Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1625 | 1 Malcom Box | 1 Lxr Cross Referencer | 2010-06-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448. | |||||
| CVE-2010-2422 | 1 Plone | 1 Plone | 2010-06-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform. | |||||
| CVE-2009-4374 | 1 Alienvault | 1 Open Source Security Information Management | 2010-06-24 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter. | |||||
| CVE-2010-2324 | 1 Ibm | 2 Websphere Application Server, Zos | 2010-06-24 | 7.5 HIGH | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. | |||||
| CVE-2010-2325 | 1 Ibm | 2 Websphere Application Server, Zos | 2010-06-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." | |||||
| CVE-2010-1015 | 2 Laurent Foulloy, Typo3 | 2 Sav Filter Abc, Typo3 | 2010-06-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-2335 | 1 Yamamah | 1 Yamamah | 2010-06-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter. | |||||
| CVE-2003-1334 | 1 Kai Blankenhorn Bitfolge | 1 Simple And Nice Index File | 2010-06-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2003-1333 | 1 Intersystems | 1 Cache Database | 2010-06-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server. | |||||
| CVE-2009-4720 | 1 Gnudip | 1 Gnudip | 2010-06-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0956 | 1 Opencart | 1 Opencart | 2010-06-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2003-1335 | 1 Kai Blankenhorn Bitfolge | 1 Simple And Nice Index File | 2010-06-23 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory. | |||||
| CVE-2003-1338 | 1 Aprelium Technologies | 1 Abyss Web Server | 2010-06-23 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header. | |||||
| CVE-2010-1120 | 1 Apple | 2 Mac Os X, Safari | 2010-06-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010. | |||||
| CVE-2010-0471 | 1 Enanocms | 1 Enanocms | 2010-06-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||||
| CVE-2010-2192 | 1 Vincent Fourmond | 1 Pmount | 2010-06-22 | 1.9 LOW | N/A |
| The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/. | |||||
| CVE-2010-2349 | 1 Timhillone | 1 H264webcam | 2010-06-22 | 5.0 MEDIUM | N/A |
| H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2336 | 1 Yamamah | 1 Yamamah | 2010-06-22 | 5.0 MEDIUM | N/A |
| index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter. | |||||
| CVE-2010-2342 | 1 Dmxready | 1 Online Notebook Manager | 2010-06-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady Online Notebook Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | |||||
| CVE-2010-2340 | 1 Arabportal | 1 Arab Portal | 2010-06-21 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action. | |||||