-02-24 2018-10-10
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.
92 CVE-2010-0639 DoS 2010-02-15 2010-08-02
5.0
None Remote Low Not required None None Partial
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
93 CVE-2010-0638 352 CSRF 2010-02-15 2010-02-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
94 CVE-2010-0637 352 CSRF 2010-02-12 2012-10-13
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests that (1) delete an event or (2) ban an IP address from posting via unknown vectors. NOTE: some of these details are obtained from third party information.
95 CVE-2010-0636 79 XSS 2010-02-12 2012-10-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the (1) tab parameter to users.php and the PATH_INFO to (2) day.php, (3) month.php, and (4) week.php. NOTE: some of these details are obtained from third party information.
96 CVE-2010-0635 89 Exec Code Sql 2010-02-12 2010-02-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
97 CVE-2010-0634 2010-02-12 2010-02-15
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.35 has unknown impact and attack vectors.
98 CVE-2010-0633 Bypass 2010-02-12 2010-03-18
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors.
99 CVE-2010-0632 89 2 Exec Code Sql 2010-02-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to index.php.
100 CVE-2010-0631 89 1 Exec Code Sql 2010-02-12 2010-02-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in Eicra Car Rental-Script, when the plugin_id parameter is 4, allow remote attackers to execute arbitrary SQL commands via the (1) users (username) and (2) passwords parameters.
Total number of vulnerabilities : 308   Page : 1 2 (This Page)3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.