CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-2513 89 2 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
2 CVE-2010-2507 22 2 Dir. Trav. 2010-06-28 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
3 CVE-2010-2464 79 2 XSS 2010-06-25 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php.
4 CVE-2010-2462 89 2 Exec Code Sql 2010-06-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP allows remote attackers to execute arbitrary SQL commands via the id parameter in a cancel action.
5 CVE-2010-2461 89 2 Exec Code Sql 2010-06-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter.
6 CVE-2010-2459 89 2 Exec Code Sql 2010-06-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter.
7 CVE-2010-2458 79 2 XSS 2010-06-25 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter.
8 CVE-2010-2456 22 2 Dir. Trav. File Inclusion 2010-06-25 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate.
9 CVE-2010-2439 119 2 Exec Code Overflow 2010-06-24 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file).
10 CVE-2010-2358 94 2 Exec Code File Inclusion 2010-06-21 2017-08-17
5.1
None Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information.
11 CVE-2010-2356 79 2 XSS 2010-06-21 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter.
12 CVE-2010-2354 89 2 Exec Code Sql 2010-06-21 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.
13 CVE-2010-2343 119 2 Exec Code Overflow 2010-06-21 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
14 CVE-2010-2341 94 2 Exec Code File Inclusion 2010-06-18 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter.
15 CVE-2010-2338 89 2 Exec Code Sql 2010-06-18 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information.
16 CVE-2010-2329 119 2 Exec Code Overflow 2010-06-18 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote attackers to execute arbitrary code via a long playlist entry in a .m3u file.
17 CVE-2010-2314 94 2 Exec Code File Inclusion 2010-06-17 2010-06-18
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.
18 CVE-2010-2313 22 2 Dir. Trav. 2010-06-17 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Anodyne Productions SIMM Management System (SMS) 2.6.10, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to index.php. NOTE: some of these details are obtained from third party information.
19 CVE-2010-2263 200 2 +Info 2010-06-15 2021-11-10
5.0
None Remote Low Not required Partial None None
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
20 CVE-2010-2260 79 2 XSS 2010-06-09 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design Bandwidth Meter, 0.72 and possibly 1.2, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) view_by_name.php or (2) view_by_ip.php in admin/. NOTE: some sources report that the affected product is ShaPlus Bandwidth Meter, but this is incorrect.
21 CVE-2010-2259 22 2 Dir. Trav. 2010-06-09 2010-06-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
22 CVE-2010-2257 89 2 Exec Code Sql 2010-06-09 2010-06-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index_ie.php in Pay Per Minute Video Chat Script 2.0 and 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
23 CVE-2010-2256 79 2 XSS 2010-06-09 2010-06-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/memberviewdetails.php and the (2) model parameter to videos.php.
24 CVE-2010-2254 89 2 Exec Code Sql 2010-06-09 2010-06-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
25 CVE-2010-2144 79 2 XSS 2010-06-03 2010-06-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.
26 CVE-2010-2143 22 2 Dir. Trav. 2010-06-03 2020-08-25
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode parameter.
27 CVE-2010-2141 89 2 Exec Code Sql 2010-06-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action.
28 CVE-2010-2138 22 2 Dir. Trav. 2010-06-02 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanagers.php, (3) manageusers.php, (4) helpfunc.php, (5) managegroups.php, (6) manageprocess.php, and (7) manageusersgroups.php.
29 CVE-2010-2137 94 2 Exec Code File Inclusion 2010-06-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
30 CVE-2010-2135 89 2 Exec Code Sql 2010-06-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.php in HazelPress Lite 0.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) password fields.
31 CVE-2010-2133 89 2 Exec Code Sql 2010-06-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942.
32 CVE-2010-2129 22 2 Dir. Trav. 2010-06-01 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information.
33 CVE-2010-2127 94 2 Exec Code File Inclusion 2010-06-01 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in gallery.php in JV2 Folder Gallery 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.
34 CVE-2010-2124 89 2 Exec Code Sql 2010-06-01 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4.0.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.
35 CVE-2010-2122 22 2 Dir. Trav. 2010-06-01 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
36 CVE-2009-4906 352 2 CSRF 2010-06-25 2010-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
37 CVE-2010-2515 89 1 Exec Code Sql 2010-06-28 2010-06-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information.
38 CVE-2010-2514 79 1 XSS 2010-06-28 2010-06-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php.
39 CVE-2010-2512 89 1 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
40 CVE-2010-2511 89 1 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter.
41 CVE-2010-2510 89 1 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter.
42 CVE-2010-2509 79 1 XSS 2010-06-28 2010-06-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.
43 CVE-2010-2508 89 1 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter.
44 CVE-2010-2505 20 1 DoS 2010-06-28 2010-06-29
5.0
None Remote Low Not required None None Partial
Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request.
45 CVE-2010-2460 89 1 Exec Code Sql 2010-06-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter.
46 CVE-2010-2457 79 1 XSS 2010-06-25 2010-07-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in K-Search allows remote attackers to inject arbitrary web script or HTML via the term parameter.
47 CVE-2010-2440 119 1 Exec Code Overflow 2010-06-24 2010-06-25
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in st-wizard.exe in Subtitle Translation Wizard 3.0 allows user-assisted remote attackers to execute arbitrary code via a crafted SRT file with a long line after a time range. NOTE: some of these details are obtained from third party information.
48 CVE-2010-2438 89 1 Exec Code Sql 2010-06-24 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php.
49 CVE-2010-2359 89 1 Exec Code Sql 2010-06-21 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706.
50 CVE-2010-2357 89 1 Exec Code Sql 2010-06-21 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.
Total number of vulnerabilities : 492   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.