| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
52951 |
CVE-2010-1069 |
89 |
2
|
Exec Code Sql |
2010-03-23 |
2010-03-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in games/game.php in ProArcadeScript allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
52952 |
CVE-2010-1067 |
264 |
1
|
|
2010-03-23 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb. |
|
52953 |
CVE-2010-1066 |
264 |
2
|
|
2010-03-23 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php. |
|
52954 |
CVE-2010-1065 |
264 |
1
|
|
2010-03-23 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb. |
|
52955 |
CVE-2010-1064 |
264 |
2
|
|
2010-03-23 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb. |
|
52956 |
CVE-2010-1063 |
22 |
|
Exec Code Dir. Trav. |
2010-03-23 |
2010-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form/app/common.inc.php, and (3) staff/app/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
52957 |
CVE-2010-1062 |
22 |
2
|
Exec Code Dir. Trav. |
2010-03-23 |
2010-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information. |
|
52958 |
CVE-2010-1061 |
22 |
|
Exec Code Dir. Trav. |
2010-03-23 |
2010-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) url/app/common.inc.php and (2) codelib/cfg/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
52959 |
CVE-2010-1060 |
22 |
2
|
Exec Code Dir. Trav. |
2010-03-23 |
2010-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. |
|
52960 |
CVE-2010-1059 |
22 |
|
Exec Code Dir. Trav. |
2010-03-23 |
2010-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
52961 |
CVE-2010-1058 |
22 |
2
|
Exec Code Dir. Trav. |
2010-03-23 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. |
|
52962 |
CVE-2010-1057 |
22 |
1
|
Exec Code Dir. Trav. |
2010-03-23 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php. NOTE: some of these details are obtained from third party information. |
|
52963 |
CVE-2010-1056 |
22 |
2
|
Dir. Trav. |
2010-03-23 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. |
|
52964 |
CVE-2010-1055 |
94 |
1
|
Exec Code File Inclusion |
2010-03-23 |
2017-08-16 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information. |
|
52965 |
CVE-2010-1054 |
89 |
1
|
Exec Code Sql |
2010-03-23 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp. |
|
52966 |
CVE-2010-1053 |
89 |
1
|
Exec Code Sql |
2010-03-22 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php. NOTE: some of these details are obtained from third party information. |
|
52967 |
CVE-2010-1051 |
89 |
|
Exec Code Sql |
2010-03-22 |
2010-03-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) month parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
52968 |
CVE-2010-1050 |
89 |
2
|
Exec Code Sql |
2010-03-22 |
2010-03-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter. |
|
52969 |
CVE-2010-1049 |
89 |
1
|
Exec Code Sql |
2010-03-22 |
2013-09-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php. |
|
52970 |
CVE-2010-1047 |
89 |
2
|
Exec Code Sql |
2010-03-22 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action. |
|
52971 |
CVE-2010-1046 |
89 |
1
|
Exec Code Sql |
2010-03-22 |
2010-03-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters. |
|
52972 |
CVE-2010-1045 |
89 |
1
|
Exec Code Sql |
2010-03-22 |
2010-03-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party information. |
|
52973 |
CVE-2010-1044 |
89 |
2
|
Exec Code Sql |
2010-03-22 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter. |
|
52974 |
CVE-2010-1043 |
22 |
1
|
Dir. Trav. |
2010-03-22 |
2010-03-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter. |
|
52975 |
CVE-2010-1041 |
|
|
|
2010-03-22 |
2010-06-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors. |
|
52976 |
CVE-2010-1040 |
287 |
|
Bypass |
2010-03-23 |
2010-03-24 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing. |
|
52977 |
CVE-2010-1039 |
134 |
|
Exec Code |
2010-05-20 |
2018-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name. |
|
52978 |
CVE-2010-1038 |
|
|
+Priv |
2010-04-28 |
2019-10-09 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP System Insight Manager before 6.0 allows remote authenticated users to gain privileges via unknown vectors. |
|
52979 |
CVE-2010-1037 |
352 |
|
CSRF |
2010-04-28 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
|
52980 |
CVE-2010-1035 |
|
|
Exec Code |
2010-04-23 |
2018-10-10 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in HP Virtual Machine Manager (VMM) before 6.0 allow remote authenticated users to execute arbitrary code via unknown vectors. |
|
52981 |
CVE-2010-1033 |
119 |
|
Exec Code Overflow |
2010-04-21 |
2017-08-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll. |
|
52982 |
CVE-2010-1031 |
|
|
+Priv |
2010-04-01 |
2019-10-09 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux or ICE-LX) 2.11 and earlier allows local users to gain privileges via unknown vectors. |
|
52983 |
CVE-2010-1029 |
399 |
2
|
DoS Exec Code |
2010-03-19 |
2019-09-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. |
|
52984 |
CVE-2010-1028 |
189 |
|
Exec Code Overflow |
2010-03-19 |
2017-09-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. |
|
52985 |
CVE-2010-1027 |
89 |
|
Exec Code Sql |
2010-03-19 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
52986 |
CVE-2010-1026 |
89 |
|
Exec Code Sql |
2010-03-19 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
52987 |
CVE-2010-1024 |
89 |
|
Exec Code Sql |
2010-03-19 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
52988 |
CVE-2010-1022 |
287 |
|
Bypass |
2010-03-19 |
2010-03-22 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors. |
|
52989 |
CVE-2010-1019 |
89 |
|
Exec Code Sql |
2010-03-19 |
2010-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
52990 |
CVE-2010-1018 |
89 |
|
Exec Code Sql |
2010-03-19 |
2010-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
52991 |
CVE-2010-1017 |
89 |
|
Exec Code Sql |
2010-03-19 |
2010-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
52992 |
CVE-2010-1016 |
89 |
|
Exec Code Sql |
2010-03-19 |
2010-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
52993 |
CVE-2010-1015 |
89 |
|
Exec Code Sql |
2010-03-19 |
2010-06-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
52994 |
CVE-2010-1013 |
89 |
|
Exec Code Sql |
2010-03-19 |
2010-06-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
52995 |
CVE-2010-1012 |
89 |
|
Exec Code Sql |
2010-03-19 |
2010-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
52996 |
CVE-2010-1010 |
89 |
|
Exec Code Sql |
2010-03-19 |
2010-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
52997 |
CVE-2010-1009 |
89 |
|
Exec Code Sql |
2010-03-19 |
2010-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
52998 |
CVE-2010-1007 |
200 |
|
+Info |
2010-03-19 |
2010-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
|
52999 |
CVE-2010-1006 |
89 |
|
Exec Code Sql |
2010-03-19 |
2010-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
53000 |
CVE-2010-1004 |
89 |
|
Exec Code Sql |
2010-03-19 |
2010-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
