| bartels-schoene — conpresso |
SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4.0.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
2010-06-01 |
7.5 |
CVE-2010-2124
XF
BID
MISC
MISC |
| danny_ho — oes |
Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446. |
2010-06-02 |
7.5 |
CVE-2010-2132
XF
BID
MISC |
| emc — avamar |
Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP. |
2010-05-28 |
7.1 |
CVE-2010-1919
VUPEN
BID
MISC
SECTRACK
SECUNIA
BUGTRAQ |
| giaard — proman |
PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
2010-06-02 |
7.5 |
CVE-2010-2137
XF
MISC
MISC |
| gnu — glibc |
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. |
2010-06-01 |
7.2 |
CVE-2010-0296
CONFIRM
VUPEN
UBUNTU
CONFIRM
SECTRACK
SECUNIA
CONFIRM |
| google — chrome |
Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification’s requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors. |
2010-05-28 |
10.0 |
CVE-2010-2105
CONFIRM
CONFIRM |
| google — chrome |
Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers. |
2010-05-28 |
10.0 |
CVE-2010-2106
CONFIRM
CONFIRM |
| google — chrome |
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality. |
2010-05-28 |
10.0 |
CVE-2010-2107
CONFIRM
CONFIRM |
| google — chrome |
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors. |
2010-05-28 |
10.0 |
CVE-2010-2108
CONFIRM
CONFIRM |
| google — chrome |
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the “drag + drop” functionality. |
2010-05-28 |
9.3 |
CVE-2010-2109
CONFIRM
CONFIRM |
| google — chrome |
Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors. |
2010-05-28 |
10.0 |
CVE-2010-2110
CONFIRM
CONFIRM |
| graviton-mediatech — visitor_logger |
PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter. |
2010-06-03 |
7.5 |
CVE-2010-2146
VUPEN
BID
MISC |
| harmistechnology — com_jequoteform |
Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. |
2010-06-01 |
7.5 |
CVE-2010-2128
XF
BID
OSVDB
MISC
SECUNIA |
| hazelpress — hazelpress |
Multiple SQL injection vulnerabilities in login.php in HazelPress Lite 0.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) password fields. |
2010-06-02 |
7.5 |
CVE-2010-2135
XF
MISC
MISC |
| http-solution — project_man |
Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. |
2010-06-02 |
7.5 |
CVE-2010-2134
XF
MISC |
| intervations — filecopa |
Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
2010-05-28 |
8.8 |
CVE-2010-2112
SECUNIA
OSVDB |
| justsystems — ichitaro |
Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to “product character attribute processing” for a document. |
2010-06-03 |
9.3 |
CVE-2010-2152
CONFIRM
XF
VUPEN
BID
MISC
SECUNIA
OSVDB
JVNDB
JVN |
| jv2design — jv2_folder_gallery |
PHP remote file inclusion vulnerability in gallery.php in JV2 Folder Gallery 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. |
2010-06-01 |
7.5 |
CVE-2010-2127
XF
BID
MISC
MISC |
| mario_matzulla — cal |
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. |
2010-06-02 |
7.5 |
CVE-2010-2131
CONFIRM
CONFIRM
BID
SECUNIA
OSVDB |
| multishopcms — multishop_cms |
SQL injection vulnerability in pages.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
2010-06-02 |
7.5 |
CVE-2010-2139
SECUNIA |
| multishopcms — multishop_cms |
SQL injection vulnerability in itemdetail.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
2010-06-02 |
7.5 |
CVE-2010-2140
SECUNIA |
| murat_ersoy — cyberhost |
SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter. |
2010-06-02 |
7.5 |
CVE-2010-2142
XF
BID
MISC |
| mylittleforum — my_little_forum |
SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942. |
2010-06-02 |
7.5 |
CVE-2010-2133
XF
BID
MISC
MISC |
| nitropowered — nitro_web_gallery |
SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action. |
2010-06-02 |
7.5 |
CVE-2010-2141
XF
BID
MISC
MISC |
| nrl — opie |
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd. |
2010-05-28 |
9.3 |
CVE-2010-1938
BID
MISC
SECTRACK
SREASON
SREASONRES
FREEBSD
SECUNIA
SECUNIA
MISC |
| openssl — openssl |
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. |
2010-06-03 |
7.5 |
CVE-2010-0742
VUPEN
CONFIRM
BID
CONFIRM
SECUNIA
SECUNIA
CONFIRM
CONFIRM
CONFIRM |
| richrumble — clearsite |
Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4.50, and possibly other versions, allow remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter to (1) docs.php and (2) include/admin/device_admin.php. NOTE: the header.php vector is already covered by CVE-2009-3306. NOTE: this issue may be due to a variable extraction error. |
2010-06-03 |
7.5 |
CVE-2010-2145
BID
BUGTRAQ |
| snipegallery — snipe_gallery |
Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery 3.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_admin_path parameter to (1) index.php, (2) view.php, (3) image.php, (4) search.php, (5) admin/index.php, (6) admin/gallery/index.php, (7) admin/gallery/view.php, (8) admin/gallery/gallery.php, (9) admin/gallery/image.php, and (10) admin/gallery/crop.php. |
2010-06-01 |
7.5 |
CVE-2010-2126
XF
BID
MISC
MISC |
| symphony-cms — symphony_cms |
Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode parameter. |
2010-06-03 |
7.5 |
CVE-2010-2143
VUPEN
BID
MISC
MISC |
| unisoft — com_mycar |
SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php. |
2010-06-03 |
7.5 |
CVE-2010-2148
XF
MISC
VUPEN
BID
MISC
SECUNIA
OSVDB |
