Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1920 | 1 Openmairie | 1 Openannuaire | 2010-05-13 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in scr/soustab.php in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | |||||
| CVE-2010-1620 | 1 Gnustep | 1 Gnustep Base | 2010-05-12 | 7.2 HIGH | N/A |
| Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow. | |||||
| CVE-2010-1918 | 1 Efrontlearning | 1 Efront | 2010-05-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter. | |||||
| CVE-2010-1457 | 1 Gnustep | 1 Gnustep Base | 2010-05-12 | 4.9 MEDIUM | N/A |
| Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message. | |||||
| CVE-2010-1872 | 1 Tufat | 1 Flashcard | 2010-05-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1686 | 2 Abcbackup, Internet-soft | 2 Abc Backup, Urgent Backup | 2010-05-12 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive. | |||||
| CVE-2009-4861 | 1 Supportpro | 1 Supportdesk | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2009-4859 | 1 Onlinetechtools.com | 1 Owos Lite | 2010-05-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp. | |||||
| CVE-2009-4858 | 1 Turnkeyforms | 1 Yahoo-answers-clone | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. | |||||
| CVE-2009-4868 | 1 Hitronsoft | 1 Answer Me | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4869 | 1 Hitronsoft | 1 Nasim Guest Book | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2010-1438 | 1 Mytty | 1 Webapplication Finger Printer | 2010-05-11 | 4.4 MEDIUM | N/A |
| Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by creating a file with a pathname that the product expects is available for its own internal use, (2) allows local users to overwrite arbitrary files via symlink attacks on certain files in /tmp, (3) might allow local users to delete arbitrary files and directories via a symlink attack on a directory under /tmp, and (4) might make it easier for local users to obtain sensitive information by reading files in a directory under /tmp, related to (a) lib/wafp_pidify.rb, (b) utils/generate_wafp_fingerprint.sh, (c) utils/online_update.sh, and (d) utils/extract_from_db.sh. | |||||
| CVE-2010-1868 | 1 Php | 1 Php | 2010-05-11 | 7.5 HIGH | N/A |
| The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. | |||||
| CVE-2010-1853 | 1 Transmissionbt | 1 Transmission | 2010-05-11 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links. | |||||
| CVE-2010-1732 | 1 Zikula | 1 Zikula Application Framework | 2010-05-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action). | |||||
| CVE-2009-4835 | 1 Mega-nerd | 1 Libsndfile | 2010-05-11 | 4.3 MEDIUM | N/A |
| The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file. | |||||
| CVE-2010-1279 | 1 Adobe | 1 Photoshop Cs4 | 2010-05-11 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. | |||||
| CVE-2010-0406 | 1 Openttd | 1 Openttd | 2010-05-11 | 4.0 MEDIUM | N/A |
| OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map. | |||||
| CVE-2010-0401 | 1 Openttd | 1 Openttd | 2010-05-11 | 6.5 MEDIUM | N/A |
| OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet. | |||||
| CVE-2009-4375 | 1 Alienvault | 1 Open Source Security Information Management | 2010-05-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter. | |||||