Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2010-5011 SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter. | N/A | NONE | — | 0 |
| CVE-2010-5012 SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third par... | N/A | NONE | — | 0 |
| CVE-2010-5013 SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid parameter. | N/A | NONE | — | 0 |
| CVE-2010-5014 SQL injection vulnerability in standings.php in Elite Gaming Ladders 3.5 allows remote attackers to execute arbitrary SQL commands via the ladder[id] parameter. | N/A | NONE | — | 0 |
| CVE-2010-5015 SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter. | N/A | NONE | — | 0 |
| CVE-2010-5016 SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the match parameter. | N/A | NONE | — | 0 |
| CVE-2010-5017 SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter. | N/A | NONE | — | 0 |
| CVE-2010-5018 Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid paramete... | N/A | NONE | — | 0 |
| CVE-2010-5019 SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter. | N/A | NONE | — | 0 |
| CVE-2010-5020 SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | N/A | NONE | — | 0 |
| CVE-2010-5021 SQL injection vulnerability in view_group.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter. | N/A | NONE | — | 0 |
| CVE-2010-5022 SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. | N/A | NONE | — | 0 |
| CVE-2010-5023 SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID parameter. | N/A | NONE | — | 0 |
| CVE-2010-5024 SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the user_id parameter.... | N/A | NONE | — | 0 |
| CVE-2010-5025 Cross-site scripting (XSS) vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fld_path parameter. NOTE: some of th... | N/A | NONE | — | 0 |
| CVE-2010-5026 SQL injection vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these detai... | N/A | NONE | — | 0 |
| CVE-2010-5027 Cross-site scripting (XSS) vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: s... | N/A | NONE | — | 0 |
| CVE-2010-5028 SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index... | N/A | NONE | — | 0 |
| CVE-2010-5029 SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the show parameter in a web action. | N/A | NONE | — | 0 |
| CVE-2010-5030 Cross-site scripting (XSS) vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter in a web action. | N/A | NONE | — | 0 |
| CVE-2010-5031 Cross-site scripting (XSS) vulnerability in index.php in fileNice 1.1 allows remote attackers to inject arbitrary web script or HTML via the sstring parameter (aka the Search Box). NOTE: some of thes... | N/A | NONE | — | 0 |
| CVE-2012-6621 Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custo... | N/A | NONE | — | 0 |
| CVE-2010-5032 SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial actio... | N/A | NONE | — | 0 |
| CVE-2010-5033 SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter. | N/A | NONE | — | 0 |
| CVE-2010-5034 SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter. | N/A | NONE | — | 0 |
| CVE-2010-5035 Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOT... | N/A | NONE | — | 0 |
| CVE-2010-5036 SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. | N/A | NONE | — | 0 |
| CVE-2010-5037 SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | N/A | NONE | — | 0 |
| CVE-2010-5038 PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | N/A | NONE | — | 0 |
| CVE-2010-5039 SQL injection vulnerability in control/admin_login.php in ScriptsFeed Recipes Listing Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter (aka the UserName f... | N/A | NONE | — | 0 |
| CVE-2010-5040 PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS p... | N/A | NONE | — | 0 |
| CVE-2010-5041 SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action. | N/A | NONE | — | 0 |
| CVE-2010-5042 Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in a... | N/A | NONE | — | 0 |
| CVE-2010-5043 SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editIt... | N/A | NONE | — | 0 |
| CVE-2010-5044 SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL... | N/A | NONE | — | 0 |
| CVE-2010-5045 Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ASP Survey allows remote attackers to inject arbitrary web script or HTML via the catid parameter. | N/A | NONE | — | 0 |
| CVE-2011-2676 The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote auth... | N/A | NONE | — | 0 |
| CVE-2011-3995 Unspecified vulnerability in Twilight Frontier Touhou Hisouten 1.06 and earlier allows remote attackers to cause a denial of service (daemon crash) via unknown network traffic. | N/A | NONE | — | 0 |
| CVE-2011-4005 Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24... | N/A | NONE | — | 0 |
| CVE-2011-4273 Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to a... | N/A | NONE | — | 0 |
| CVE-2011-4274 Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobile before 3.1 plug-ins for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a d... | N/A | NONE | — | 0 |
| CVE-2011-3379 The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging pote... | N/A | NONE | — | 0 |
| CVE-2011-4078 include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resour... | N/A | NONE | — | 0 |
| CVE-2011-4100 The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a... | N/A | NONE | — | 0 |
| CVE-2011-4101 The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a den... | N/A | NONE | — | 0 |
| CVE-2011-4102 Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of ... | N/A | NONE | — | 0 |
| CVE-2011-3986 Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2011-3987 dtsoftbus01.sys in DAEMON Tools Lite before 4.41.3, Pro Standard before 4.41.0315, and Pro Advanced before 4.41.0315 allows local users to cause a denial of service (system crash) via an invalid Devic... | N/A | NONE | — | 0 |
| CVE-2011-3992 Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows re... | N/A | NONE | — | 0 |
| CVE-2011-3993 SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak ... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.