CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2010 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2009-4762 264 Bypass 2010-03-29 2010-05-27
7.5
None Remote Low Not required Partial Partial Partial
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
302 CVE-2009-4761 119 2 Exec Code Overflow 2010-03-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file.
303 CVE-2009-4760 264 1 2010-03-29 2017-09-19
5.0
None Remote Low Not required Partial None None
Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/guestbook.mdb.
304 CVE-2009-4759 119 1 DoS Exec Code Overflow 2010-03-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .BMX file.
305 CVE-2009-4758 119 1 DoS Exec Code Overflow 2010-03-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in dicas Mpegable Player 2.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .YUV file.
306 CVE-2009-4757 119 1 DoS Exec Code Overflow 2010-03-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details are obtained from third party information.
307 CVE-2009-4756 119 4 Exec Code Overflow 2010-03-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
308 CVE-2009-4755 119 2 Exec Code Overflow 2010-03-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Mercury Audio Player 1.21 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .b4s or (2) .pls playlist file.
309 CVE-2009-4754 119 2 Exec Code Overflow 2010-03-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
310 CVE-2009-4753 119 1 DoS Overflow 2010-03-29 2018-10-10
7.1
None Remote Medium Not required None None Complete
Multiple buffer overflows in the FTP server on the Addonics NAS Adapter NASU2FW41 with loader 1.17 allow remote attackers to cause a denial of service (TCP/IP outage) via long arguments to the (1) XRMD, (2) delete, (3) RNFR, or (4) RNTO command.
311 CVE-2009-4752 94 Exec Code File Inclusion 2010-03-26 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter.
312 CVE-2009-4751 89 Exec Code Sql 2010-03-26 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.
313 CVE-2009-4750 94 Exec Code File Inclusion 2010-03-26 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
314 CVE-2009-4749 89 2 Exec Code Sql 2010-03-26 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php.
315 CVE-2009-4748 89 2 Exec Code Sql 2010-03-26 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.
316 CVE-2009-4747 94 Exec Code File Inclusion 2010-03-26 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220.
317 CVE-2009-4745 89 Exec Code Sql 2010-03-26 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) sortField, (2) sortDesc, or (3) pageNumber parameter in a login action.
318 CVE-2009-4742 89 Exec Code Sql 2010-03-26 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to the certificate module, reachable through index.php.
319 CVE-2009-4741 2010-03-26 2010-03-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors.
320 CVE-2009-4740 22 Dir. Trav. 2010-03-26 2010-03-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors.
321 CVE-2009-4739 94 1 Exec Code Dir. Trav. File Inclusion 2010-03-26 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to execute arbitrary PHP code via a URL in the language_id parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
322 CVE-2009-4735 89 1 Exec Code Sql 2010-03-18 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
323 CVE-2009-4734 89 1 Exec Code Sql 2010-03-18 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
324 CVE-2009-4733 89 1 Exec Code Sql 2010-03-18 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
325 CVE-2009-4732 89 1 Exec Code Sql 2010-03-18 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tt_name parameter. NOTE: some of these details are obtained from third party information.
326 CVE-2009-4731 89 1 Exec Code Sql 2010-03-18 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in photos.php in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allows remote attackers to execute arbitrary SQL commands via the album parameter.
327 CVE-2009-4730 89 1 Exec Code Sql 2010-03-18 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in report.php in x10 Adult Media Script 1.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.
328 CVE-2009-4728 89 1 Exec Code Sql 2010-03-18 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the administrative interface in Questions Answered 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
329 CVE-2009-4727 89 1 Exec Code Sql 2010-03-18 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter.
330 CVE-2009-4726 22 1 Dir. Trav. 2010-03-18 2017-09-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
331 CVE-2009-4725 22 1 Dir. Trav. 2010-03-18 2017-09-19
5.1
None Remote High Not required Partial Partial Partial
Directory traversal vulnerability in modules/aljazeera/admin/setup.php in Arab Portal 2.2 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
332 CVE-2009-4724 89 1 Exec Code Sql 2010-03-18 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.
333 CVE-2009-4723 22 1 Dir. Trav. 2010-03-18 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
334 CVE-2009-4722 89 1 Exec Code Sql 2010-03-18 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
335 CVE-2009-4721 89 1 Exec Code Sql 2010-03-18 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. NOTE: some of these details are obtained from third party information.
336 CVE-2009-4720 89 Exec Code Sql 2010-03-18 2010-06-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
337 CVE-2009-4719 89 1 Exec Code Sql 2010-03-18 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows remote attackers to execute arbitrary SQL commands via the more parameter.
338 CVE-2009-4718 89 Exec Code Sql 2010-03-15 2010-03-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in visitorduration.php in Gonafish WebStatCaffe allows remote attackers to execute arbitrary SQL commands via the nodayshow parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
339 CVE-2009-4712 89 1 Exec Code Sql 2010-03-15 2010-03-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter.
340 CVE-2009-4711 89 Exec Code Sql 2010-03-15 2010-03-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.
341 CVE-2009-4710 89 Exec Code Sql 2010-03-15 2010-03-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
342 CVE-2009-4709 89 Exec Code Sql 2010-03-15 2010-03-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
343 CVE-2009-4708 89 Exec Code Sql 2010-03-15 2010-03-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
344 CVE-2009-4704 +Info 2010-03-15 2010-03-16
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
345 CVE-2009-4703 89 Exec Code Sql 2010-03-15 2010-03-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
346 CVE-2009-4702 89 Exec Code Sql 2010-03-15 2010-03-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
347 CVE-2009-4701 89 Exec Code Sql 2010-03-15 2010-03-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
348 CVE-2009-4700 22 1 Dir. Trav. 2010-03-15 2017-09-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a .. (dot dot) in the layout parameter.
349 CVE-2009-4698 89 2 Exec Code Sql 2010-03-15 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.
350 CVE-2009-4696 89 1 Exec Code Sql 2010-03-10 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
Total number of vulnerabilities : 382   Page : 1 2 3 4 5 6 7 (This Page)8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.