CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-7239 310 DoS 2010-05-24 2010-05-25
5.0
None Remote Low Not required None None Partial
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.
2 CVE-2009-3467 79 XSS 2010-05-13 2010-05-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
3 CVE-2009-3678 189 DoS Exec Code Overflow 2010-05-14 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
4 CVE-2009-4134 787 DoS 2010-05-27 2020-02-18
5.0
None Remote Low Not required None None Partial
Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.
5 CVE-2009-4834 94 1 Exec Code 2010-05-04 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php.
6 CVE-2009-4835 189 DoS 2010-05-06 2010-05-11
4.3
None Remote Medium Not required None None Partial
The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.
7 CVE-2009-4836 94 1 Exec Code 2010-05-06 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter.
8 CVE-2009-4837 79 XSS 2010-05-06 2012-07-03
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details are obtained from third party information.
9 CVE-2009-4838 89 Exec Code Sql 2010-05-06 2012-07-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information.
10 CVE-2009-4839 79 XSS 2010-05-06 2012-07-03
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.php.
11 CVE-2009-4840 119 1 Exec Code Overflow 2010-05-06 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName method.
12 CVE-2009-4841 119 1 Exec Code Overflow 2010-05-06 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559.
13 CVE-2009-4842 79 XSS 2010-05-07 2010-05-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) addNewDept, (2) deptId, or (3) deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the (4) firstName, (5) lastName, or (6) email parameter in a save action to tvserver/user/user.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14 CVE-2009-4843 287 Exec Code 2010-05-07 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console.
15 CVE-2009-4844 200 +Info 2010-05-07 2018-10-10
5.0
None Remote Low Not required Partial None None
ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request.
16 CVE-2009-4845 310 +Info 2010-05-07 2018-10-10
5.0
None Remote Low Not required Partial None None
The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields.
17 CVE-2009-4846 119 Exec Code Overflow 2010-05-07 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Deliantra Server before 2.82 allow remote attackers to execute arbitrary code via vectors related to (1) the command_gsay function in server/c_party.C and (2) the book implementation.
18 CVE-2009-4847 20 DoS 2010-05-07 2017-08-17
4.0
None Remote Low ??? None None Partial
Deliantra Server before 2.82 allows remote authenticated users to cause a denial of service (daemon crash) via vectors involving an empty treasure list.
19 CVE-2009-4848 79 XSS 2010-05-07 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) userId parameter to tvserver/server/user/setPermissions.jsp, (2) deptName parameter to tvserver/server/user/addDepartment.jsp, (3) ID parameter to tvserver/server/inventory/inventoryTabs.jsp, (4) reportName parameter to tvserver/reports/virtualIQAdminReports.do, or (5) middleName parameter in a save action to tvserver/user/user.do.
20 CVE-2009-4849 352 CSRF 2010-05-07 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new user account via a save action to tvserver/user/user.do, (2) shutdown a virtual machine, (3) start a virtual machine, (4) restart a virtual machine, or (5) schedule an activity.
21 CVE-2009-4850 119 2 Overflow 2010-05-07 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
22 CVE-2009-4851 264 Bypass 2010-05-07 2010-05-13
5.0
None Remote Low Not required None Partial None
The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.
23 CVE-2009-4852 79 XSS 2010-05-07 2010-05-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from third party information.
24 CVE-2009-4853 79 XSS 2010-05-07 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
25 CVE-2009-4854 20 1 Exec Code 2010-05-07 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter.
26 CVE-2009-4855 89 1 Exec Code Sql 2010-05-11 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core."
27 CVE-2009-4856 79 1 XSS 2010-05-11 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter.
28 CVE-2009-4857 79 1 XSS 2010-05-11 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter.
29 CVE-2009-4858 79 1 XSS 2010-05-11 2010-05-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter.
30 CVE-2009-4859 79 1 XSS 2010-05-11 2010-05-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp.
31 CVE-2009-4860 89 1 Exec Code Sql 2010-05-11 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter.
32 CVE-2009-4861 79 1 XSS 2010-05-11 2010-05-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
33 CVE-2009-4862 89 1 Exec Code Sql 2010-05-11 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php.
34 CVE-2009-4863 119 1 Exec Code Overflow 2010-05-11 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file.
35 CVE-2009-4864 79 1 XSS 2010-05-11 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information.
36 CVE-2009-4865 89 1 Exec Code Sql 2010-05-11 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information.
37 CVE-2009-4866 79 1 XSS 2010-05-11 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Script Archive (MSA) Simple Search 1.0 allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: some of these details are obtained from third party information.
38 CVE-2009-4867 119 1 DoS Exec Code Overflow 2010-05-11 2017-09-19
4.3
None Remote Medium Not required None None Partial
Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long URL in a .m3u playlist file.
39 CVE-2009-4868 79 1 XSS 2010-05-11 2010-05-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information.
40 CVE-2009-4869 79 1 XSS 2010-05-11 2010-05-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
41 CVE-2009-4870 89 1 Exec Code Sql 2010-05-11 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party information.
42 CVE-2009-4871 89 1 Exec Code Sql 2010-05-11 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
43 CVE-2009-4872 89 1 Exec Code Sql 2010-05-11 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
44 CVE-2009-4873 119 DoS Exec Code Overflow 2010-05-26 2010-05-26
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.
45 CVE-2009-4874 264 1 2010-05-26 2017-09-19
6.4
None Remote Low Not required Partial Partial None
TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments.
46 CVE-2009-4875 399 DoS 2010-05-26 2017-08-17
5.0
None Remote Low Not required None None Partial
FCKeditor.Java 2.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed request parameter that contains "ctrl" characters.
47 CVE-2009-4876 264 1 2010-05-26 2017-09-19
5.0
None Remote Low Not required None Partial None
admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter.
48 CVE-2009-4877 352 CSRF 2010-05-26 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.
49 CVE-2009-4878 2010-05-26 2017-08-17
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.
50 CVE-2009-4879 287 Bypass 2010-05-26 2010-05-27
4.3
None Remote Medium Not required None Partial None
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.
Total number of vulnerabilities : 421   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.