CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2010-2754 200 +Info 2010-07-30 2017-09-19
5.0
None Remote Low Not required Partial None None
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
52 CVE-2010-2753 189 Exec Code Overflow 2010-07-30 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.
53 CVE-2010-2752 189 Exec Code Overflow 2010-07-30 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.
54 CVE-2010-2751 264 2010-07-30 2017-09-19
2.6
None Remote High Not required None Partial None
The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions.
55 CVE-2010-2724 79 XSS 2010-07-13 2017-08-17
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form.
56 CVE-2010-2723 79 XSS 2010-07-13 2010-07-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
57 CVE-2010-2722 79 XSS 2010-07-13 2010-07-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artist_id parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
58 CVE-2010-2721 89 2 Exec Code Sql 2010-07-13 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action.
59 CVE-2010-2720 89 1 Exec Code Sql 2010-07-13 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
60 CVE-2010-2719 89 1 Exec Code Sql 2010-07-13 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter.
61 CVE-2010-2718 79 1 XSS 2010-07-13 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php.
62 CVE-2010-2717 79 XSS 2010-07-13 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in manager/login.php in CruxSoftware CruxCMS 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the txtusername parameter.
63 CVE-2010-2716 89 2 Exec Code Sql 2010-07-13 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) ndetail.php and (2) print.php.
64 CVE-2010-2715 79 1 XSS 2010-07-13 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
65 CVE-2010-2714 89 1 Exec Code Sql 2010-07-13 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter.
66 CVE-2010-2704 119 Exec Code Overflow 2010-07-28 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe.
67 CVE-2010-2703 119 1 Exec Code Overflow 2010-07-28 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.
68 CVE-2010-2702 119 Exec Code Overflow 2010-07-12 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.
69 CVE-2010-2701 119 1 Exec Code Overflow 2010-07-12 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow remote attackers to execute arbitrary code via (1) the GetFromURL member or (2) a long argument to the RasIsConnected method.
70 CVE-2010-2700 79 1 XSS 2010-07-12 2010-07-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to inject arbitrary web script or HTML via the search parameter.
71 CVE-2010-2699 89 1 Exec Code Sql 2010-07-12 2010-07-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to execute arbitrary SQL commands via the search parameter.
72 CVE-2010-2698 79 1 XSS 2010-07-12 2017-08-17
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
73 CVE-2010-2697 79 1 XSS 2010-07-12 2017-08-17
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information.
74 CVE-2010-2696 89 1 Exec Code Sql 2010-07-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter.
75 CVE-2010-2695 22 Dir. Trav. 2010-07-12 2018-10-10
6.5
None Remote Low ??? Partial Partial Partial
Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands.
76 CVE-2010-2694 89 1 Exec Code Sql 2010-07-12 2010-07-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php.
77 CVE-2010-2693 264 DoS +Priv 2010-07-13 2010-07-14
7.2
None Local Low Not required Complete Complete Complete
FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call.
78 CVE-2010-2692 79 1 XSS 2010-07-12 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment.
79 CVE-2010-2691 89 2 Exec Code Sql 2010-07-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php.
80 CVE-2010-2690 89 1 Exec Code Sql 2010-07-12 2010-07-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php.
81 CVE-2010-2689 89 2 Exec Code Sql 2010-07-12 2010-07-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS allows remote attackers to execute arbitrary SQL commands via the cf_id parameter.
82 CVE-2010-2688 89 2 Exec Code Sql 2010-07-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter.
83 CVE-2010-2687 89 2 Exec Code Sql 2010-07-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in printdetail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the Id parameter.
84 CVE-2010-2686 89 Exec Code Sql 2010-07-12 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters, as reachable from olk/c_p/searchCart.asp, and other unspecified vectors when performing an advanced search. NOTE: some of these details are obtained from third party information.
85 CVE-2010-2685 264 2 Bypass 2010-07-12 2016-10-07
7.5
None Remote Low Not required Partial Partial Partial
siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request.
86 CVE-2010-2684 89 2 Exec Code Sql 2010-07-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
87 CVE-2010-2683 89 2 Exec Code Sql 2010-07-12 2010-07-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in result.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the sub_catid parameter.
88 CVE-2010-2682 22 2 Dir. Trav. 2010-07-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
89 CVE-2010-2681 94 1 Exec Code File Inclusion 2010-07-12 2010-07-12
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.
90 CVE-2010-2680 22 2 Dir. Trav. 2010-07-12 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.
91 CVE-2010-2679 89 1 Exec Code Sql 2010-07-08 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
92 CVE-2010-2678 89 Exec Code Sql 2010-07-08 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
93 CVE-2010-2677 94 2 Exec Code File Inclusion 2010-07-08 2017-08-17
5.1
None Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information.
94 CVE-2010-2676 22 2 Dir. Trav. 2010-07-08 2017-08-17
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters.
95 CVE-2010-2675 79 2 XSS 2010-07-08 2010-07-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action.
96 CVE-2010-2674 89 2 Exec Code Sql 2010-07-08 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action.
97 CVE-2010-2673 89 2 Exec Code Sql 2010-07-08 2010-07-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
98 CVE-2010-2672 89 Exec Code Sql 2010-07-08 2010-07-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.
99 CVE-2010-2671 79 XSS 2010-07-08 2010-07-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.
100 CVE-2010-2670 89 1 Exec Code Sql 2010-07-08 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter.
Total number of vulnerabilities : 343   Page : 1 2 (This Page)3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.