CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2010-0918 2010-03-03 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors.
302 CVE-2010-0919 119 Exec Code Overflow 2010-03-03 2017-08-17
7.6
None Remote High Not required Complete Complete Complete
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.
303 CVE-2010-0920 79 XSS CSRF 2010-03-03 2010-03-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
304 CVE-2010-0921 352 XSS CSRF 2010-03-03 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
305 CVE-2010-0922 DoS 2010-03-03 2010-03-04
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP 5300-11-02 allows attackers to cause a denial of service (LDAP login failure) via unknown vectors. NOTE: some of these details are obtained from third party information. NOTE: there may be no attacker role, and the issue may be triggered entirely by an administrator's installation of an official service pack.
306 CVE-2010-0923 362 Bypass 2010-03-03 2010-03-04
6.9
None Local Medium Not required Complete Complete Complete
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.
307 CVE-2010-0924 DoS 2010-03-03 2010-03-04
5.0
None Remote Low Not required None None Partial
cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element.
308 CVE-2010-0925 DoS 2010-03-03 2010-03-04
5.0
None Remote Low Not required None None Partial
cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element.
309 CVE-2010-0926 22 Dir. Trav. 2010-03-10 2010-09-09
3.5
None Remote Medium ??? Partial None None
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
310 CVE-2010-0927 79 XSS 2010-03-05 2010-03-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920.
311 CVE-2010-0928 310 2010-03-05 2017-08-17
4.0
None Local High Not required Complete None None
OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
312 CVE-2010-0929 20 DoS 2010-03-05 2010-03-08
5.0
None Remote Low Not required None None Partial
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff.
313 CVE-2010-0930 399 DoS 2010-03-05 2010-03-08
5.0
None Remote Low Not required None None Partial
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number.
314 CVE-2010-0931 20 DoS 2010-03-05 2010-03-08
5.0
None Remote Low Not required None None Partial
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value.
315 CVE-2010-0932 20 DoS 2010-03-05 2010-03-08
5.0
None Remote Low Not required None None Partial
The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command.
316 CVE-2010-0933 22 Dir. Trav. 2010-03-05 2012-06-15
6.8
None Remote Low ??? None Complete None
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.
317 CVE-2010-0934 78 Exec Code 2010-03-05 2010-03-08
7.1
None Remote High ??? Complete Complete Complete
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.
318 CVE-2010-0935 264 2010-03-05 2010-03-08
4.6
None Remote High ??? Partial Partial Partial
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
319 CVE-2010-0936 79 1 XSS 2010-03-08 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
320 CVE-2010-0937 2010-03-08 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Visualization Library before 2009.08.812 have unknown impact and attack vectors.
321 CVE-2010-0938 79 2 XSS 2010-03-08 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action.
322 CVE-2010-0939 264 2 2010-03-08 2017-08-17
5.0
None Remote Low Not required Partial None None
Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb.
323 CVE-2010-0940 79 2 XSS 2010-03-08 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
324 CVE-2010-0941 79 2 XSS 2010-03-08 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php.
325 CVE-2010-0942 22 2 Dir. Trav. 2010-03-08 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
326 CVE-2010-0943 22 2 Dir. Trav. 2010-03-08 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
327 CVE-2010-0944 22 2 Dir. Trav. 2010-03-08 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
328 CVE-2010-0945 89 1 Exec Code Sql 2010-03-08 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
329 CVE-2010-0946 89 Exec Code Sql 2010-03-08 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php.
330 CVE-2010-0947 79 1 XSS 2010-03-10 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
331 CVE-2010-0948 89 2 Exec Code Sql 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
332 CVE-2010-0949 79 1 XSS 2010-03-10 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php.
333 CVE-2010-0950 89 1 Exec Code Sql 2010-03-10 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php.
334 CVE-2010-0951 89 2 Exec Code Sql 2010-03-10 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter.
335 CVE-2010-0952 89 2 Exec Code Sql 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action.
336 CVE-2010-0953 22 1 Dir. Trav. 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.
337 CVE-2010-0954 89 1 Exec Code Sql 2010-03-10 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter.
338 CVE-2010-0955 89 2 Exec Code Sql 2010-03-10 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
339 CVE-2010-0956 89 1 Exec Code Sql 2010-03-10 2010-06-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
340 CVE-2010-0957 22 2 Dir. Trav. 2010-03-10 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter.
341 CVE-2010-0958 22 2 Dir. Trav. 2010-03-10 2010-03-10
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information.
342 CVE-2010-0959 79 XSS 2010-03-10 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter.
343 CVE-2010-0960 119 Overflow +Priv 2010-03-10 2017-09-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
344 CVE-2010-0961 119 Overflow +Priv 2010-03-10 2017-09-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
345 CVE-2010-0962 264 2010-03-10 2018-10-10
5.0
None Remote Low Not required None Partial None
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command.
346 CVE-2010-0963 79 XSS 2010-03-16 2010-03-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information.
347 CVE-2010-0964 89 2 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.
348 CVE-2010-0965 264 1 2010-03-16 2017-08-17
5.0
None Remote Low Not required Partial None None
Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb.
349 CVE-2010-0966 94 1 Exec Code File Inclusion 2010-03-16 2010-03-17
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
350 CVE-2010-0967 22 1 Dir. Trav. 2010-03-16 2017-08-17
5.1
None Remote High Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the style parameter to (1) colorvoid/footer.php, (2) default-green/footer.php, (3) default-orange/footer.php, and (4) default/footer.php in themes/. NOTE: some of these details are obtained from third party information.
Total number of vulnerabilities : 513   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.