CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2010 (CVSS score >= 1)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2010-0980 89 2 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter.
152 CVE-2010-0979 79 1 XSS 2010-03-16 2010-03-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.
153 CVE-2010-0978 264 2 2010-03-16 2017-08-17
5.0
None Remote Low Not required Partial None None
KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.
154 CVE-2010-0977 264 2 2010-03-16 2010-03-17
5.0
None Remote Low Not required Partial None None
PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.
155 CVE-2010-0976 264 2 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory."
156 CVE-2010-0975 94 2 Exec Code File Inclusion 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in external.php in PHPCityPortal allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
157 CVE-2010-0974 89 2 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) video_show.php, (2) spotlight_detail.php, (3) real_estate_details.php, and (4) auto_details.php.
158 CVE-2010-0973 89 1 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in phppool media Domain Verkaus and Auktions Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
159 CVE-2010-0972 22 1 Dir. Trav. 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
160 CVE-2010-0971 79 2 XSS 2010-03-16 2017-08-17
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.
161 CVE-2010-0970 89 1 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
162 CVE-2010-0969 399 DoS 2010-03-16 2011-06-02
5.0
None Remote Low Not required None None Partial
Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
163 CVE-2010-0968 89 1 Exec Code Sql 2010-03-16 2010-03-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 allows remote attackers to execute arbitrary SQL commands via the click parameter.
164 CVE-2010-0967 22 1 Dir. Trav. 2010-03-16 2017-08-17
5.1
None Remote High Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the style parameter to (1) colorvoid/footer.php, (2) default-green/footer.php, (3) default-orange/footer.php, and (4) default/footer.php in themes/. NOTE: some of these details are obtained from third party information.
165 CVE-2010-0966 94 1 Exec Code File Inclusion 2010-03-16 2010-03-17
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
166 CVE-2010-0965 264 1 2010-03-16 2017-08-17
5.0
None Remote Low Not required Partial None None
Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb.
167 CVE-2010-0964 89 2 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.
168 CVE-2010-0963 79 XSS 2010-03-16 2010-03-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information.
169 CVE-2010-0962 264 2010-03-10 2018-10-10
5.0
None Remote Low Not required None Partial None
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command.
170 CVE-2010-0961 119 Overflow +Priv 2010-03-10 2017-09-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
171 CVE-2010-0960 119 Overflow +Priv 2010-03-10 2017-09-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
172 CVE-2010-0959 79 XSS 2010-03-10 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter.
173 CVE-2010-0958 22 2 Dir. Trav. 2010-03-10 2010-03-10
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information.
174 CVE-2010-0957 22 2 Dir. Trav. 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter.
175 CVE-2010-0956 89 1 Exec Code Sql 2010-03-10 2010-06-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
176 CVE-2010-0955 89 2 Exec Code Sql 2010-03-10 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
177 CVE-2010-0954 89 1 Exec Code Sql 2010-03-10 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter.
178 CVE-2010-0953 22 1 Dir. Trav. 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.
179 CVE-2010-0952 89 2 Exec Code Sql 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action.
180 CVE-2010-0951 89 2 Exec Code Sql 2010-03-10 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter.
181 CVE-2010-0950 89 1 Exec Code Sql 2010-03-10 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php.
182 CVE-2010-0949 79 1 XSS 2010-03-10 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php.
183 CVE-2010-0948 89 2 Exec Code Sql 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
184 CVE-2010-0947 79 1 XSS 2010-03-10 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
185 CVE-2010-0946 89 Exec Code Sql 2010-03-08 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php.
186 CVE-2010-0945 89 1 Exec Code Sql 2010-03-08 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
187 CVE-2010-0944 22 2 Dir. Trav. 2010-03-08 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
188 CVE-2010-0943 22 2 Dir. Trav. 2010-03-08 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
189 CVE-2010-0942 22 2 Dir. Trav. 2010-03-08 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
190 CVE-2010-0941 79 2 XSS 2010-03-08 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php.
191 CVE-2010-0940 79 2 XSS 2010-03-08 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
192 CVE-2010-0939 264 2 2010-03-08 2017-08-17
5.0
None Remote Low Not required Partial None None
Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb.
193 CVE-2010-0938 79 2 XSS 2010-03-08 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action.
194 CVE-2010-0937 2010-03-08 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Visualization Library before 2009.08.812 have unknown impact and attack vectors.
195 CVE-2010-0936 79 1 XSS 2010-03-08 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
196 CVE-2010-0935 264 2010-03-05 2010-03-08
4.6
None Remote High ??? Partial Partial Partial
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
197 CVE-2010-0934 78 Exec Code 2010-03-05 2010-03-08
7.1
None Remote High ??? Complete Complete Complete
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.
198 CVE-2010-0933 22 Dir. Trav. 2010-03-05 2012-06-15
6.8
None Remote Low ??? None Complete None
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.
199 CVE-2010-0932 20 DoS 2010-03-05 2010-03-08
5.0
None Remote Low Not required None None Partial
The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command.
200 CVE-2010-0931 20 DoS 2010-03-05 2010-03-08
5.0
None Remote Low Not required None None Partial
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value.
Total number of vulnerabilities : 513   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.