| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
101 |
CVE-2009-4746 |
79 |
|
XSS |
2010-03-26 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a poll_default login action. |
|
102 |
CVE-2009-4747 |
94 |
|
Exec Code File Inclusion |
2010-03-26 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220. |
|
103 |
CVE-2009-4748 |
89 |
2
|
Exec Code Sql |
2010-03-26 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php. |
|
104 |
CVE-2009-4749 |
89 |
2
|
Exec Code Sql |
2010-03-26 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php. |
|
105 |
CVE-2009-4750 |
94 |
|
Exec Code File Inclusion |
2010-03-26 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
|
106 |
CVE-2009-4751 |
89 |
|
Exec Code Sql |
2010-03-26 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action. |
|
107 |
CVE-2009-4752 |
94 |
|
Exec Code File Inclusion |
2010-03-26 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter. |
|
108 |
CVE-2009-4753 |
119 |
1
|
DoS Overflow |
2010-03-29 |
2018-10-10 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Multiple buffer overflows in the FTP server on the Addonics NAS Adapter NASU2FW41 with loader 1.17 allow remote attackers to cause a denial of service (TCP/IP outage) via long arguments to the (1) XRMD, (2) delete, (3) RNFR, or (4) RNTO command. |
|
109 |
CVE-2009-4754 |
119 |
2
|
Exec Code Overflow |
2010-03-29 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. |
|
110 |
CVE-2009-4755 |
119 |
2
|
Exec Code Overflow |
2010-03-29 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in Mercury Audio Player 1.21 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .b4s or (2) .pls playlist file. |
|
111 |
CVE-2009-4756 |
119 |
4
|
Exec Code Overflow |
2010-03-29 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. |
|
112 |
CVE-2009-4757 |
119 |
1
|
DoS Exec Code Overflow |
2010-03-29 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details are obtained from third party information. |
|
113 |
CVE-2009-4758 |
119 |
1
|
DoS Exec Code Overflow |
2010-03-29 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in dicas Mpegable Player 2.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .YUV file. |
|
114 |
CVE-2009-4759 |
119 |
1
|
DoS Exec Code Overflow |
2010-03-29 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .BMX file. |
|
115 |
CVE-2009-4760 |
264 |
1
|
|
2010-03-29 |
2017-09-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/guestbook.mdb. |
|
116 |
CVE-2009-4761 |
119 |
2
|
Exec Code Overflow |
2010-03-29 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file. |
|
117 |
CVE-2009-4762 |
264 |
|
Bypass |
2010-03-29 |
2010-05-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603. |
|
118 |
CVE-2009-4763 |
|
|
|
2010-03-30 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the ClickHeat plugin, as used in phpMyVisites before 2.4, has unknown impact and attack vectors. NOTE: due to lack of details from the vendor, it is not clear whether this is related to CVE-2008-5793. |
|
119 |
CVE-2010-0008 |
399 |
|
DoS |
2010-03-19 |
2018-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length. |
|
120 |
CVE-2010-0040 |
189 |
|
DoS Exec Code Overflow |
2010-03-15 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. |
|
121 |
CVE-2010-0041 |
200 |
|
+Info |
2010-03-15 |
2017-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. |
|
122 |
CVE-2010-0042 |
200 |
|
+Info |
2010-03-15 |
2017-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. |
|
123 |
CVE-2010-0043 |
94 |
|
DoS Exec Code Mem. Corr. |
2010-03-15 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. |
|
124 |
CVE-2010-0044 |
16 |
|
|
2010-03-15 |
2017-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. |
|
125 |
CVE-2010-0045 |
20 |
|
Exec Code |
2010-03-15 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. |
|
126 |
CVE-2010-0046 |
94 |
|
DoS Exec Code Mem. Corr. |
2010-03-15 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. |
|
127 |
CVE-2010-0047 |
399 |
|
DoS Exec Code |
2010-03-15 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." |
|
128 |
CVE-2010-0048 |
399 |
|
DoS Exec Code |
2010-03-15 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. |
|
129 |
CVE-2010-0049 |
399 |
|
DoS Exec Code |
2010-03-15 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. |
|
130 |
CVE-2010-0050 |
399 |
|
DoS Exec Code |
2010-03-15 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. |
|
131 |
CVE-2010-0051 |
20 |
|
+Info |
2010-03-15 |
2017-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. |
|
132 |
CVE-2010-0052 |
399 |
|
DoS Exec Code |
2010-03-15 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." |
|
133 |
CVE-2010-0053 |
399 |
|
DoS Exec Code |
2010-03-15 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property. |
|
134 |
CVE-2010-0054 |
399 |
|
DoS Exec Code |
2010-03-15 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements. |
|
135 |
CVE-2010-0055 |
|
|
|
2010-03-30 |
2020-01-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package. |
|
136 |
CVE-2010-0056 |
119 |
|
DoS Exec Code Overflow |
2010-03-30 |
2010-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. |
|
137 |
CVE-2010-0057 |
264 |
|
Bypass |
2010-03-30 |
2010-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. |
|
138 |
CVE-2010-0058 |
16 |
|
|
2010-03-30 |
2010-03-31 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system. |
|
139 |
CVE-2010-0059 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-03-30 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA. |
|
140 |
CVE-2010-0060 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-03-30 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding. |
|
141 |
CVE-2010-0062 |
119 |
|
DoS Exec Code Overflow |
2010-03-30 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation. |
|
142 |
CVE-2010-0063 |
|
|
|
2010-03-30 |
2010-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions. |
|
143 |
CVE-2010-0064 |
264 |
|
Bypass |
2010-03-30 |
2010-03-31 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users. |
|
144 |
CVE-2010-0065 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-03-30 |
2010-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression. |
|
145 |
CVE-2010-0103 |
94 |
|
|
2010-03-10 |
2010-03-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. |
|
146 |
CVE-2010-0104 |
|
|
Exec Code |
2010-03-18 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors. |
|
147 |
CVE-2010-0122 |
89 |
|
Exec Code Sql |
2010-03-15 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php. |
|
148 |
CVE-2010-0123 |
264 |
|
|
2010-03-15 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a "semi-predictable file name." |
|
149 |
CVE-2010-0124 |
255 |
|
+Info |
2010-03-15 |
2018-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. |
|
150 |
CVE-2010-0132 |
79 |
|
XSS |
2010-03-31 |
2018-10-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736. |
