The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2010-0378 | Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a Movie Unloading Vulnerability.Per: http://cwe.mitre.org/data/definitions/416.html CWE-416 Use-After Free Vulnerability | High | Jan 22, 2010 |
| CVE-2010-0377 | SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: some of these details are obtained from third party information. | High | Jan 22, 2010 |
| CVE-2010-0376 | Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375. | Medium | Jan 22, 2010 |
| CVE-2010-0375 | SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Jan 22, 2010 |
| CVE-2010-0374 | Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php. | Medium | Jan 22, 2010 |
| CVE-2010-0373 | SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | High | Jan 22, 2010 |
| CVE-2010-0372 | SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php. | High | Jan 22, 2010 |
| CVE-2010-0371 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hitmaaan Gallery 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gall and (2) levela parameters. | Medium | Jan 22, 2010 |
| CVE-2010-0370 | Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title). | Low | Jan 22, 2010 |
| CVE-2010-0367 | Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php. | High | Jan 22, 2010 |
| CVE-2010-0366 | Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | High | Jan 22, 2010 |
| CVE-2010-0365 | Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter. | Medium | Jan 22, 2010 |
| CVE-2010-0364 | Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field. | High | Jan 22, 2010 |
| CVE-2010-0363 | Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2002-1785. | Low | Feb 2, 2010 |
| CVE-2010-0362 | Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses. | High | Jan 21, 2010 |
| CVE-2010-0361 | Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request. | High | Jan 21, 2010 |
| CVE-2010-0360 | Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an overflow. NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273. | High | Jan 21, 2010 |
| CVE-2010-0359 | Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message. | High | Jan 21, 2010 |
| CVE-2010-0358 | Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087. | High | Jan 21, 2010 |
| CVE-2010-0357 | Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | Medium | Jan 21, 2010 |
| CVE-2010-0356 | Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. | High | Jan 18, 2010 |
| CVE-2010-0350 | Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors. | High | Jan 18, 2010 |
| CVE-2010-0349 | Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be reproduced by the vendor, but a patch was provided anyway. The original researcher is reliable. | Medium | Jan 18, 2010 |
| CVE-2010-0348 | Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to read arbitrary files via unknown vectors. | Medium | Jan 18, 2010 |
| CVE-2010-0347 | Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jan 18, 2010 |
| CVE-2010-0346 | Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jan 18, 2010 |
| CVE-2010-0345 | Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jan 18, 2010 |
| CVE-2010-0344 | SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
| CVE-2010-0343 | SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
| CVE-2010-0342 | SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
| CVE-2010-0341 | SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
| CVE-2010-0340 | SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
| CVE-2010-0339 | SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
| CVE-2010-0338 | SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
| CVE-2010-0337 | SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
| CVE-2010-0336 | Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | Medium | Jan 18, 2010 |
| CVE-2010-0335 | Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jan 18, 2010 |
| CVE-2010-0334 | SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
| CVE-2010-0333 | SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
| CVE-2010-0332 | SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
| CVE-2010-0331 | Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jan 18, 2010 |
| CVE-2010-0330 | SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
| CVE-2010-0329 | SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the SQL selection field and typoscript. | High | Jan 18, 2010 |
| CVE-2010-0328 | Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jan 18, 2010 |
| CVE-2010-0327 | Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490. | Medium | Jan 18, 2010 |
| CVE-2010-0326 | Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jan 18, 2010 |
| CVE-2010-0325 | Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | Medium | Jan 18, 2010 |
| CVE-2010-0324 | SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
| CVE-2010-0323 | Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | High | Jan 18, 2010 |
| CVE-2010-0322 | SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jan 18, 2010 |
