CVE List - 2010 / March
Showing 301 - 400 of 513 CVEs for March 2010 (Page 4 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2010-1066 | 2010-03-23 | AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for... |
| CVE-2010-1067 | 2010-03-23 | E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb. |
| CVE-2010-1068 | 2010-03-23 | Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in... |
| CVE-2010-1069 | 2010-03-23 | SQL injection vulnerability in games/game.php in ProArcadeScript allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2010-1070 | 2010-03-23 | SQL injection vulnerability in index.php in ImagoScripts Deviant Art Clone allows remote attackers to execute arbitrary SQL commands via the seid parameter in a forums viewcat action. |
| CVE-2010-1071 | 2010-03-23 | SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2010-1072 | 2010-03-23 | Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS 2.21 allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| CVE-2010-1073 | 2010-03-23 | SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php. |
| CVE-2010-1074 | 2010-03-23 | Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging. |
| CVE-2010-1040 | 2010-03-23 | The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers... |
| CVE-2010-1077 | 2010-03-23 | Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter. |
| CVE-2010-1078 | 2010-03-23 | SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a... |
| CVE-2010-1080 | 2010-03-23 | Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter. |
| CVE-2010-1075 | 2010-03-23 | SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter. |
| CVE-2010-1076 | 2010-03-23 | Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly... |
| CVE-2010-1079 | 2010-03-23 | Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-1081 | 2010-03-23 | Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the... |
| CVE-2010-1082 | 2010-03-23 | Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via directory traversal sequences in the (1) theme parameter to loadStyles.php and... |
| CVE-2010-0437 | 2010-03-24 | The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which... |
| CVE-2010-1090 | 2010-03-24 | SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter. |
| CVE-2010-1091 | 2010-03-24 | Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and... |
| CVE-2010-1092 | 2010-03-24 | Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters. |
| CVE-2010-1094 | 2010-03-24 | SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2010-1098 | 2010-03-24 | The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory... |
| CVE-2010-1089 | 2010-03-24 | SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2010-1093 | 2010-03-24 | SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action. |
| CVE-2010-1095 | 2010-03-24 | Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.... |
| CVE-2010-1096 | 2010-03-24 | Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attackers to execute arbitrary SQL commands via the (1) txtgender and (2) txtlookgender parameters. NOTE: the provenance of... |
| CVE-2010-1097 | 2010-03-24 | include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated... |
| CVE-2010-0618 | 2010-03-24 | The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser and inkjet printers and MarkNet devices allows remote... |
| CVE-2010-0619 | 2010-03-24 | Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to... |
| CVE-2010-1099 | 2010-03-24 | Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type,... |
| CVE-2010-1100 | 2010-03-24 | Integer overflow in Arora allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as... |
| CVE-2010-1101 | 2010-03-24 | Integer overflow in Alexander Clauss iCab allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data... |
| CVE-2010-1102 | 2010-03-24 | Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as... |
| CVE-2010-1103 | 2010-03-24 | Integer overflow in Stainless allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as... |
| CVE-2009-2907 | 2010-03-24 | Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2,... |
| CVE-2010-1104 | 2010-03-25 | Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script... |
| CVE-2010-1105 | 2010-03-25 | Cross-site scripting (XSS) vulnerability in cgi/index.php in AdvertisementManager 3.1.0 and 3.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter. |
| CVE-2010-1106 | 2010-03-25 | PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be... |
| CVE-2010-1107 | 2010-03-25 | Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via... |
| CVE-2010-1108 | 2010-03-25 | Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web... |
| CVE-2010-1109 | 2010-03-25 | Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) v2 parameter in a member view... |
| CVE-2010-1110 | 2010-03-25 | Directory traversal vulnerability in index.php in phpMySport 1.4 allows remote attackers to list arbitrary directories via a .. (dot dot) in the current_folder parameter. |
| CVE-2010-1111 | 2010-03-25 | Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred... |
| CVE-2010-1113 | 2010-03-25 | Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to... |
| CVE-2010-1114 | 2010-03-25 | Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter... |
| CVE-2010-1115 | 2010-03-25 | Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. |
| CVE-2010-1116 | 2010-03-25 | LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb. |
| CVE-2010-1112 | 2010-03-25 | Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. |
| CVE-2010-0164 | 2010-03-25 | Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application... |
| CVE-2010-0165 | 2010-03-25 | The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and... |
| CVE-2010-0166 | 2010-03-25 | The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform... |
| CVE-2010-0167 | 2010-03-25 | The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial... |
| CVE-2010-0168 | 2010-03-25 | The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow... |
| CVE-2010-0169 | 2010-03-25 | The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain... |
| CVE-2010-0170 | 2010-03-25 | Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS)... |
| CVE-2010-0171 | 2010-03-25 | Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct... |
| CVE-2010-0172 | 2010-03-25 | toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers... |
| CVE-2010-0576 | 2010-03-25 | Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol... |
| CVE-2010-0577 | 2010-03-25 | Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang)... |
| CVE-2010-0578 | 2010-03-25 | The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a... |
| CVE-2010-0579 | 2010-03-25 | The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the... |
| CVE-2010-0580 | 2010-03-25 | Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP... |
| CVE-2010-0581 | 2010-03-25 | Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP... |
| CVE-2010-0582 | 2010-03-25 | Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962. |
| CVE-2010-0583 | 2010-03-25 | Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload)... |
| CVE-2010-0584 | 2010-03-25 | Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol... |
| CVE-2010-0585 | 2010-03-25 | Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of... |
| CVE-2010-0586 | 2010-03-25 | Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of... |
| CVE-2010-1117 | 2010-03-25 | Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact,... |
| CVE-2010-1118 | 2010-03-25 | Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter... |
| CVE-2010-1119 | 2010-03-25 | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple... |
| CVE-2010-1121 | 2010-03-25 | Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks... |
| CVE-2010-1120 | 2010-03-25 | Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition... |
| CVE-2010-0628 | 2010-03-25 | The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial... |
| CVE-2010-1122 | 2010-03-25 | Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors... |
| CVE-2009-4505 | 2010-03-26 | Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other... |
| CVE-2010-0439 | 2010-03-26 | Chip Salzenberg Deliver allows local users to cause a denial of service, obtain sensitive information, and possibly change the ownership of arbitrary files via a symlink attack on an unspecified... |
| CVE-2010-0731 | 2010-03-26 | The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length... |
| CVE-2010-0740 | 2010-03-26 | The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers... |
| CVE-2010-0988 | 2010-03-26 | Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login... |
| CVE-2010-0989 | 2010-03-26 | Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter. |
| CVE-2010-1123 | 2010-03-26 | Chip Salzenberg Deliver does not properly associate a lockfile with the user who created the file, which allows local users to cause a denial of service (blockage of incoming e-mail)... |
| CVE-2010-1124 | 2010-03-26 | bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading a certain address field after a successful getaddrinfo function call, which allows context-dependent attackers to cause a denial of... |
| CVE-2009-4739 | 2010-03-26 | PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to execute arbitrary PHP code via a URL in the language_id parameter. NOTE: this can also be... |
| CVE-2009-4742 | 2010-03-26 | Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable... |
| CVE-2009-4743 | 2010-03-26 | Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2)... |
| CVE-2009-4744 | 2010-03-26 | Cross-site scripting (XSS) vulnerability in the Contact module in Exponent CMS 0.97-GA20090213 allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of... |
| CVE-2009-4745 | 2010-03-26 | Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) sortField, (2) sortDesc, or (3) pageNumber parameter in a... |
| CVE-2009-4746 | 2010-03-26 | Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a poll_default login action. |
| CVE-2009-4747 | 2010-03-26 | PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter,... |
| CVE-2009-4748 | 2010-03-26 | SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an... |
| CVE-2009-4749 | 2010-03-26 | Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php. |
| CVE-2009-4750 | 2010-03-26 | PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| CVE-2009-4751 | 2010-03-26 | SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action. |
| CVE-2009-4752 | 2010-03-26 | PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter. |
| CVE-2010-1125 | 2010-03-26 | The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a... |
| CVE-2010-1126 | 2010-03-26 | The JavaScript implementation in WebKit allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame,... |
| CVE-2010-1128 | 2010-03-26 | The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be... |