CVE Daily
← All years

Uncategorized 2010

Page 14/14.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2010-01-25
Medium

CVE-2005-4884

Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 10.1.0.4 (10g) allows remote authenticated attackers to affect availability via unknown vectors, aka DB02.

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2010-0389

The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method to…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-0386

The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credential…

CVSS: 4.3CWE: CWE-16
Read more
Medium

CVE-2008-7253

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authen…

CVSS: 4.3CWE: CWE-16
Read more
2010-01-22
High

CVE-2010-0382

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the o…

CVSS: 7.6CWE: N/A
Read more
Medium

CVE-2010-0380

install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a…

CVSS: 5.0CWE: CWE-16
Read more
Medium

CVE-2010-0290

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), al…

CVSS: 4.0CWE: N/A
Read more
High

CVE-2010-0230

SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.

CVSS: 7.5CWE: CWE-264
Read more
2010-01-21
Critical

CVE-2010-0379

Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbit…

CVSS: 9.3CWE: N/A
Read more
High

CVE-2010-0137

Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consum…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2010-0232

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold a…

CVSS: 7.8CWE: N/A
Read more
Critical

CVE-2009-4003

Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based…

CVSS: 9.3CWE: CWE-189
Read more
2010-01-20
Medium

CVE-2010-0362

Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses.

CVSS: 5.0CWE: CWE-310
Read more
2010-01-19
Low

CVE-2010-0007

net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, w…

CVSS: 2.1CWE: CWE-264
Read more
Medium

CVE-2009-4605

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote at…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2009-4141

Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (ak…

CVSS: 7.2CWE: CWE-399
Read more
Critical

CVE-2009-4012

Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via long strings that trigger heap-based buffer overflows, related to (1) thbrk/t…

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2009-3739

Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attackers to obtain privileged access or cause a denial of service (halt) via unkn…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2008-7252

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.

CVSS: 10.0CWE: CWE-310
Read more
Critical

CVE-2008-7251

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.

CVSS: 10.0CWE: CWE-264
Read more
2010-01-15
Medium

CVE-2010-0336

Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-0325

Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2010-0323

Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2010-0318

The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions,…

CVSS: 6.9CWE: CWE-264
Read more
High

CVE-2010-0317

Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are n…

CVSS: 7.8CWE: CWE-399
Read more
Critical

CVE-2010-0316

Integer overflow in Google SketchUp before 7.1 M2 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a crafted SKP file.

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2010-0280

Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitr…

CVSS: 9.3CWE: CWE-189
Read more
2010-01-14
Medium

CVE-2010-0315

WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-0314

Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK elemen…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-0313

The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon cra…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-0311

Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2010-0310

Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.

CVSS: 6.8CWE: CWE-264
Read more
High

CVE-2010-0184

The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak p…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2009-4355

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consu…

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2010-0015

nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows r…

CVSS: 7.5CWE: CWE-255
Read more
Critical

CVE-2009-4182

Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging au…

CVSS: 9.0CWE: N/A
Read more
2010-01-13
High

CVE-2009-4492

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable chara…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2009-4487

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite…

CVSS: 6.8CWE: N/A
Read more
Critical

CVE-2010-0018

Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Ser…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2009-4212

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to c…

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2009-3959

Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PD…

CVSS: 10.0CWE: CWE-189
Read more
Medium

CVE-2009-3957

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors.

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2009-3956

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attac…

CVSS: 10.0CWE: CWE-16
Read more
Critical

CVE-2009-3955

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecod…

CVSS: 10.0CWE: CWE-399
Read more
High

CVE-2009-4607

The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the "less" utility with a higher-privileged uid than the CLI user and without sufficient restriction on she…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2009-4606

South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbit…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2010-0279

Unrestricted file upload vulnerability in upload.php in BTS-GI Read excel 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2010-0080

Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle, #21 and 9.0 Bundle #11 allows remote authentic…

CVSS: 4.9CWE: N/A
Read more
Critical

CVE-2010-0079

Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-0078

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-0077

Unspecified vulnerability in the CRM Technical Foundation (mobile) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality and integrity v…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2010-0076

Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availabil…

CVSS: 6.0CWE: N/A
Read more
Medium

CVE-2010-0075

Unspecified vulnerability in the Oracle HRMS (Self Service) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-0074

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vector…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2010-0072

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NO…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-0071

Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availabil…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-0070

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-0069

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-0068

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP2, and 10.0 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-0067

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-0066

Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2009-3416

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2009-3415

Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availa…

CVSS: 9.0CWE: N/A
Read more
Medium

CVE-2009-3414

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via u…

CVSS: 4.9CWE: N/A
Read more
Low

CVE-2009-3413

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via u…

CVSS: 3.2CWE: N/A
Read more
Low

CVE-2009-3412

Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown…

CVSS: 1.0CWE: N/A
Read more
Medium

CVE-2009-3411

Unspecified vulnerability in the Oracle Data Pump component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiali…

CVSS: 4.9CWE: N/A
Read more
Low

CVE-2009-3410

Unspecified vulnerability in the RDBMS component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and inte…

CVSS: 3.6CWE: N/A
Read more
Medium

CVE-2009-1996

Unspecified vulnerability in the Logical Standby component in Oracle Database allows remote authenticated users to affect integrity via unknown vectors.

CVSS: 4.0CWE: N/A
Read more
2010-01-12
Medium

CVE-2010-0278

A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2009-4603

Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2009-4538

drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2009-4536

drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a com…

CVSS: 7.8CWE: CWE-189
Read more
2010-01-09
Medium

CVE-2010-0277

slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) o…

CVSS: 5.0CWE: CWE-399
Read more
Critical

CVE-2010-0276

IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsu…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-0275

Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-0274

Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, a…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2009-4594

Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH.

CVSS: 10.0CWE: N/A
Read more
2010-01-08
High

CVE-2010-0273

Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2010-0271

hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspecified attempts to write to the auditing log, which makes it easier for physically proximate attacker…

CVSS: 4.6CWE: CWE-264
Read more
High

CVE-2009-4010

Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones.

CVSS: 7.5CWE: N/A
Read more
2010-01-07
Medium

CVE-2010-0229

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents…

CVSS: 4.6CWE: CWE-255
Read more
Medium

CVE-2010-0228

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proxima…

CVSS: 4.6CWE: CWE-310
Read more
Medium

CVE-2010-0227

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically pr…

CVSS: 4.6CWE: CWE-255
Read more
Medium

CVE-2010-0226

SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captu…

CVSS: 4.6CWE: CWE-255
Read more
Medium

CVE-2010-0224

SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cl…

CVSS: 4.6CWE: CWE-255
Read more
Low

CVE-2010-0223

Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives do not prevent password replay attacks, which allows…

CVSS: 2.1CWE: CWE-264
Read more
Medium

CVE-2010-0222

Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the c…

CVSS: 4.6CWE: CWE-310
Read more
Low

CVE-2010-0221

Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives validate passwords with a program running on the host…

CVSS: 2.1CWE: CWE-264
Read more
Medium

CVE-2010-0220

The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted we…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2009-4593

The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2009-4592

Unspecified vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to include arbitrary local files via unknown vectors.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2009-4587

Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word.

CVSS: 5.0CWE: N/A
Read more
2010-01-06
Medium

CVE-2009-4585

UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db…

CVSS: 5.0CWE: CWE-264
Read more
2010-01-05
Medium

CVE-2009-3734

Unspecified vulnerability in the management console in the S2 Security Linear eMerge Access Control System 2.5.x allows remote attackers to cause a denial of service (configuration reset) via a reque…

CVSS: 5.0CWE: N/A
Read more
2010-01-04
High

CVE-2009-4565

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP se…

CVSS: 7.5CWE: CWE-310
Read more
Medium

CVE-2009-4558

The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly…

CVSS: 5.0CWE: CWE-264
Read more
High

CVE-2009-4556

Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2009-4545

Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/globepersonn…

CVSS: 5.0CWE: CWE-264
Read more
>