Lista CVE - 2010 / Gennaio
Visualizzazione 201 - 300 di 319 CVE per Gennaio 2010 (Pagina 3 di 4)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2009-4616 | 2010-01-18 | Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter. |
| CVE-2009-4617 | 2010-01-18 | Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3)... |
| CVE-2009-4618 | 2010-01-18 | Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetext_id parameter to (1) aboutus.php and (2) faq.php. |
| CVE-2009-4619 | 2010-01-18 | SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php.... |
| CVE-2009-4620 | 2010-01-18 | SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. |
| CVE-2009-4621 | 2010-01-18 | SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to... |
| CVE-2009-4622 | 2010-01-18 | PHP remote file inclusion vulnerability in admin/admin_news_bot.php in Drunken:Golem Gaming Portal 0.5.1 alpha 2 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a... |
| CVE-2009-4623 | 2010-01-18 | Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and... |
| CVE-2009-4624 | 2010-01-18 | SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843. |
| CVE-2009-4625 | 2010-01-18 | SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute... |
| CVE-2009-4626 | 2010-01-18 | Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the conf[lang] parameter. |
| CVE-2009-4627 | 2010-01-18 | Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the p_filename parameter, a different issue... |
| CVE-2009-4628 | 2010-01-18 | SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php. |
| CVE-2008-7251 | 2010-01-19 | libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. |
| CVE-2008-7252 | 2010-01-19 | libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. |
| CVE-2009-3739 | 2010-01-19 | Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attackers to obtain privileged access or cause a denial of service (halt) via unknown vectors. |
| CVE-2009-4012 | 2010-01-19 | Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via long strings that trigger heap-based buffer overflows, related to (1) thbrk/thbrk.c and (2) thwbrk/thwbrk.c.... |
| CVE-2009-4141 | 2010-01-19 | Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC)... |
| CVE-2009-4605 | 2010-01-19 | scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers... |
| CVE-2010-0007 | 2010-01-19 | net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users... |
| CVE-2010-0036 | 2010-01-20 | Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted... |
| CVE-2010-0037 | 2010-01-20 | Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a... |
| CVE-2010-0357 | 2010-01-20 | Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for... |
| CVE-2010-0358 | 2010-01-20 | Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other... |
| CVE-2010-0359 | 2010-01-20 | Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a... |
| CVE-2010-0360 | 2010-01-20 | Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed... |
| CVE-2010-0361 | 2010-01-20 | Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon... |
| CVE-2010-0362 | 2010-01-20 | Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses. |
| CVE-2010-0363 | 2010-01-20 | Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows remote attackers to inject arbitrary web script or HTML via unspecified... |
| CVE-2009-3999 | 2010-01-20 | Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter. |
| CVE-2009-4000 | 2010-01-20 | Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter. |
| CVE-2009-4002 | 2010-01-21 | Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file. |
| CVE-2009-4003 | 2010-01-21 | Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based... |
| CVE-2010-0232 | 2010-01-21 | The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and... |
| CVE-2010-0364 | 2010-01-21 | Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file,... |
| CVE-2010-0365 | 2010-01-21 | Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter. |
| CVE-2010-0366 | 2010-01-21 | Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading... |
| CVE-2010-0367 | 2010-01-21 | Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2010-0137 | 2010-01-21 | Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory... |
| CVE-2010-0138 | 2010-01-21 | Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via... |
| CVE-2010-0370 | 2010-01-21 | Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit... |
| CVE-2010-0371 | 2010-01-21 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hitmaaan Gallery 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gall and (2) levela parameters. |
| CVE-2010-0372 | 2010-01-21 | SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php. |
| CVE-2010-0373 | 2010-01-21 | SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. |
| CVE-2010-0374 | 2010-01-21 | Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action... |
| CVE-2010-0375 | 2010-01-21 | SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is... |
| CVE-2010-0376 | 2010-01-21 | Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is... |
| CVE-2010-0377 | 2010-01-21 | SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE:... |
| CVE-2010-0378 | 2010-01-21 | Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is... |
| CVE-2010-0379 | 2010-01-21 | Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary... |
| CVE-2010-0230 | 2010-01-22 | SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions. |
| CVE-2010-0027 | 2010-01-22 | The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server... |
| CVE-2010-0097 | 2010-01-22 | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows... |
| CVE-2010-0244 | 2010-01-22 | Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1)... |
| CVE-2010-0245 | 2010-01-22 | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or... |
| CVE-2010-0246 | 2010-01-22 | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or... |
| CVE-2010-0247 | 2010-01-22 | Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1)... |
| CVE-2010-0248 | 2010-01-22 | Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1)... |
| CVE-2010-0290 | 2010-01-22 | Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote... |
| CVE-2010-0380 | 2010-01-22 | install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when... |
| CVE-2010-0382 | 2010-01-22 | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source,... |
| CVE-2010-0381 | 2010-01-22 | SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a show_stats action. NOTE:... |
| CVE-2009-4241 | 2010-01-25 | Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player... |
| CVE-2009-4242 | 2010-01-25 | Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and... |
| CVE-2009-4243 | 2010-01-25 | RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers... |
| CVE-2009-4244 | 2010-01-25 | Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix... |
| CVE-2009-4245 | 2010-01-25 | Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player... |
| CVE-2009-4246 | 2010-01-25 | Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player... |
| CVE-2009-4247 | 2010-01-25 | Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and... |
| CVE-2009-4248 | 2010-01-25 | Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux... |
| CVE-2009-4257 | 2010-01-25 | Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer... |
| CVE-2010-0383 | 2010-01-25 | Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and... |
| CVE-2010-0387 | 2010-01-25 | Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service... |
| CVE-2010-0388 | 2010-01-25 | Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and... |
| CVE-2008-7253 | 2010-01-25 | The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal... |
| CVE-2010-0384 | 2010-01-25 | Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier... |
| CVE-2010-0385 | 2010-01-25 | Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt... |
| CVE-2010-0386 | 2010-01-25 | The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication... |
| CVE-2010-0389 | 2010-01-25 | The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP... |
| CVE-2005-4884 | 2010-01-25 | Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 10.1.0.4 (10g) allows remote authenticated attackers to affect availability via unknown vectors, aka DB02. |
| CVE-2009-4273 | 2010-01-26 | stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request. |
| CVE-2010-0003 | 2010-01-26 | The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations... |
| CVE-2010-0006 | 2010-01-26 | The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an... |
| CVE-2010-0390 | 2010-01-26 | Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows... |
| CVE-2010-0392 | 2010-01-26 | Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in... |
| CVE-2010-0391 | 2010-01-26 | Multiple stack-based buffer overflows in Embarcadero Technologies InterBase SMP 2009 9.0.3.437 allow remote attackers to execute arbitrary code via unknown vectors involving crafted packets. NOTE: the provenance of this information... |
| CVE-2009-3556 | 2010-01-27 | A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used,... |
| CVE-2009-4272 | 2010-01-27 | A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via... |
| CVE-2009-2693 | 2010-01-28 | Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry... |
| CVE-2009-2901 | 2010-01-28 | The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote... |
| CVE-2009-2902 | 2010-01-28 | Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated... |
| CVE-2010-0454 | 2010-01-28 | SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publique! 2.3 allows remote attackers to execute arbitrary SQL commands via the sid parameter. |
| CVE-2010-0455 | 2010-01-28 | Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter. |
| CVE-2010-0456 | 2010-01-28 | SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to... |
| CVE-2010-0457 | 2010-01-28 | SQL injection vulnerability in home.php in magic-portal 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2010-0458 | 2010-01-28 | Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to index.php and the (2) note parameter... |
| CVE-2010-0459 | 2010-01-28 | SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| CVE-2010-0460 | 2010-01-28 | Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and... |
| CVE-2010-0461 | 2010-01-28 | SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player... |
| CVE-2010-0462 | 2010-01-28 | Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that... |