CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2010-1731 DoS 2010-05-06 2021-11-15
4.3
None Remote Medium Not required None None Partial
Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.
202 CVE-2010-1730 119 DoS Overflow 2010-05-06 2010-05-06
5.0
None Remote Low Not required None None Partial
Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.
203 CVE-2010-1729 399 DoS 2010-05-06 2011-02-17
4.3
None Remote Medium Not required None None Partial
WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.
204 CVE-2010-1728 399 DoS Exec Code 2010-05-06 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955.
205 CVE-2010-1727 89 2 Exec Code Sql 2010-05-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: some of these details are obtained from third party information.
206 CVE-2010-1726 89 2 Exec Code Sql 2010-05-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
207 CVE-2010-1725 89 2 Exec Code Sql 2010-05-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinum allows remote attackers to execute arbitrary SQL commands via the id parameter.
208 CVE-2010-1724 79 XSS 2010-05-06 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.
209 CVE-2010-1723 22 1 Dir. Trav. 2010-05-04 2010-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
210 CVE-2010-1722 22 2 Dir. Trav. 2010-05-04 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
211 CVE-2010-1721 89 1 Exec Code Sql 2010-05-04 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php.
212 CVE-2010-1720 89 1 Exec Code Sql 2010-05-04 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php.
213 CVE-2010-1719 22 2 Dir. Trav. 2010-05-04 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
214 CVE-2010-1718 22 1 Dir. Trav. 2010-05-04 2010-06-01
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
215 CVE-2010-1717 22 1 Dir. Trav. 2010-05-04 2010-06-01
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
216 CVE-2010-1716 89 1 Exec Code Sql 2010-05-04 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Agenda Address Book (com_agenda) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
217 CVE-2010-1715 22 2 Dir. Trav. 2010-05-04 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
218 CVE-2010-1714 22 2 Dir. Trav. 2010-05-04 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
219 CVE-2010-1713 89 2 Exec Code Sql 2010-05-04 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.
220 CVE-2010-1712 79 1 XSS 2010-05-04 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information.
221 CVE-2010-1711 79 2 XSS 2010-05-04 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter.
222 CVE-2010-1710 22 2 Dir. Trav. 2010-05-04 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in login.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the idioma parameter.
223 CVE-2010-1709 79 XSS 2010-05-04 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in G5-Scripts Auto-Img-Gallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pass parameters.
224 CVE-2010-1708 89 2 Exec Code Sql 2010-05-04 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).
225 CVE-2010-1707 79 XSS 2010-05-04 2010-05-04
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters.
226 CVE-2010-1706 89 2 Exec Code Sql 2010-05-04 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information.
227 CVE-2010-1705 89 1 Exec Code Sql 2010-05-04 2010-05-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter.
228 CVE-2010-1704 89 2 Exec Code Sql 2010-05-04 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information.
229 CVE-2010-1703 79 2 XSS 2010-05-04 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field.
230 CVE-2010-1702 89 2 Exec Code Sql 2010-05-04 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.
231 CVE-2010-1701 89 1 Exec Code Sql 2010-05-04 2010-05-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter.
232 CVE-2010-1690 20 2010-05-07 2020-04-09
6.4
None Remote Low Not required None Partial Partial
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
233 CVE-2010-1689 310 2010-05-07 2020-04-09
6.4
None Remote Low Not required None Partial Partial
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
234 CVE-2010-1688 119 Exec Code Overflow 2010-05-24 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in 2BrightSparks SyncBack Freeware 3.2.20.0, and possibly other versions before 3.2.21, allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) .sps or (2) zip profile.
235 CVE-2010-1687 119 DoS Exec Code Overflow 2010-05-04 2010-05-05
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs" request. NOTE: some of these details are obtained from third party information.
236 CVE-2010-1686 119 Exec Code Overflow 2010-05-05 2010-05-12
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive.
237 CVE-2010-1685 119 Exec Code Overflow 2010-05-04 2010-05-04
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename.
238 CVE-2010-1681 119 1 Exec Code Overflow 2010-05-06 2018-10-10
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.
239 CVE-2010-1665 119 DoS Overflow Mem. Corr. 2010-05-03 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
240 CVE-2010-1664 119 DoS Overflow Mem. Corr. 2010-05-03 2017-09-19
5.0
None Remote Low Not required None None Partial
Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
241 CVE-2010-1663 264 Bypass 2010-05-03 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
242 CVE-2010-1662 79 2 XSS 2010-05-03 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in acpmoderate.php in PHP-Quick-Arcade (PHPQA) 3.0.21 allows remote attackers to inject arbitrary web script or HTML via the serv parameter.
243 CVE-2010-1661 89 2 Exec Code Sql 2010-05-03 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0.21 allow remote attackers to execute arbitrary SQL commands via the (1) phpqa_user_c parameter to Arcade.php and the (2) id parameter to acpmoderate.php.
244 CVE-2010-1660 89 2 Exec Code Sql 2010-05-03 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in help-details.php in CLScript Classifieds Script allows remote attackers to execute arbitrary SQL commands via the hpId parameter.
245 CVE-2010-1659 22 2 Dir. Trav. 2010-05-03 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
246 CVE-2010-1658 22 2 Dir. Trav. 2010-05-03 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
247 CVE-2010-1657 22 2 Dir. Trav. 2010-05-03 2017-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
248 CVE-2010-1656 89 1 Exec Code Sql 2010-05-03 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sectionid parameter in an abc action to index.php.
249 CVE-2010-1655 79 XSS 2010-05-03 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in PowerEasy 2006 and PowerEasy SiteWeaver 6.8 allows remote attackers to inject arbitrary web script or HTML via the ComeUrl parameter.
250 CVE-2010-1654 89 2 Exec Code Sql 2010-05-03 2010-05-03
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in system_member_login.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the (1) username (aka login) and (2) password parameters. NOTE: some of these details are obtained from third party information.
Total number of vulnerabilities : 421   Page : 1 2 3 4 5 (This Page)6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.