CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2010-1317 119 Overflow 2010-04-20 2010-04-21
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.
152 CVE-2010-1316 119 DoS Exec Code Overflow 2010-04-14 2010-04-16
5.0
None Remote Low Not required None None Partial
Multiple stack-based buffer overflows in Tembria Server Monitor before 5.6.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted (1) GET, (2) PUT, or (3) HEAD request, as demonstrated by a malformed GET request containing a long PATH_INFO to index.asp.
153 CVE-2010-1315 22 2 Dir. Trav. 2010-04-08 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
154 CVE-2010-1314 22 2 Dir. Trav. 2010-04-08 2010-04-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
155 CVE-2010-1313 22 1 Dir. Trav. 2010-04-08 2010-04-09
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information.
156 CVE-2010-1312 22 2 Dir. Trav. 2010-04-08 2010-04-22
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
157 CVE-2010-1311 20 DoS Mem. Corr. 2010-04-08 2010-08-31
5.0
None Remote Low Not required None None Partial
The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.
158 CVE-2010-1310 200 +Info 2010-04-08 2010-04-09
5.0
None Remote Low Not required Partial None None
Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages.
159 CVE-2010-1309 22 1 Dir. Trav. 2010-04-08 2010-04-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w parameter to index.php.
160 CVE-2010-1308 22 2 Dir. Trav. 2010-04-08 2010-04-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
161 CVE-2010-1307 22 2 Dir. Trav. 2010-04-08 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
162 CVE-2010-1306 22 2 Dir. Trav. 2010-04-08 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
163 CVE-2010-1305 22 2 Dir. Trav. 2010-04-08 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
164 CVE-2010-1304 22 1 Dir. Trav. 2010-04-08 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
165 CVE-2010-1303 79 XSS 2010-04-08 2017-08-17
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.
166 CVE-2010-1302 22 2 Dir. Trav. 2010-04-07 2010-04-08
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
167 CVE-2010-1301 89 2 Exec Code Sql 2010-04-07 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter.
168 CVE-2010-1300 89 4 Exec Code Sql 2010-04-07 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter.
169 CVE-2010-1299 94 2 Exec Code File Inclusion 2010-04-07 2021-03-25
5.1
None Remote High Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information.
170 CVE-2010-1298 22 Dir. Trav. 2010-04-06 2010-04-07
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to read arbitrary files via directory traversal sequences in the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
171 CVE-2010-1278 119 Exec Code Overflow 2010-04-22 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters.
172 CVE-2010-1277 89 Exec Code Sql 2010-04-06 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.
173 CVE-2010-1276 79 XSS 2010-04-06 2010-04-07
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) Admin_Default.asp, (4) Bank.asp, (5) Manage.asp, and (6) ShowPost.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
174 CVE-2010-1275 79 XSS 2010-04-06 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 allows remote attackers to inject arbitrary web script or HTML via the ThreadID parameter.
175 CVE-2010-1274 79 XSS 2010-04-06 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to "insertions of the URL" that occur during a redirection.
176 CVE-2010-1273 20 2010-04-06 2010-06-07
9.3
None Remote Medium Not required Complete Complete Complete
Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors.
177 CVE-2010-1272 94 2 Exec Code File Inclusion 2010-04-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
178 CVE-2010-1271 89 2 Exec Code Sql 2010-04-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
179 CVE-2010-1270 89 2 Exec Code Sql 2010-04-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
180 CVE-2010-1269 89 2 Exec Code Sql 2010-04-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
181 CVE-2010-1268 22 2 Dir. Trav. 2010-04-06 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in justVisual CMS 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information.
182 CVE-2010-1267 22 2 Dir. Trav. 2010-04-06 2010-04-07
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php.
183 CVE-2010-1266 94 2 Exec Code File Inclusion 2010-04-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php.
184 CVE-2010-1265 89 2 Exec Code Sql 2010-04-06 2010-04-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
185 CVE-2010-1244 352 CSRF 2010-04-05 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
186 CVE-2010-1243 2010-04-05 2011-04-07
7.5
None Remote Low Not required Partial Partial Partial
The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors.
187 CVE-2010-1242 79 XSS 2010-04-05 2011-04-07
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
188 CVE-2010-1241 119 DoS Exec Code Overflow Mem. Corr. 2010-04-05 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.
189 CVE-2010-1240 264 2010-04-05 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
190 CVE-2010-1239 94 2010-04-05 2010-04-06
9.3
None Remote Medium Not required Complete Complete Complete
Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836.
191 CVE-2010-1238 264 Bypass 2010-04-05 2010-04-28
5.0
None Remote Low Not required None Partial None
MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.
192 CVE-2010-1237 20 DoS 2010-04-01 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element.
193 CVE-2010-1236 79 XSS 2010-04-01 2017-09-19
4.3
None Remote Medium Not required None Partial None
The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.
194 CVE-2010-1235 20 2010-04-01 2017-09-19
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors.
195 CVE-2010-1234 2010-04-01 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors.
196 CVE-2010-1233 189 Overflow 2010-04-01 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.
197 CVE-2010-1232 399 DoS 2010-04-01 2017-09-19
5.0
None Remote Low Not required None None Partial
Google Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document.
198 CVE-2010-1231 2010-04-01 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers.
199 CVE-2010-1230 200 +Info 2010-04-01 2018-11-16
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors.
200 CVE-2010-1229 399 2010-04-01 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.
Total number of vulnerabilities : 501   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.