CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-0464 200 +Info 2010-01-29 2010-03-02
5.0
None Remote Low Not required Partial None None
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
2 CVE-2010-0463 200 +Info 2010-01-29 2010-03-26
5.0
None Remote Low Not required Partial None None
Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
3 CVE-2010-0462 119 Overflow 2010-01-28 2012-01-26
6.5
None Remote Low Single system Partial Partial Partial
Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.
4 CVE-2010-0461 89 2 Exec Code Sql 2010-01-28 2010-01-31
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.
5 CVE-2010-0460 79 1 XSS 2010-01-28 2010-01-31
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information.
6 CVE-2010-0459 89 2 Exec Code Sql 2010-01-28 2010-01-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
7 CVE-2010-0458 89 2 Exec Code Sql 2010-01-28 2011-01-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to index.php and the (2) note parameter to blog.php.
8 CVE-2010-0457 89 2 Exec Code Sql 2010-01-28 2010-01-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in home.php in magic-portal 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
9 CVE-2010-0456 89 1 Exec Code Sql 2010-01-28 2010-01-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php.
10 CVE-2010-0455 79 1 XSS 2010-01-28 2010-01-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter.
11 CVE-2010-0454 89 1 Exec Code Sql 2010-01-28 2010-01-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publique! 2.3 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
12 CVE-2010-0392 119 Exec Code Overflow 2010-01-26 2011-01-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to "phase 2."
13 CVE-2010-0391 119 Exec Code Overflow 2010-01-26 2011-01-12
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in Embarcadero Technologies InterBase SMP 2009 9.0.3.437 allow remote attackers to execute arbitrary code via unknown vectors involving crafted packets. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14 CVE-2010-0390 1 Exec Code 2010-01-26 2011-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
15 CVE-2010-0389 DoS 2010-01-25 2010-01-31
5.0
None Remote Low Not required None None Partial
The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token.
16 CVE-2010-0388 134 DoS 2010-01-25 2010-01-26
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.
17 CVE-2010-0387 119 DoS Overflow 2010-01-25 2010-01-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.
18 CVE-2010-0386 16 2010-01-25 2010-01-31
4.3
None Remote Medium Not required Partial None None
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
19 CVE-2010-0385 200 +Info 2010-01-25 2010-01-26
5.0
None Remote Low Not required Partial None None
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query.
20 CVE-2010-0384 200 +Info 2010-01-25 2011-04-27
2.1
None Local Low Not required Partial None None
Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files.
21 CVE-2010-0383 200 +Info 2010-01-25 2010-02-05
5.0
None Remote Low Not required Partial None None
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations.
22 CVE-2010-0382 2010-01-22 2011-07-18
7.6
None Remote High Not required Complete Complete Complete
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
23 CVE-2010-0381 89 Exec Code Sql 2010-01-22 2010-01-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a show_stats action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
24 CVE-2010-0380 264 2 Bypass 2010-01-22 2010-01-25
5.0
None Remote Low Not required None Partial None
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
25 CVE-2010-0379 Exec Code 2010-01-21 2012-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item.
26 CVE-2010-0378 Exec Code Mem. Corr. 2010-01-21 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability."
27 CVE-2010-0377 89 1 Exec Code Sql 2010-01-21 2010-01-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: some of these details are obtained from third party information.
28 CVE-2010-0376 79 2 XSS 2010-01-21 2010-06-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375.
29 CVE-2010-0375 89 1 Exec Code Sql 2010-01-21 2010-06-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
30 CVE-2010-0374 79 1 XSS 2010-01-21 2010-01-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php.
31 CVE-2010-0373 89 2 Exec Code Sql 2010-01-21 2010-01-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
32 CVE-2010-0372 89 2 Exec Code Sql 2010-01-21 2011-04-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.
33 CVE-2010-0371 79 1 XSS 2010-01-21 2011-04-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hitmaaan Gallery 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gall and (2) levela parameters.
34 CVE-2010-0370 79 1 XSS 2010-01-21 2010-01-22
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title).
35 CVE-2010-0367 94 1 Exec Code File Inclusion 2010-01-21 2010-01-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php.
36 CVE-2010-0366 20 1 Exec Code 2010-01-21 2011-04-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
37 CVE-2010-0365 79 1 XSS 2010-01-21 2011-04-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter.
38 CVE-2010-0364 119 1 Exec Code Overflow 2010-01-21 2012-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.
39 CVE-2010-0363 79 XSS 2010-01-20 2010-02-02
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2002-1785.
40 CVE-2010-0362 310 2010-01-20 2011-05-06
5.0
None Remote Low Not required None Partial None
Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses.
41 CVE-2010-0361 119 DoS Overflow 2010-01-20 2011-04-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.
42 CVE-2010-0360 20 Overflow 2010-01-20 2011-04-28
10.0
None Remote Low Not required Complete Complete Complete
Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.
43 CVE-2010-0359 119 DoS Exec Code Overflow 2010-01-20 2010-01-21
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message.
44 CVE-2010-0358 119 DoS Overflow 2010-01-20 2011-04-28
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087.
45 CVE-2010-0357 79 XSS 2010-01-20 2011-04-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
46 CVE-2010-0356 119 Exec Code Overflow 2010-01-18 2011-04-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method.
47 CVE-2010-0350 22 Dir. Trav. 2010-01-15 2011-05-02
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors.
48 CVE-2010-0349 79 XSS 2010-01-15 2011-04-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be reproduced by the vendor, but a patch was provided anyway. The original researcher is reliable.
49 CVE-2010-0348 22 Dir. Trav. 2010-01-15 2011-04-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to read arbitrary files via unknown vectors.
50 CVE-2010-0347 79 XSS 2010-01-15 2011-04-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 319   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.