Unknown · CVSS Not scored
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.
Published Dec 2, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Dec 9, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request.
Published Dec 16, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Published Dec 4, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary commands via unknown vectors, related to a "script execution vulnerability."
Published Dec 29, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views.
Published Dec 23, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.
Published Dec 8, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.
Published Dec 9, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information.
Published Dec 4, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site.
Published Dec 10, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.
Published Dec 25, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.
Published Dec 29, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.
Published Dec 30, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
Published Dec 7, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.
Published Dec 29, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php.
Published Dec 29, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors.
Published Dec 29, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation.
Published Dec 16, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) subject, and (4) message parameters in a sendmess action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Dec 8, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-2010-5070.
Published Dec 7, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW.
Published Dec 28, 2014 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may overlap CVE-2010-2264.
Published Dec 7, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack.
Published Dec 7, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Opera before 11.00 has unknown impact and attack vectors, related to "a high severity issue."
Published Dec 22, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference.
Published Dec 29, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) by making many TCP connection attempts.
Published Dec 22, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 has unknown impact and attack vectors related to the "dynamic publishing error message."
Published Dec 9, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information.
Published Dec 29, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument.
Published Dec 23, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
Published Dec 29, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the auto-update functionality in Opera before 11.00 allows remote attackers to cause a denial of service (application crash) by triggering an Opera Unite update.
Published Dec 22, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
Published Dec 29, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference.
Published Dec 23, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.
Published Dec 30, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.
Published Dec 23, 2010 · Updated Aug 7, 2024