# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
56001 |
CVE-2010-1007 |
200 |
|
+Info |
2010-03-19 |
2010-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
56002 |
CVE-2010-1005 |
79 |
|
XSS |
2010-03-19 |
2010-03-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
56003 |
CVE-2010-1003 |
22 |
|
Dir. Trav. |
2010-03-19 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter. |
56004 |
CVE-2010-1000 |
22 |
|
Dir. Trav. |
2010-05-17 |
2018-10-10 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. |
56005 |
CVE-2010-0997 |
79 |
|
XSS |
2010-04-20 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter. |
56006 |
CVE-2010-0996 |
|
|
Exec Code |
2010-04-20 |
2018-10-10 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required. |
56007 |
CVE-2010-0994 |
119 |
|
Exec Code Overflow |
2010-04-15 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library 2009.08.812 allow user-assisted remote attackers to execute arbitrary code via a crafted DAT file, related to the (1) vl::loadDAT and (2) vl::isDAT functions. |
56008 |
CVE-2010-0993 |
|
|
Exec Code |
2010-04-09 |
2018-10-10 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. |
56009 |
CVE-2010-0992 |
352 |
|
CSRF |
2010-04-09 |
2018-10-10 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that (1) upload image files, (2) delete image files, or (3) create blocks. |
56010 |
CVE-2010-0991 |
119 |
|
Exec Code Overflow |
2010-04-22 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h. |
56011 |
CVE-2010-0989 |
22 |
|
Dir. Trav. |
2010-03-26 |
2018-10-10 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter. |
56012 |
CVE-2010-0988 |
94 |
|
Exec Code |
2010-03-26 |
2018-10-10 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php. |
56013 |
CVE-2010-0984 |
264 |
2
|
|
2010-03-16 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb. |
56014 |
CVE-2010-0983 |
94 |
2
|
Exec Code File Inclusion |
2010-03-16 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156. |
56015 |
CVE-2010-0982 |
22 |
1
|
Dir. Trav. |
2010-03-16 |
2010-03-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
56016 |
CVE-2010-0979 |
79 |
1
|
XSS |
2010-03-16 |
2010-03-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. |
56017 |
CVE-2010-0978 |
264 |
2
|
|
2010-03-16 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. |
56018 |
CVE-2010-0977 |
264 |
2
|
|
2010-03-16 |
2010-03-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. |
56019 |
CVE-2010-0971 |
79 |
2
|
XSS |
2010-03-16 |
2017-08-16 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information. |
56020 |
CVE-2010-0969 |
399 |
|
DoS |
2010-03-16 |
2011-06-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. |
56021 |
CVE-2010-0967 |
22 |
1
|
Dir. Trav. |
2010-03-16 |
2017-08-16 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the style parameter to (1) colorvoid/footer.php, (2) default-green/footer.php, (3) default-orange/footer.php, and (4) default/footer.php in themes/. NOTE: some of these details are obtained from third party information. |
56022 |
CVE-2010-0966 |
94 |
1
|
Exec Code File Inclusion |
2010-03-16 |
2010-03-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. |
56023 |
CVE-2010-0965 |
264 |
1
|
|
2010-03-16 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb. |
56024 |
CVE-2010-0963 |
79 |
|
XSS |
2010-03-16 |
2010-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information. |
56025 |
CVE-2010-0962 |
264 |
|
|
2010-03-10 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command. |
56026 |
CVE-2010-0959 |
79 |
|
XSS |
2010-03-10 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter. |
56027 |
CVE-2010-0958 |
22 |
2
|
Dir. Trav. |
2010-03-10 |
2010-03-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information. |
56028 |
CVE-2010-0957 |
22 |
2
|
Dir. Trav. |
2010-03-10 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter. |
56029 |
CVE-2010-0953 |
22 |
1
|
Dir. Trav. |
2010-03-10 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. |
56030 |
CVE-2010-0952 |
89 |
2
|
Exec Code Sql |
2010-03-10 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action. |
56031 |
CVE-2010-0949 |
79 |
1
|
XSS |
2010-03-10 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php. |
56032 |
CVE-2010-0948 |
89 |
2
|
Exec Code Sql |
2010-03-10 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
56033 |
CVE-2010-0947 |
79 |
1
|
XSS |
2010-03-10 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. |
56034 |
CVE-2010-0944 |
22 |
2
|
Dir. Trav. |
2010-03-08 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
56035 |
CVE-2010-0943 |
22 |
2
|
Dir. Trav. |
2010-03-08 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php. |
56036 |
CVE-2010-0942 |
22 |
2
|
Dir. Trav. |
2010-03-08 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
56037 |
CVE-2010-0941 |
79 |
2
|
XSS |
2010-03-08 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php. |
56038 |
CVE-2010-0940 |
79 |
2
|
XSS |
2010-03-08 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter. |
56039 |
CVE-2010-0939 |
264 |
2
|
|
2010-03-08 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb. |
56040 |
CVE-2010-0938 |
79 |
2
|
XSS |
2010-03-08 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action. |
56041 |
CVE-2010-0936 |
79 |
1
|
XSS |
2010-03-08 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. |
56042 |
CVE-2010-0935 |
264 |
|
|
2010-03-05 |
2010-03-08 |
4.6 |
User |
Remote |
High |
Single system |
Partial |
Partial |
Partial |
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. |
56043 |
CVE-2010-0933 |
22 |
|
Dir. Trav. |
2010-03-05 |
2012-06-15 |
6.8 |
None |
Remote |
Low |
Single system |
None |
Complete |
None |
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command. |
56044 |
CVE-2010-0932 |
20 |
|
DoS |
2010-03-05 |
2010-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command. |
56045 |
CVE-2010-0931 |
20 |
|
DoS |
2010-03-05 |
2010-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value. |
56046 |
CVE-2010-0930 |
399 |
|
DoS |
2010-03-05 |
2010-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number. |
56047 |
CVE-2010-0929 |
20 |
|
DoS |
2010-03-05 |
2010-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff. |
56048 |
CVE-2010-0928 |
310 |
|
|
2010-03-05 |
2017-08-16 |
4.0 |
None |
Local |
High |
Not required |
Complete |
None |
None |
OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack." |
56049 |
CVE-2010-0927 |
79 |
|
XSS |
2010-03-05 |
2010-03-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920. |
56050 |
CVE-2010-0926 |
22 |
|
Dir. Trav. |
2010-03-10 |
2010-09-09 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options. |