CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2010 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-2926 89 1 Exec Code Sql 2010-07-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter.
2 CVE-2010-2925 89 2 Exec Code Sql 2010-07-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter.
3 CVE-2010-2924 89 1 Exec Code Sql 2010-07-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information.
4 CVE-2010-2923 89 2 Exec Code Sql 2010-07-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php.
5 CVE-2010-2922 89 2 Exec Code Sql 2010-07-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter.
6 CVE-2010-2921 89 2 Exec Code Sql 2010-07-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php.
7 CVE-2010-2920 22 2 Dir. Trav. 2010-07-30 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
8 CVE-2010-2919 89 2 Exec Code Sql 2010-07-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
9 CVE-2010-2918 94 2 Exec Code File Inclusion 2010-07-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
10 CVE-2010-2916 89 2 Exec Code Sql 2010-07-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN allows remote attackers to execute arbitrary SQL commands via the id parameter.
11 CVE-2010-2915 89 2 Exec Code Sql 2010-07-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter.
12 CVE-2010-2912 89 2 Exec Code Sql 2010-07-28 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.
13 CVE-2010-2911 89 2 Exec Code Sql 2010-07-28 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.
14 CVE-2010-2910 89 2 Exec Code Sql 2010-07-28 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
15 CVE-2010-2909 89 1 Exec Code Sql 2010-07-28 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.
16 CVE-2010-2908 89 2 Exec Code Sql 2010-07-28 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php.
17 CVE-2010-2907 89 2 Exec Code Sql 2010-07-28 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php.
18 CVE-2010-2906 89 1 Exec Code Sql 2010-07-28 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in articlesdetails.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-2905.
19 CVE-2010-2905 89 1 Exec Code Sql 2010-07-28 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
20 CVE-2010-2903 2010-07-28 2020-08-04
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors.
21 CVE-2010-2902 119 DoS Overflow Mem. Corr. 2010-07-28 2020-08-05
10.0
None Remote Low Not required Complete Complete Complete
The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
22 CVE-2010-2901 119 DoS Overflow Mem. Corr. 2010-07-28 2020-08-04
10.0
None Remote Low Not required Complete Complete Complete
The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
23 CVE-2010-2900 2010-07-28 2020-08-06
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.
24 CVE-2010-2899 +Info 2010-07-28 2020-08-05
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors.
25 CVE-2010-2898 2010-07-28 2020-08-05
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors.
26 CVE-2010-2897 2010-07-28 2020-08-03
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors.
27 CVE-2010-2859 200 1 +Info 2010-07-25 2018-10-10
5.0
None Remote Low Not required Partial None None
news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.
28 CVE-2010-2857 22 2 Dir. Trav. 2010-07-25 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.
29 CVE-2010-2855 89 Exec Code Sql 2010-07-25 2010-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) YourEmail and (2) VerificationNumber parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
30 CVE-2010-2853 89 2 Exec Code Sql 2010-07-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
31 CVE-2010-2851 89 Exec Code Sql 2010-07-25 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
32 CVE-2010-2850 22 1 Dir. Trav. 2010-07-25 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.
33 CVE-2010-2848 22 2 Dir. Trav. 2010-07-25 2018-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
34 CVE-2010-2847 89 2 Exec Code Sql 2010-07-25 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.
35 CVE-2010-2845 89 2 Exec Code Sql 2010-07-25 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php.
36 CVE-2010-2772 255 +Priv 2010-07-22 2017-08-17
6.9
None Local Medium Not required Complete Complete Complete
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.
37 CVE-2010-2771 94 Exec Code 2010-07-22 2010-07-22
10.0
None Remote Low Not required Complete Complete Complete
solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet.
38 CVE-2010-2755 399 DoS Exec Code Mem. Corr. 2010-07-30 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
39 CVE-2010-2754 200 +Info 2010-07-30 2017-09-19
5.0
None Remote Low Not required Partial None None
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
40 CVE-2010-2753 189 Exec Code Overflow 2010-07-30 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.
41 CVE-2010-2752 189 Exec Code Overflow 2010-07-30 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.
42 CVE-2010-2721 89 2 Exec Code Sql 2010-07-13 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action.
43 CVE-2010-2720 89 1 Exec Code Sql 2010-07-13 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
44 CVE-2010-2719 89 1 Exec Code Sql 2010-07-13 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter.
45 CVE-2010-2716 89 2 Exec Code Sql 2010-07-13 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) ndetail.php and (2) print.php.
46 CVE-2010-2714 89 1 Exec Code Sql 2010-07-13 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter.
47 CVE-2010-2704 119 Exec Code Overflow 2010-07-28 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe.
48 CVE-2010-2703 119 1 Exec Code Overflow 2010-07-28 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.
49 CVE-2010-2702 119 Exec Code Overflow 2010-07-12 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.
50 CVE-2010-2701 119 1 Exec Code Overflow 2010-07-12 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow remote attackers to execute arbitrary code via (1) the GetFromURL member or (2) a long argument to the RasIsConnected method.
Total number of vulnerabilities : 221   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.