CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2010 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2010-0956 89 1 Exec Code Sql 2010-03-10 2010-06-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
102 CVE-2010-0955 89 2 Exec Code Sql 2010-03-10 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
103 CVE-2010-0954 89 1 Exec Code Sql 2010-03-10 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter.
104 CVE-2010-0953 22 1 Dir. Trav. 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.
105 CVE-2010-0952 89 2 Exec Code Sql 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action.
106 CVE-2010-0951 89 2 Exec Code Sql 2010-03-10 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter.
107 CVE-2010-0950 89 1 Exec Code Sql 2010-03-10 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php.
108 CVE-2010-0948 89 2 Exec Code Sql 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
109 CVE-2010-0946 89 Exec Code Sql 2010-03-08 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php.
110 CVE-2010-0945 89 1 Exec Code Sql 2010-03-08 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
111 CVE-2010-0937 2010-03-08 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Visualization Library before 2009.08.812 have unknown impact and attack vectors.
112 CVE-2010-0934 78 Exec Code 2010-03-05 2010-03-08
7.1
None Remote High ??? Complete Complete Complete
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.
113 CVE-2010-0933 22 Dir. Trav. 2010-03-05 2012-06-15
6.8
None Remote Low ??? None Complete None
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.
114 CVE-2010-0923 362 Bypass 2010-03-03 2010-03-04
6.9
None Local Medium Not required Complete Complete Complete
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.
115 CVE-2010-0922 DoS 2010-03-03 2010-03-04
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP 5300-11-02 allows attackers to cause a denial of service (LDAP login failure) via unknown vectors. NOTE: some of these details are obtained from third party information. NOTE: there may be no attacker role, and the issue may be triggered entirely by an administrator's installation of an official service pack.
116 CVE-2010-0921 352 XSS CSRF 2010-03-03 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
117 CVE-2010-0919 119 Exec Code Overflow 2010-03-03 2017-08-17
7.6
None Remote High Not required Complete Complete Complete
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.
118 CVE-2010-0918 2010-03-03 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors.
119 CVE-2010-0917 119 Exec Code Overflow 2010-03-03 2019-02-26
7.6
None Remote High Not required Complete Complete Complete
Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
120 CVE-2010-0807 94 Exec Code Mem. Corr. 2010-03-31 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
121 CVE-2010-0806 399 Exec Code Mem. Corr. 2010-03-10 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
122 CVE-2010-0805 94 Exec Code Mem. Corr. 2010-03-31 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."
123 CVE-2010-0803 89 2 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php.
124 CVE-2010-0802 89 2 Exec Code Sql 2010-03-02 2010-03-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
125 CVE-2010-0800 89 1 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php.
126 CVE-2010-0798 89 Exec Code Sql 2010-03-02 2010-03-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
127 CVE-2010-0796 89 2 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to index.php.
128 CVE-2010-0795 89 1 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php.
129 CVE-2010-0793 119 DoS Exec Code Overflow 2010-03-16 2010-06-03
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header.
130 CVE-2010-0766 189 Exec Code Overflow 2010-03-03 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Swap4 function in valet4.dll in Luxology Modo 401 allows user-assisted remote attackers to execute arbitrary code via a .LXO file containing a CHNL subchunk associated with an invalid length.
131 CVE-2010-0764 89 2 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action.
132 CVE-2010-0763 89 1 Exec Code Sql 2010-03-02 2010-03-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CommodityRentals Vacation Rental Software allows remote attackers to execute arbitrary SQL commands via the rental_id parameter in a CalendarView action.
133 CVE-2010-0762 89 2 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
134 CVE-2010-0761 89 2 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action.
135 CVE-2010-0734 264 DoS 2010-03-19 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
136 CVE-2010-0732 362 Bypass 2010-03-19 2010-06-05
6.2
None Local High Not required Complete Complete Complete
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
137 CVE-2010-0731 119 Overflow Bypass 2010-03-26 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
138 CVE-2010-0729 264 +Priv 2010-03-16 2017-09-19
6.9
None Local Medium Not required Complete Complete Complete
A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call.
139 CVE-2010-0728 264 Bypass 2010-03-10 2010-03-10
8.5
None Remote Medium ??? Complete Complete Complete
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.
140 CVE-2010-0688 119 1 Exec Code Overflow 2010-03-19 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assisted remote attackers to execute arbitrary code via a crafted (1) .orb or (2) .ov file.
141 CVE-2010-0624 119 DoS Exec Code Overflow Mem. Corr. 2010-03-15 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
142 CVE-2010-0619 119 DoS Exec Code Overflow 2010-03-24 2018-10-10
7.3
None Remote High Not required Complete Partial Complete
Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang) via a long argument to a PJL INQUIRE command.
143 CVE-2010-0592 DoS 2010-03-05 2010-03-05
7.8
None Remote Low Not required None None Complete
The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800.
144 CVE-2010-0591 DoS Overflow 2010-03-05 2010-03-05
7.8
None Remote Low Not required None None Complete
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.
145 CVE-2010-0590 DoS 2010-03-05 2010-03-05
7.8
None Remote Low Not required None None Complete
The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188.
146 CVE-2010-0588 DoS 2010-03-05 2010-03-05
7.8
None Remote Low Not required None None Complete
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823.
147 CVE-2010-0587 DoS 2010-03-05 2010-03-05
7.8
None Remote Low Not required None None Complete
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.
148 CVE-2010-0586 DoS 2010-03-25 2017-09-19
7.8
None Remote Low Not required None None Complete
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability."
149 CVE-2010-0585 DoS 2010-03-25 2010-04-01
7.8
None Remote Low Not required None None Complete
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the "SCCP Packet Processing Denial of Service Vulnerability."
150 CVE-2010-0584 DoS 2010-03-25 2010-07-13
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250.
Total number of vulnerabilities : 319   Page : 1 2 3 (This Page)4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.