CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2010 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2010-1050 89 2 Exec Code Sql 2010-03-23 2010-03-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter.
102 CVE-2010-1049 89 1 Exec Code Sql 2010-03-23 2013-09-12
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php.
103 CVE-2010-1048 79 1 XSS 2010-03-23 2010-03-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) in a noentryid action. NOTE: some of these details are obtained from third party information.
104 CVE-2010-1047 89 2 Exec Code Sql 2010-03-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action.
105 CVE-2010-1046 89 1 Exec Code Sql 2010-03-23 2010-03-23
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters.
106 CVE-2010-1045 89 1 Exec Code Sql 2010-03-23 2010-03-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party information.
107 CVE-2010-1044 89 2 Exec Code Sql 2010-03-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter.
108 CVE-2010-1043 22 1 Dir. Trav. 2010-03-23 2010-03-23
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
109 CVE-2010-1042 DoS Exec Code Mem. Corr. 2010-03-23 2017-08-17
4.3
None Remote Medium Not required None None Partial
Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
110 CVE-2010-1041 2010-03-23 2010-06-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors.
111 CVE-2010-1040 287 Bypass 2010-03-23 2010-03-24
5.8
None Remote Medium Not required Partial Partial None
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
112 CVE-2010-1030 DoS 2010-03-31 2017-09-19
4.4
None Local Medium ??? None None Complete
Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.
113 CVE-2010-1029 399 2 DoS Exec Code 2010-03-19 2019-09-26
5.0
None Remote Low Not required None None Partial
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.
114 CVE-2010-1028 189 Exec Code Overflow 2010-03-19 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.
115 CVE-2010-1027 89 Exec Code Sql 2010-03-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
116 CVE-2010-1026 89 Exec Code Sql 2010-03-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
117 CVE-2010-1025 79 XSS 2010-03-19 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
118 CVE-2010-1024 89 Exec Code Sql 2010-03-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
119 CVE-2010-1023 79 XSS 2010-03-19 2017-11-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the UserTask Center, Recent (taskcenter_recent) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
120 CVE-2010-1022 287 Bypass 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
121 CVE-2010-1021 79 XSS 2010-03-19 2010-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
122 CVE-2010-1020 79 XSS 2010-03-19 2010-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
123 CVE-2010-1019 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
124 CVE-2010-1018 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
125 CVE-2010-1017 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
126 CVE-2010-1016 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
127 CVE-2010-1015 89 Exec Code Sql 2010-03-19 2010-06-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
128 CVE-2010-1014 79 XSS 2010-03-19 2010-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
129 CVE-2010-1013 89 Exec Code Sql 2010-03-19 2010-06-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
130 CVE-2010-1012 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
131 CVE-2010-1011 79 XSS 2010-03-19 2010-06-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
132 CVE-2010-1010 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
133 CVE-2010-1009 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
134 CVE-2010-1008 79 XSS 2010-03-19 2010-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
135 CVE-2010-1007 200 +Info 2010-03-19 2010-03-22
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
136 CVE-2010-1006 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
137 CVE-2010-1005 79 XSS 2010-03-19 2010-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
138 CVE-2010-1004 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
139 CVE-2010-1003 22 Dir. Trav. 2010-03-19 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter.
140 CVE-2010-0989 22 Dir. Trav. 2010-03-26 2018-10-10
5.5
None Remote Low ??? Partial Partial None
Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter.
141 CVE-2010-0988 94 Exec Code 2010-03-26 2018-10-10
6.0
None Remote Medium ??? Partial Partial Partial
Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.
142 CVE-2010-0985 22 1 Dir. Trav. 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
143 CVE-2010-0984 264 2 2010-03-16 2017-08-17
5.0
None Remote Low Not required Partial None None
Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb.
144 CVE-2010-0983 94 2 Exec Code File Inclusion 2010-03-16 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156.
145 CVE-2010-0982 22 1 Dir. Trav. 2010-03-16 2010-03-17
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
146 CVE-2010-0981 89 2 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php.
147 CVE-2010-0980 89 2 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter.
148 CVE-2010-0979 79 1 XSS 2010-03-16 2010-03-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.
149 CVE-2010-0978 264 2 2010-03-16 2017-08-17
5.0
None Remote Low Not required Partial None None
KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.
150 CVE-2010-0977 264 2 2010-03-16 2010-03-17
5.0
None Remote Low Not required Partial None None
PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.
Total number of vulnerabilities : 496   Page : 1 2 3 (This Page)4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.