Lista CVE - 2010 / Maggio
Visualizzazione 1 - 100 di 402 CVE per Maggio 2010 (Pagina 1 di 5)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2010-1431 | 2010-05-04 | SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter. |
| CVE-2010-1701 | 2010-05-04 | SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| CVE-2010-1702 | 2010-05-04 | SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter. |
| CVE-2010-1703 | 2010-05-04 | Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or... |
| CVE-2010-1704 | 2010-05-04 | Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field... |
| CVE-2010-1705 | 2010-05-04 | SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter. |
| CVE-2010-1706 | 2010-05-04 | Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2)... |
| CVE-2010-1708 | 2010-05-04 | Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka... |
| CVE-2010-1709 | 2010-05-04 | Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in G5-Scripts Auto-Img-Gallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pass parameters. |
| CVE-2010-1710 | 2010-05-04 | Directory traversal vulnerability in login.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the idioma... |
| CVE-2010-1711 | 2010-05-04 | Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter. |
| CVE-2010-1712 | 2010-05-04 | Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message... |
| CVE-2010-1713 | 2010-05-04 | SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action. |
| CVE-2010-1714 | 2010-05-04 | Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
| CVE-2010-1715 | 2010-05-04 | Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the... |
| CVE-2010-1716 | 2010-05-04 | SQL injection vulnerability in the Agenda Address Book (com_agenda) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to... |
| CVE-2010-1717 | 2010-05-04 | Directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot)... |
| CVE-2010-1718 | 2010-05-04 | Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in... |
| CVE-2010-1719 | 2010-05-04 | Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot... |
| CVE-2010-1720 | 2010-05-04 | SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to... |
| CVE-2010-1721 | 2010-05-04 | SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties... |
| CVE-2010-1722 | 2010-05-04 | Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot)... |
| CVE-2010-1723 | 2010-05-04 | Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via... |
| CVE-2010-0101 | 2010-05-04 | The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause... |
| CVE-2010-0594 | 2010-05-04 | Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467. |
| CVE-2010-1685 | 2010-05-04 | Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename. |
| CVE-2010-1687 | 2010-05-04 | Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs"... |
| CVE-2010-1707 | 2010-05-04 | Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters. |
| CVE-2010-0401 | 2010-05-04 | OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause... |
| CVE-2010-0402 | 2010-05-04 | OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code... |
| CVE-2010-0406 | 2010-05-04 | OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map. |
| CVE-2010-1279 | 2010-05-04 | Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. |
| CVE-2010-1686 | 2010-05-04 | Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP... |
| CVE-2010-0995 | 2010-05-05 | Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent... |
| CVE-2010-1724 | 2010-05-05 | Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php,... |
| CVE-2010-1725 | 2010-05-05 | SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinum allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2010-1726 | 2010-05-05 | SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2010-1727 | 2010-05-05 | SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: some of these details are obtained from third party... |
| CVE-2010-1728 | 2010-05-05 | Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or... |
| CVE-2010-1729 | 2010-05-05 | WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an... |
| CVE-2010-1438 | 2010-05-05 | Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by... |
| CVE-2010-1730 | 2010-05-05 | Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. |
| CVE-2010-1731 | 2010-05-05 | Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. |
| CVE-2009-4836 | 2010-05-05 | Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter. |
| CVE-2009-4840 | 2010-05-05 | Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName method. |
| CVE-2009-4841 | 2010-05-05 | Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE:... |
| CVE-2010-1583 | 2010-05-05 | SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute... |
| CVE-2010-1681 | 2010-05-05 | Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256. |
| CVE-2010-1733 | 2010-05-05 | Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php;... |
| CVE-2010-1734 | 2010-05-05 | The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d... |
| CVE-2010-1735 | 2010-05-05 | The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c... |
| CVE-2009-4835 | 2010-05-05 | The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and... |
| CVE-2009-4837 | 2010-05-05 | Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to... |
| CVE-2009-4838 | 2010-05-05 | SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details... |
| CVE-2009-4839 | 2010-05-05 | Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to... |
| CVE-2010-1732 | 2010-05-05 | Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator... |
| CVE-2010-1736 | 2010-05-06 | KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. |
| CVE-2010-1737 | 2010-05-06 | PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter. |
| CVE-2010-1739 | 2010-05-06 | SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php. |
| CVE-2010-1740 | 2010-05-06 | SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter. |
| CVE-2010-1741 | 2010-05-06 | SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter. |
| CVE-2010-1742 | 2010-05-06 | Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter. |
| CVE-2010-1743 | 2010-05-06 | SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2010-1744 | 2010-05-06 | SQL injection vulnerability in product.html in B2B Gold Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2010-1746 | 2010-05-06 | Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp... |
| CVE-2009-4843 | 2010-05-07 | ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX... |
| CVE-2009-4844 | 2010-05-07 | ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request. |
| CVE-2009-4845 | 2010-05-07 | The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields. |
| CVE-2010-0827 | 2010-05-07 | Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a... |
| CVE-2010-0829 | 2010-05-07 | Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via... |
| CVE-2010-1143 | 2010-05-07 | Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified... |
| CVE-2010-1167 | 2010-05-07 | fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory... |
| CVE-2010-1440 | 2010-05-07 | Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary... |
| CVE-2010-1549 | 2010-05-07 | Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors. |
| CVE-2010-1851 | 2010-05-07 | Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons... |
| CVE-2009-4842 | 2010-05-07 | Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) addNewDept, (2) deptId, or (3)... |
| CVE-2010-1453 | 2010-05-07 | Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter. |
| CVE-2010-1852 | 2010-05-07 | Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific... |
| CVE-2009-4846 | 2010-05-07 | Multiple buffer overflows in Deliantra Server before 2.82 allow remote attackers to execute arbitrary code via vectors related to (1) the command_gsay function in server/c_party.C and (2) the book implementation. |
| CVE-2009-4847 | 2010-05-07 | Deliantra Server before 2.82 allows remote authenticated users to cause a denial of service (daemon crash) via vectors involving an empty treasure list. |
| CVE-2009-4848 | 2010-05-07 | Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) userId... |
| CVE-2009-4849 | 2010-05-07 | Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1)... |
| CVE-2009-4850 | 2010-05-07 | The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file. |
| CVE-2009-4853 | 2010-05-07 | Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-1173 | 2010-05-07 | The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit... |
| CVE-2010-1437 | 2010-05-07 | Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or... |
| CVE-2010-1451 | 2010-05-07 | The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently... |
| CVE-2009-4851 | 2010-05-07 | The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via... |
| CVE-2009-4852 | 2010-05-07 | Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a... |
| CVE-2010-1689 | 2010-05-07 | The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and... |
| CVE-2010-1690 | 2010-05-07 | The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and... |
| CVE-2010-1855 | 2010-05-07 | SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter. |
| CVE-2010-1857 | 2010-05-07 | SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a products.details action. NOTE:... |
| CVE-2010-1858 | 2010-05-07 | Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. |
| CVE-2010-1853 | 2010-05-07 | Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a... |
| CVE-2010-1854 | 2010-05-07 | Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the id_auk parameter, which is... |
| CVE-2010-1856 | 2010-05-07 | Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a... |
| CVE-2009-4854 | 2010-05-07 | addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter. |
| CVE-2010-1860 | 2010-05-07 | The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption... |
| CVE-2010-1862 | 2010-05-07 | The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function,... |