CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2010 (CVSS score >= 5)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2010-1092 89 1 Exec Code Sql 2010-03-24 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters.
52 CVE-2010-1090 89 2 Exec Code Sql 2010-03-24 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter.
53 CVE-2010-1089 89 1 Exec Code Sql 2010-03-24 2010-03-25
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
54 CVE-2010-1081 22 1 Dir. Trav. 2010-03-23 2010-03-24
5.0
 None Remote Low Not required Partial None None
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
55 CVE-2010-1078 89 Exec Code Sql Bypass 2010-03-23 2018-10-10
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism.
56 CVE-2010-1077 22 2 Dir. Trav. 2010-03-23 2017-08-17
6.8
 None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.
57 CVE-2010-1075 89 1 Exec Code Sql 2010-03-23 2010-03-24
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter.
58 CVE-2010-1073 89 1 Exec Code Sql 2010-03-23 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php.
59 CVE-2010-1071 89 2 Exec Code Sql 2010-03-23 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
60 CVE-2010-1070 89 2 Exec Code Sql 2010-03-23 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in ImagoScripts Deviant Art Clone allows remote attackers to execute arbitrary SQL commands via the seid parameter in a forums viewcat action.
61 CVE-2010-1069 89 2 Exec Code Sql 2010-03-23 2010-03-24
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in games/game.php in ProArcadeScript allows remote attackers to execute arbitrary SQL commands via the id parameter.
62 CVE-2010-1067 264 1 2010-03-23 2017-08-17
5.0
 None Remote Low Not required Partial None None
E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb.
63 CVE-2010-1066 264 2 2010-03-23 2017-08-17
5.0
 None Remote Low Not required Partial None None
AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php.
64 CVE-2010-1065 264 1 2010-03-23 2017-08-17
5.0
 None Remote Low Not required Partial None None
Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb.
65 CVE-2010-1064 264 2 2010-03-23 2017-08-17
5.0
 None Remote Low Not required Partial None None
Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb.
66 CVE-2010-1063 22 Exec Code Dir. Trav. 2010-03-23 2010-03-24
6.8
 None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form/app/common.inc.php, and (3) staff/app/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
67 CVE-2010-1062 22 2 Exec Code Dir. Trav. 2010-03-23 2010-03-24
6.8
 None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information.
68 CVE-2010-1061 22 Exec Code Dir. Trav. 2010-03-23 2010-03-24
6.8
 None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) url/app/common.inc.php and (2) codelib/cfg/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
69 CVE-2010-1060 22 2 Exec Code Dir. Trav. 2010-03-23 2010-03-24
6.8
 None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
70 CVE-2010-1059 22 Exec Code Dir. Trav. 2010-03-23 2010-03-24
6.8
 None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
71 CVE-2010-1058 22 2 Exec Code Dir. Trav. 2010-03-23 2017-08-17
6.8
 None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
72 CVE-2010-1057 22 1 Exec Code Dir. Trav. 2010-03-23 2017-08-17
6.8
 None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php. NOTE: some of these details are obtained from third party information.
73 CVE-2010-1056 22 2 Dir. Trav. 2010-03-23 2017-08-17
6.8
 None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
74 CVE-2010-1055 94 1 Exec Code File Inclusion 2010-03-23 2017-08-17
5.1
 None Remote High Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information.
75 CVE-2010-1054 89 1 Exec Code Sql 2010-03-23 2018-10-10
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp.
76 CVE-2010-1053 89 1 Exec Code Sql 2010-03-23 2017-08-17
6.8
 None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php. NOTE: some of these details are obtained from third party information.
77 CVE-2010-1051 89 Exec Code Sql 2010-03-23 2010-03-23
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) month parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
78 CVE-2010-1050 89 2 Exec Code Sql 2010-03-23 2010-03-23
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter.
79 CVE-2010-1049 89 1 Exec Code Sql 2010-03-23 2013-09-12
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php.
80 CVE-2010-1047 89 2 Exec Code Sql 2010-03-23 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action.
81 CVE-2010-1046 89 1 Exec Code Sql 2010-03-23 2010-03-23
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters.
82 CVE-2010-1045 89 1 Exec Code Sql 2010-03-23 2010-03-23
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party information.
83 CVE-2010-1044 89 2 Exec Code Sql 2010-03-23 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter.
84 CVE-2010-1043 22 1 Dir. Trav. 2010-03-23 2010-03-23
7.5
 None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
85 CVE-2010-1041 2010-03-23 2010-06-11
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors.
86 CVE-2010-1040 287 Bypass 2010-03-23 2010-03-24
5.8
 None Remote Medium Not required Partial Partial None
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
87 CVE-2010-1029 399 2 DoS Exec Code 2010-03-19 2019-09-26
5.0
 None Remote Low Not required None None Partial
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.
88 CVE-2010-1028 189 Exec Code Overflow 2010-03-19 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.
89 CVE-2010-1027 89 Exec Code Sql 2010-03-19 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
90 CVE-2010-1026 89 Exec Code Sql 2010-03-19 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
91 CVE-2010-1024 89 Exec Code Sql 2010-03-19 2017-08-17
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
92 CVE-2010-1022 287 Bypass 2010-03-19 2010-03-22
7.5
 None Remote Low Not required Partial Partial Partial
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
93 CVE-2010-1019 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
94 CVE-2010-1018 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
95 CVE-2010-1017 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
96 CVE-2010-1016 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
97 CVE-2010-1015 89 Exec Code Sql 2010-03-19 2010-06-24
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
98 CVE-2010-1013 89 Exec Code Sql 2010-03-19 2010-06-25
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
99 CVE-2010-1012 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
100 CVE-2010-1010 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Total number of vulnerabilities : 382   Page : 1 2 (This Page)3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.