LiveActive security incident?Get immediate response
CVE archive

March 2010

Browse CVE records published in March 2010, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 439 matching CVEs · Page 2 of 9.

Unknown · CVSS Not scored

CVE-2010-1063: Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quot...

Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form/app/common.inc.php, and (3) staff/app/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 23, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-1130: session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolo...

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).

Published Mar 26, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-4766: The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove i...

The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client.

Published Mar 18, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-4768: Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows r...

Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions.

Published Mar 18, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-1076: Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers t...

Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 23, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-1059: Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when mag...

Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 23, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-4761: The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not...

The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog.

Published Mar 18, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-0922: Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP 5300-11-02 allows attackers to cause a den...

Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP 5300-11-02 allows attackers to cause a denial of service (LDAP login failure) via unknown vectors. NOTE: some of these details are obtained from third party information. NOTE: there may be no attacker role, and the issue may be triggered entirely by an administrator's installation of an official service pack.

Published Mar 3, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-1096: Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attac...

Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attackers to execute arbitrary SQL commands via the (1) txtgender and (2) txtlookgender parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 24, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-0592: The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before...

The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800.

Published Mar 5, 2010 · Updated Sep 16, 2024