Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4868 | 1 Hitronsoft | 1 Answer Me | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4861 | 1 Supportpro | 1 Supportdesk | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2009-4859 | 1 Onlinetechtools.com | 1 Owos Lite | 2010-05-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp. | |||||
| CVE-2009-4858 | 1 Turnkeyforms | 1 Yahoo-answers-clone | 2010-05-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. | |||||
| CVE-2010-1279 | 1 Adobe | 1 Photoshop Cs4 | 2010-05-11 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. | |||||
| CVE-2010-1438 | 1 Mytty | 1 Webapplication Finger Printer | 2010-05-11 | 4.4 MEDIUM | N/A |
| Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by creating a file with a pathname that the product expects is available for its own internal use, (2) allows local users to overwrite arbitrary files via symlink attacks on certain files in /tmp, (3) might allow local users to delete arbitrary files and directories via a symlink attack on a directory under /tmp, and (4) might make it easier for local users to obtain sensitive information by reading files in a directory under /tmp, related to (a) lib/wafp_pidify.rb, (b) utils/generate_wafp_fingerprint.sh, (c) utils/online_update.sh, and (d) utils/extract_from_db.sh. | |||||
| CVE-2010-1853 | 1 Transmissionbt | 1 Transmission | 2010-05-11 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links. | |||||
| CVE-2010-0401 | 1 Openttd | 1 Openttd | 2010-05-11 | 6.5 MEDIUM | N/A |
| OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet. | |||||
| CVE-2009-4375 | 1 Alienvault | 1 Open Source Security Information Management | 2010-05-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter. | |||||
| CVE-2010-0406 | 1 Openttd | 1 Openttd | 2010-05-11 | 4.0 MEDIUM | N/A |
| OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map. | |||||
| CVE-2010-1732 | 1 Zikula | 1 Zikula Application Framework | 2010-05-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action). | |||||
| CVE-2010-1868 | 1 Php | 1 Php | 2010-05-11 | 7.5 HIGH | N/A |
| The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. | |||||
| CVE-2009-4835 | 1 Mega-nerd | 1 Libsndfile | 2010-05-11 | 4.3 MEDIUM | N/A |
| The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file. | |||||
| CVE-2009-4852 | 1 Festic | 1 Semanticscuttle | 2010-05-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1854 | 1 Phpscripte24 | 1 Pay Per Watch \& Bid Auktions System | 2010-05-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the id_auk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be resultant from CVE-2010-1855. | |||||
| CVE-2010-1859 | 1 Deluxebb | 1 Deluxebb | 2010-05-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread. | |||||
| CVE-2010-1861 | 1 Php | 1 Php | 2010-05-10 | 6.4 MEDIUM | N/A |
| The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource. | |||||
| CVE-2010-1863 | 1 Clantiger | 1 Clantiger | 2010-05-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the shoutbox module (modules/shoutbox.php) in ClanTiger 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the s_email parameter. | |||||
| CVE-2010-1856 | 1 Realitymedias | 1 Repairshop2 | 2010-05-10 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action. | |||||
| CVE-2010-1147 | 1 Roshan Singh | 1 Open Direct Connect Hub | 2010-05-08 | 6.0 MEDIUM | N/A |
| Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message. | |||||