CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-1296 119 3 Exec Code Overflow 2010-05-27 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.
2 CVE-2010-2051 89 2 Exec Code Sql 2010-05-25 2010-05-26
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in article.php in Debliteck DBCart allows remote attackers to execute arbitrary SQL commands via the id parameter.
3 CVE-2010-2050 22 2 Dir. Trav. 2010-05-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
4 CVE-2010-2045 22 2 Dir. Trav. 2010-05-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
5 CVE-2010-2044 89 2 Exec Code Sql 2010-05-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.php.
6 CVE-2010-2042 89 2 Exec Code Sql 2010-05-25 2010-05-26
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information.
7 CVE-2010-2039 352 2 CSRF 2010-05-25 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an Admin_Users action to index.php. NOTE: some of these details are obtained from third party information.
8 CVE-2010-2028 119 2 DoS Exec Code Overflow 2010-05-24 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long transport mode.
9 CVE-2010-2020 20 2 +Priv 2010-05-28 2012-11-06
6.9
None Local Medium Not required Complete Complete Complete
sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.
10 CVE-2010-2018 22 2 Dir. Trav. 2010-05-24 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
11 CVE-2010-2016 89 2 Exec Code Sql 2010-05-24 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in details.php in Iceberg CMS allows remote attackers to execute arbitrary SQL commands via the p_id parameter.
12 CVE-2010-1999 22 2 Dir. Trav. 2010-05-20 2010-05-21
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
13 CVE-2010-1983 22 2 Dir. Trav. 2010-05-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information.
14 CVE-2010-1982 22 2 Dir. Trav. 2010-05-19 2010-05-20
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
15 CVE-2010-1981 22 2 Dir. Trav. 2010-05-19 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
16 CVE-2010-1980 22 2 Dir. Trav. 2010-05-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
17 CVE-2010-1957 22 2 Dir. Trav. 2010-05-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
18 CVE-2010-1956 22 2 Dir. Trav. 2010-05-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
19 CVE-2010-1955 22 2 Dir. Trav. 2010-05-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
20 CVE-2010-1952 22 2 Dir. Trav. 2010-05-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
21 CVE-2010-1948 22 2 Dir. Trav. 2010-05-19 2010-05-19
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
22 CVE-2010-1947 22 2 Dir. Trav. 2010-05-19 2010-05-19
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in scr/soustab.php in openMairie Openregistrecil 1.02, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter. NOTE: this may be related to CVE-2007-2069.
23 CVE-2010-1946 94 2 Exec Code File Inclusion 2010-05-19 2010-05-19
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation_normale.class.php, (2) collectivite.class.php, (3) dossier.class.php, (4) norme_simplifiee.class.php, (5) registre.class.php, (6) autorisation_unique.class.php, (7) demande_avis.class.php, (8) droit.class.php, (9) organisme.class.php, (10) service.class.php, (11) categorie_donnee.class.php, (12) destinataire.class.php, (13) profil.class.php, (14) tabdyn_visu.class.php, (15) categorie_personne.class.php, (16) dispense.class.php, (17) modificatif.class.php, (18) reference.class.php, and (19) utilisateur.class.php in obj/.
24 CVE-2010-1945 94 2 Exec Code File Inclusion 2010-05-19 2010-05-19
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) action.class.php, (2) architecte.class.php, (3) avis.class.php, (4) bible.class.php, and (5) blocnote.class.php in obj/.
25 CVE-2010-1944 94 2 Exec Code File Inclusion 2010-05-19 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation.class.php, (2) courrierautorisation.class.php, (3) droit.class.php, (4) profil.class.php, (5) temp_defunt_sansemplacement.class.php, (6) utils.class.php, (7) cimetiere.class.php, (8) defunt.class.php, (9) emplacement.class.php, (10) tab_emplacement.class.php, (11) temp_emplacement.class.php, (12) voie.class.php, (13) collectivite.class.php, (14) defunttransfert.class.php, (15) entreprise.class.php, (16) temp_autorisation.class.php, (17) travaux.class.php, (18) zone.class.php, (19) courrier.class.php, (20) dossier.class.php, (21) plans.class.php, (22) temp_defunt.class.php, and (23) utilisateur.class.php in obj/.
26 CVE-2010-1936 22 2 Dir. Trav. 2010-05-12 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
27 CVE-2010-1935 22 2 Dir. Trav. 2010-05-12 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in scr/soustab.php in openMairie Openpresse 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
28 CVE-2010-1934 94 2 Exec Code File Inclusion 2010-05-12 2010-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php, (2) profil.class.php, (3) collectivite.class.php, (4) ressource.class.php, (5) droit.class.php, (6) utilisateur.class.php, and (7) planning.class.php in obj/.
29 CVE-2010-1928 22 2 Dir. Trav. 2010-05-12 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
30 CVE-2010-1927 94 2 Exec Code File Inclusion 2010-05-12 2010-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) bible.class.php, (2) dossier.class.php, (3) service.class.php, (4) collectivite.class.php, (5) droit.class.php, (6) tache.class.php, (7) emetteur.class.php, (8) utilisateur.class.php, (9) courrier.recherche.tab.class.php, and (10) profil.class.php in obj/. NOTE: some of these details are obtained from third party information.
31 CVE-2010-1926 22 2 Dir. Trav. 2010-05-12 2010-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in scr/soustab.php in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. NOTE: some of these details are obtained from third party information.
32 CVE-2010-1925 89 2 Exec Code Sql 2010-05-12 2010-05-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817.
33 CVE-2010-1922 94 2 Exec Code File Inclusion 2010-05-12 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the LibDir parameter to (1) lib/page/pageDescriptionObject.php, and (2) layoutHeaderFuncs.php, (3) layoutManager.php, and (4) layoutParser.php in lib/layout/.
34 CVE-2010-1921 94 2 Exec Code File Inclusion 2010-05-12 2010-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) annuaire.class.php, (2) droit.class.php, (3) collectivite.class.php, (4) profil.class.php, (5) direction.class.php, (6) service.class.php, (7) directiongenerale.class.php, and (8) utilisateur.class.php in obj/.
35 CVE-2010-1920 22 2 Dir. Trav. 2010-05-12 2010-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in scr/soustab.php in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
36 CVE-2010-1878 22 2 Dir. Trav. 2010-05-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
37 CVE-2010-1877 89 2 Exec Code Sql 2010-05-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JTM Reseller (com_jtm) component 1.9 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter in a search action to index.php.
38 CVE-2010-1876 89 2 Exec Code Sql 2010-05-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.
39 CVE-2010-1873 89 2 Exec Code Sql 2010-05-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.
40 CVE-2010-1858 22 2 Dir. Trav. 2010-05-07 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
41 CVE-2010-1855 89 2 Exec Code Sql 2010-05-07 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
42 CVE-2010-1744 89 2 Exec Code Sql 2010-05-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product.html in B2B Gold Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
43 CVE-2010-1743 89 2 Exec Code Sql 2010-05-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via the id parameter.
44 CVE-2010-1742 79 2 XSS 2010-05-06 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter.
45 CVE-2010-1740 89 2 Exec Code Sql 2010-05-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter.
46 CVE-2010-1739 89 2 Exec Code Sql 2010-05-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.
47 CVE-2010-1737 94 2 Exec Code File Inclusion 2010-05-06 2010-05-07
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter.
48 CVE-2010-1727 89 2 Exec Code Sql 2010-05-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: some of these details are obtained from third party information.
49 CVE-2010-1726 89 2 Exec Code Sql 2010-05-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
50 CVE-2010-1725 89 2 Exec Code Sql 2010-05-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinum allows remote attackers to execute arbitrary SQL commands via the id parameter.
Total number of vulnerabilities : 421   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.