CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2010-0968 89 1 Exec Code Sql 2010-03-16 2010-03-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 allows remote attackers to execute arbitrary SQL commands via the click parameter.
352 CVE-2010-0969 399 DoS 2010-03-16 2011-06-02
5.0
None Remote Low Not required None None Partial
Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
353 CVE-2010-0970 89 1 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
354 CVE-2010-0971 79 2 XSS 2010-03-16 2017-08-17
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.
355 CVE-2010-0972 22 1 Dir. Trav. 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
356 CVE-2010-0973 89 1 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in phppool media Domain Verkaus and Auktions Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
357 CVE-2010-0974 89 2 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) video_show.php, (2) spotlight_detail.php, (3) real_estate_details.php, and (4) auto_details.php.
358 CVE-2010-0975 94 2 Exec Code File Inclusion 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in external.php in PHPCityPortal allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
359 CVE-2010-0976 264 2 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory."
360 CVE-2010-0977 264 2 2010-03-16 2010-03-17
5.0
None Remote Low Not required Partial None None
PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.
361 CVE-2010-0978 264 2 2010-03-16 2017-08-17
5.0
None Remote Low Not required Partial None None
KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.
362 CVE-2010-0979 79 1 XSS 2010-03-16 2010-03-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.
363 CVE-2010-0980 89 2 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter.
364 CVE-2010-0981 89 2 Exec Code Sql 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php.
365 CVE-2010-0982 22 1 Dir. Trav. 2010-03-16 2010-03-17
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
366 CVE-2010-0983 94 2 Exec Code File Inclusion 2010-03-16 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156.
367 CVE-2010-0984 264 2 2010-03-16 2017-08-17
5.0
None Remote Low Not required Partial None None
Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb.
368 CVE-2010-0985 22 1 Dir. Trav. 2010-03-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
369 CVE-2010-0988 94 Exec Code 2010-03-26 2018-10-10
6.0
None Remote Medium ??? Partial Partial Partial
Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.
370 CVE-2010-0989 22 Dir. Trav. 2010-03-26 2018-10-10
5.5
None Remote Low ??? Partial Partial None
Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter.
371 CVE-2010-1003 22 Dir. Trav. 2010-03-19 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter.
372 CVE-2010-1004 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
373 CVE-2010-1005 79 XSS 2010-03-19 2010-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
374 CVE-2010-1006 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
375 CVE-2010-1007 200 +Info 2010-03-19 2010-03-22
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
376 CVE-2010-1008 79 XSS 2010-03-19 2010-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
377 CVE-2010-1009 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
378 CVE-2010-1010 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
379 CVE-2010-1011 79 XSS 2010-03-19 2010-06-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
380 CVE-2010-1012 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
381 CVE-2010-1013 89 Exec Code Sql 2010-03-19 2010-06-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
382 CVE-2010-1014 79 XSS 2010-03-19 2010-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
383 CVE-2010-1015 89 Exec Code Sql 2010-03-19 2010-06-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
384 CVE-2010-1016 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
385 CVE-2010-1017 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
386 CVE-2010-1018 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
387 CVE-2010-1019 89 Exec Code Sql 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
388 CVE-2010-1020 79 XSS 2010-03-19 2010-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
389 CVE-2010-1021 79 XSS 2010-03-19 2010-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
390 CVE-2010-1022 287 Bypass 2010-03-19 2010-03-22
7.5
None Remote Low Not required Partial Partial Partial
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
391 CVE-2010-1023 79 XSS 2010-03-19 2017-11-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the UserTask Center, Recent (taskcenter_recent) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
392 CVE-2010-1024 89 Exec Code Sql 2010-03-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
393 CVE-2010-1025 79 XSS 2010-03-19 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
394 CVE-2010-1026 89 Exec Code Sql 2010-03-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
395 CVE-2010-1027 89 Exec Code Sql 2010-03-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
396 CVE-2010-1028 189 Exec Code Overflow 2010-03-19 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.
397 CVE-2010-1029 399 2 DoS Exec Code 2010-03-19 2019-09-26
5.0
None Remote Low Not required None None Partial
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.
398 CVE-2010-1030 DoS 2010-03-31 2017-09-19
4.4
None Local Medium ??? None None Complete
Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.
399 CVE-2010-1040 287 Bypass 2010-03-23 2010-03-24
5.8
None Remote Medium Not required Partial Partial None
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
400 CVE-2010-1041 2010-03-23 2010-06-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors.
Total number of vulnerabilities : 513   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.