CVE リスト (「タイプ別の脆弱性」から · 2010 年に公開 · 既定の並び順は「公開日の降順」です(新しい公開が先頭)。)

2010 年に公開された CVE を表示しています。 CVE の一覧へ

CVSS スコア
表示中 120 / 4667
«« 先頭 « 前へ 1 / 234 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2010-4642 Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 4.3 1.09% 2010-12-30 2026-06-16
CVE-2010-4641 SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 7.5 1.12% 2010-12-30 2026-06-16
CVE-2010-4640 Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 4.3 1.26% 2010-12-30 2026-06-16
CVE-2010-4639 SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter. 7.5 1.15% 2010-12-30 2026-06-16
CVE-2010-4638 SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php. 6.8 0.92% 2010-12-30 2026-06-16
CVE-2010-4637 Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. 4.3 1.92% 2010-12-30 2026-06-16
CVE-2010-4636 SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter. 7.5 1.02% 2010-12-30 2026-06-16
CVE-2010-4635 SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter. 7.5 1.15% 2010-12-30 2026-06-16
CVE-2010-4634 Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party 5.0 2.48% 2010-12-30 2026-06-16
CVE-2010-4633 SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1. 7.5 0.99% 2010-12-30 2026-06-16
CVE-2010-4632 Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688. 7.5 1.15% 2010-12-30 2026-06-16
CVE-2010-4631 Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow. 4.3 1.78% 2010-12-30 2026-06-16
CVE-2010-4630 Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. 4.3 1.90% 2010-12-30 2026-06-16
CVE-2010-4629 MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php. 5.0 1.71% 2010-12-30 2026-06-16
CVE-2010-4628 member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table. 5.0 1.65% 2010-12-30 2026-06-16
CVE-2010-4627 Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 6.8 1.01% 2010-12-30 2026-06-16
CVE-2010-4626 The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack. 5.1 2.15% 2010-12-30 2026-06-16
CVE-2010-4625 MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page. 5.0 2.22% 2010-12-30 2026-06-16
CVE-2010-4624 MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created. 3.5 1.98% 2010-12-30 2026-06-16
CVE-2010-4522 Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php. 4.3 1.04% 2010-12-30 2026-06-16
«« 先頭 « 前へ 1 / 234 次へ »
cvelogic Threat Intelligence