| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
51 |
CVE-2010-2754 |
200 |
|
+Info |
2010-07-30 |
2017-09-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. |
|
52 |
CVE-2010-2753 |
189 |
|
Exec Code Overflow |
2010-07-30 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. |
|
53 |
CVE-2010-2752 |
189 |
|
Exec Code Overflow |
2010-07-30 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers. |
|
54 |
CVE-2010-2751 |
264 |
|
|
2010-07-30 |
2017-09-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions. |
|
55 |
CVE-2010-2724 |
79 |
|
XSS |
2010-07-13 |
2017-08-17 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form. |
|
56 |
CVE-2010-2723 |
79 |
|
XSS |
2010-07-13 |
2010-07-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
57 |
CVE-2010-2722 |
79 |
|
XSS |
2010-07-13 |
2010-07-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artist_id parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
58 |
CVE-2010-2721 |
89 |
2
|
Exec Code Sql |
2010-07-13 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action. |
|
59 |
CVE-2010-2720 |
89 |
1
|
Exec Code Sql |
2010-07-13 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. |
|
60 |
CVE-2010-2719 |
89 |
1
|
Exec Code Sql |
2010-07-13 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
61 |
CVE-2010-2718 |
79 |
1
|
XSS |
2010-07-13 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php. |
|
62 |
CVE-2010-2717 |
79 |
|
XSS |
2010-07-13 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in manager/login.php in CruxSoftware CruxCMS 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the txtusername parameter. |
|
63 |
CVE-2010-2716 |
89 |
2
|
Exec Code Sql |
2010-07-13 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) ndetail.php and (2) print.php. |
|
64 |
CVE-2010-2715 |
79 |
1
|
XSS |
2010-07-13 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter. |
|
65 |
CVE-2010-2714 |
89 |
1
|
Exec Code Sql |
2010-07-13 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter. |
|
66 |
CVE-2010-2704 |
119 |
|
Exec Code Overflow |
2010-07-28 |
2018-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe. |
|
67 |
CVE-2010-2703 |
119 |
1
|
Exec Code Overflow |
2010-07-28 |
2018-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe. |
|
68 |
CVE-2010-2702 |
119 |
|
Exec Code Overflow |
2010-07-12 |
2017-08-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request. |
|
69 |
CVE-2010-2701 |
119 |
1
|
Exec Code Overflow |
2010-07-12 |
2017-08-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow remote attackers to execute arbitrary code via (1) the GetFromURL member or (2) a long argument to the RasIsConnected method. |
|
70 |
CVE-2010-2700 |
79 |
1
|
XSS |
2010-07-12 |
2010-07-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to inject arbitrary web script or HTML via the search parameter. |
|
71 |
CVE-2010-2699 |
89 |
1
|
Exec Code Sql |
2010-07-12 |
2010-07-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to execute arbitrary SQL commands via the search parameter. |
|
72 |
CVE-2010-2698 |
79 |
1
|
XSS |
2010-07-12 |
2017-08-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
73 |
CVE-2010-2697 |
79 |
1
|
XSS |
2010-07-12 |
2017-08-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information. |
|
74 |
CVE-2010-2696 |
89 |
1
|
Exec Code Sql |
2010-07-12 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter. |
|
75 |
CVE-2010-2695 |
22 |
|
Dir. Trav. |
2010-07-12 |
2018-10-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands. |
|
76 |
CVE-2010-2694 |
89 |
1
|
Exec Code Sql |
2010-07-12 |
2010-07-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php. |
|
77 |
CVE-2010-2693 |
264 |
|
DoS +Priv |
2010-07-13 |
2010-07-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call. |
|
78 |
CVE-2010-2692 |
79 |
1
|
XSS |
2010-07-12 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment. |
|
79 |
CVE-2010-2691 |
89 |
2
|
Exec Code Sql |
2010-07-12 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php. |
|
80 |
CVE-2010-2690 |
89 |
1
|
Exec Code Sql |
2010-07-12 |
2010-07-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php. |
|
81 |
CVE-2010-2689 |
89 |
2
|
Exec Code Sql |
2010-07-12 |
2010-07-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS allows remote attackers to execute arbitrary SQL commands via the cf_id parameter. |
|
82 |
CVE-2010-2688 |
89 |
2
|
Exec Code Sql |
2010-07-12 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
|
83 |
CVE-2010-2687 |
89 |
2
|
Exec Code Sql |
2010-07-12 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in printdetail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the Id parameter. |
|
84 |
CVE-2010-2686 |
89 |
|
Exec Code Sql |
2010-07-12 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters, as reachable from olk/c_p/searchCart.asp, and other unspecified vectors when performing an advanced search. NOTE: some of these details are obtained from third party information. |
|
85 |
CVE-2010-2685 |
264 |
2
|
Bypass |
2010-07-12 |
2016-10-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request. |
|
86 |
CVE-2010-2684 |
89 |
2
|
Exec Code Sql |
2010-07-12 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
87 |
CVE-2010-2683 |
89 |
2
|
Exec Code Sql |
2010-07-12 |
2010-07-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in result.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the sub_catid parameter. |
|
88 |
CVE-2010-2682 |
22 |
2
|
Dir. Trav. |
2010-07-12 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. |
|
89 |
CVE-2010-2681 |
94 |
1
|
Exec Code File Inclusion |
2010-07-12 |
2010-07-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php. |
|
90 |
CVE-2010-2680 |
22 |
2
|
Dir. Trav. |
2010-07-12 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. |
|
91 |
CVE-2010-2679 |
89 |
1
|
Exec Code Sql |
2010-07-08 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. |
|
92 |
CVE-2010-2678 |
89 |
|
Exec Code Sql |
2010-07-08 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. |
|
93 |
CVE-2010-2677 |
94 |
2
|
Exec Code File Inclusion |
2010-07-08 |
2017-08-17 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information. |
|
94 |
CVE-2010-2676 |
22 |
2
|
Dir. Trav. |
2010-07-08 |
2017-08-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters. |
|
95 |
CVE-2010-2675 |
79 |
2
|
XSS |
2010-07-08 |
2010-07-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action. |
|
96 |
CVE-2010-2674 |
89 |
2
|
Exec Code Sql |
2010-07-08 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action. |
|
97 |
CVE-2010-2673 |
89 |
2
|
Exec Code Sql |
2010-07-08 |
2010-07-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
98 |
CVE-2010-2672 |
89 |
|
Exec Code Sql |
2010-07-08 |
2010-07-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature. |
|
99 |
CVE-2010-2671 |
79 |
|
XSS |
2010-07-08 |
2010-07-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter. |
|
100 |
CVE-2010-2670 |
89 |
1
|
Exec Code Sql |
2010-07-08 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter. |
