CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2010-1110 22 1 Dir. Trav. 2010-03-25 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in phpMySport 1.4 allows remote attackers to list arbitrary directories via a .. (dot dot) in the current_folder parameter.
52 CVE-2010-1109 89 1 Exec Code Sql 2010-03-25 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) v2 parameter in a member view action, (2) v1 parameter in a news action, (3) v1 parameter in an information action, (4) v2 parameter in a team view action, (5) v2 parameter in a club view action, or (6) v2 parameter in a matches view action.
53 CVE-2010-1108 79 XSS 2010-03-25 2017-08-17
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors.
54 CVE-2010-1107 79 XSS 2010-03-25 2017-08-17
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."
55 CVE-2010-1106 94 1 Exec Code File Inclusion 2010-03-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
56 CVE-2010-1105 79 1 XSS 2010-03-25 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in cgi/index.php in AdvertisementManager 3.1.0 and 3.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter.
57 CVE-2010-1104 79 XSS 2010-03-25 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
58 CVE-2010-1103 189 Overflow Bypass 2010-03-24 2018-10-10
5.0
None Remote Low Not required None Partial None
Integer overflow in Stainless allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.
59 CVE-2010-1102 189 Overflow Bypass 2010-03-24 2018-10-10
5.0
None Remote Low Not required None Partial None
Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.
60 CVE-2010-1101 189 Overflow Bypass 2010-03-24 2018-10-10
5.0
None Remote Low Not required None Partial None
Integer overflow in Alexander Clauss iCab allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.
61 CVE-2010-1100 189 Overflow Bypass 2010-03-24 2018-10-10
5.0
None Remote Low Not required None Partial None
Integer overflow in Arora allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.
62 CVE-2010-1099 264 Overflow Bypass 2010-03-24 2018-10-10
5.0
None Remote Low Not required None Partial None
Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.
63 CVE-2010-1098 399 DoS 2010-03-24 2017-08-17
7.1
None Remote Medium Not required None None Complete
The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file.
64 CVE-2010-1097 287 Bypass 2010-03-24 2010-12-14
6.8
None Remote Medium Not required Partial Partial Partial
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php.
65 CVE-2010-1096 89 Exec Code Sql 2010-03-24 2010-03-25
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attackers to execute arbitrary SQL commands via the (1) txtgender and (2) txtlookgender parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
66 CVE-2010-1095 79 XSS 2010-03-24 2010-12-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
67 CVE-2010-1094 89 1 Exec Code Sql 2010-03-24 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.
68 CVE-2010-1093 89 Exec Code Sql 2010-03-24 2010-12-14
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action.
69 CVE-2010-1092 89 1 Exec Code Sql 2010-03-24 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters.
70 CVE-2010-1091 79 2 XSS 2010-03-24 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters.
71 CVE-2010-1090 89 2 Exec Code Sql 2010-03-24 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter.
72 CVE-2010-1089 89 1 Exec Code Sql 2010-03-24 2010-03-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
73 CVE-2010-1082 22 Dir. Trav. 2010-03-23 2010-03-24
4.3
None Remote Medium Not required Partial None None
Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via directory traversal sequences in the (1) theme parameter to loadStyles.php and the (2) scripts parameter to javascript/loadScripts.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
74 CVE-2010-1081 22 1 Dir. Trav. 2010-03-23 2010-03-24
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
75 CVE-2010-1080 79 1 XSS 2010-03-23 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter.
76 CVE-2010-1079 79 XSS 2010-03-23 2010-03-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
77 CVE-2010-1078 89 Exec Code Sql Bypass 2010-03-23 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism.
78 CVE-2010-1077 22 2 Dir. Trav. 2010-03-23 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.
79 CVE-2010-1076 79 XSS 2010-03-23 2010-03-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
80 CVE-2010-1075 89 1 Exec Code Sql 2010-03-23 2010-03-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter.
81 CVE-2010-1074 79 XSS 2010-03-23 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging.
82 CVE-2010-1073 89 1 Exec Code Sql 2010-03-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php.
83 CVE-2010-1072 79 2 XSS 2010-03-23 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS 2.21 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
84 CVE-2010-1071 89 2 Exec Code Sql 2010-03-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
85 CVE-2010-1070 89 2 Exec Code Sql 2010-03-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in ImagoScripts Deviant Art Clone allows remote attackers to execute arbitrary SQL commands via the seid parameter in a forums viewcat action.
86 CVE-2010-1069 89 2 Exec Code Sql 2010-03-23 2010-03-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in games/game.php in ProArcadeScript allows remote attackers to execute arbitrary SQL commands via the id parameter.
87 CVE-2010-1068 79 2 XSS 2010-03-23 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action.
88 CVE-2010-1067 264 1 2010-03-23 2017-08-17
5.0
None Remote Low Not required Partial None None
E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb.
89 CVE-2010-1066 264 2 2010-03-23 2017-08-17
5.0
None Remote Low Not required Partial None None
AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php.
90 CVE-2010-1065 264 1 2010-03-23 2017-08-17
5.0
None Remote Low Not required Partial None None
Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb.
91 CVE-2010-1064 264 2 2010-03-23 2017-08-17
5.0
None Remote Low Not required Partial None None
Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb.
92 CVE-2010-1063 22 Exec Code Dir. Trav. 2010-03-23 2010-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form/app/common.inc.php, and (3) staff/app/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
93 CVE-2010-1062 22 2 Exec Code Dir. Trav. 2010-03-23 2010-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information.
94 CVE-2010-1061 22 Exec Code Dir. Trav. 2010-03-23 2010-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) url/app/common.inc.php and (2) codelib/cfg/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
95 CVE-2010-1060 22 2 Exec Code Dir. Trav. 2010-03-23 2010-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
96 CVE-2010-1059 22 Exec Code Dir. Trav. 2010-03-23 2010-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
97 CVE-2010-1058 22 2 Exec Code Dir. Trav. 2010-03-23 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
98 CVE-2010-1057 22 1 Exec Code Dir. Trav. 2010-03-23 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php. NOTE: some of these details are obtained from third party information.
99 CVE-2010-1056 22 2 Dir. Trav. 2010-03-23 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
100 CVE-2010-1055 94 1 Exec Code File Inclusion 2010-03-23 2017-08-17
5.1
None Remote High Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information.
Total number of vulnerabilities : 513   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.