CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2010-1531 22 2 Dir. Trav. 2010-04-26 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
52 CVE-2010-1530 79 XSS 2010-04-26 2010-04-27
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input.
53 CVE-2010-1529 89 2 Exec Code Sql 2010-04-26 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php.
54 CVE-2010-1528 94 1 Exec Code File Inclusion 2010-04-26 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
55 CVE-2010-1506 DoS Mem. Corr. 2010-04-23 2017-09-19
7.8
None Remote Low Not required None None Complete
The Google V8 bindings in Google Chrome before 4.1.249.1059 allow attackers to cause a denial of service (memory corruption) via unknown vectors.
56 CVE-2010-1505 264 2010-04-23 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors.
57 CVE-2010-1504 79 XSS 2010-04-23 2017-09-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.
58 CVE-2010-1503 79 XSS 2010-04-23 2017-09-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI.
59 CVE-2010-1502 2010-04-23 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to "developer tools."
60 CVE-2010-1501 352 CSRF 2010-04-23 2010-05-04
7.5
None Remote Low Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
61 CVE-2010-1500 2010-04-23 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 4.1.249.1059 does not properly support forms, which has unknown impact and attack vectors, related to a "type confusion error."
62 CVE-2010-1499 89 2 Exec Code Sql 2010-04-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in genre_artists.php in MusicBox 3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
63 CVE-2010-1498 89 2 Exec Code Sql 2010-04-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php.
64 CVE-2010-1497 79 2 XSS 2010-04-23 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in download_proc.php in dl_stats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
65 CVE-2010-1496 89 2 Exec Code Sql 2010-04-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JoltCard (com_joltcard) component 1.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cardID parameter in a view action to index.php.
66 CVE-2010-1495 22 2 Dir. Trav. 2010-04-23 2010-05-26
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
67 CVE-2010-1494 22 2 Dir. Trav. 2010-04-23 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
68 CVE-2010-1493 89 2 Exec Code Sql 2010-04-23 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.
69 CVE-2010-1492 22 Dir. Trav. 2010-04-23 2010-04-26
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in help/frameRight.php in Elastix 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id_nodo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
70 CVE-2010-1491 22 2 Dir. Trav. 2010-04-23 2013-09-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
71 CVE-2010-1490 2010-04-21 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors.
72 CVE-2010-1489 79 XSS 2010-04-20 2021-07-23
4.3
None Remote Medium Not required None Partial None
The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.
73 CVE-2010-1488 399 DoS 2010-04-20 2012-03-19
2.1
None Local Low Not required None None Partial
The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation.
74 CVE-2010-1487 255 +Info 2010-04-20 2017-09-19
2.1
None Local Low Not required Partial None None
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
75 CVE-2010-1486 79 XSS 2010-04-22 2010-05-26
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address.
76 CVE-2010-1480 89 Exec Code Sql 2010-04-19 2010-06-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.
77 CVE-2010-1479 89 2 Exec Code Sql 2010-04-19 2010-06-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.
78 CVE-2010-1478 22 2 Dir. Trav. 2010-04-19 2010-06-11
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
79 CVE-2010-1477 89 2 Exec Code Sql 2010-04-19 2010-06-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php.
80 CVE-2010-1476 22 2 Dir. Trav. 2010-04-19 2010-06-11
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
81 CVE-2010-1475 22 2 Dir. Trav. 2010-04-19 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
82 CVE-2010-1474 22 2 Dir. Trav. 2010-04-19 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
83 CVE-2010-1473 22 2 Dir. Trav. 2010-04-19 2010-06-11
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
84 CVE-2010-1472 22 2 Dir. Trav. 2010-04-19 2010-06-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
85 CVE-2010-1471 22 2 Dir. Trav. 2010-04-19 2010-06-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
86 CVE-2010-1470 22 2 Dir. Trav. 2010-04-19 2010-06-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
87 CVE-2010-1469 22 2 Dir. Trav. 2010-04-19 2010-06-11
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
88 CVE-2010-1468 89 2 Exec Code Sql 2010-04-19 2010-06-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php.
89 CVE-2010-1467 94 1 Exec Code File Inclusion 2010-04-16 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in openUrgence Vaccin 1.03 allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) collectivite.class.php, (2) injection.class.php, (3) utilisateur.class.php, (4) droit.class.php, (5) laboratoire.class.php, (6) vaccin.class.php, (7) effetsecondaire.class.php, (8) medecin.class.php, (9) individu.class.php, and (10) profil.class.php in gen/obj/.
90 CVE-2010-1466 22 1 Dir. Trav. 2010-04-16 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in scr/soustab.php in openUrgence Vaccin 1.03 allows remote attackers to read arbitrary files via the dsn[phptype] parameter.
91 CVE-2010-1465 119 1 Exec Code Overflow 2010-04-16 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Trellian FTP client 3.01, including 3.1.3.1789, allows remote attackers to execute arbitrary code via a long PASV response.
92 CVE-2010-1464 79 XSS 2010-04-16 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-Script FREE allow remote attackers to inject arbitrary web script or HTML via the (1) currency_id_left, (2) currency_id_right, (3) darkcolor, (4) lightcolor, (5) middlecolor, and (6) w parameters.
93 CVE-2010-1463 89 Exec Code Sql 2010-04-16 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the (1) add2cart, (2) c_id, (3) categoryID, (4) list_price, (5) name, (6) new_offer, (7) price, (8) product_code, (9) productID, (10) rating, and (11) save_product parameters.
94 CVE-2010-1462 22 Dir. Trav. 2010-04-16 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter.
95 CVE-2010-1461 22 1 Dir. Trav. 2010-04-16 2010-04-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
96 CVE-2010-1460 399 DoS 2010-04-16 2018-10-10
5.0
None Remote Low Not required None None Partial
The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data.
97 CVE-2010-1458 119 Exec Code Overflow 2010-04-20 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Create and Extract Zips TweakFS Zip Utility 1.0 for Flight Simulator X (FSX) allows remote attackers to execute arbitrary code via a long filename in a ZIP archive.
98 CVE-2010-1429 264 +Info 2010-04-28 2018-02-13
5.0
None Remote Low Not required Partial None None
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
99 CVE-2010-1428 264 +Info 2010-04-28 2017-08-17
5.0
None Remote Low Not required Partial None None
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
100 CVE-2010-1427 79 XSS 2010-04-15 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch.
Total number of vulnerabilities : 501   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.