CVE Daily
← All years

Uncategorized 2010

Page 2/14.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2010-12-01
Medium

CVE-2009-5019

Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb.

CVSS: 5.0CWE: CWE-264
Read more
2010-11-26
Medium

CVE-2010-4312

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

CVSS: 6.4CWE: CWE-16
Read more
Medium

CVE-2010-4311

Free Simple Software 1.0 stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information.

CVSS: 5.0CWE: CWE-310
Read more
High

CVE-2010-3830

Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2010-3829

WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail m…

CVSS: 5.8CWE: CWE-264
Read more
Medium

CVE-2010-3828

iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-4301

epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related t…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2010-3445

Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attacker…

CVSS: 5.0CWE: CWE-399
Read more
2010-11-22
Medium

CVE-2010-4305

Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI…

CVSS: 5.0CWE: CWE-310
Read more
Medium

CVE-2010-4304

The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic…

CVSS: 6.4CWE: CWE-310
Read more
Medium

CVE-2010-4303

Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover enc…

CVSS: 4.9CWE: CWE-255
Read more
Medium

CVE-2010-4302

/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) ad…

CVSS: 4.9CWE: CWE-310
Read more
Medium

CVE-2010-4167

Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration…

CVSS: 6.9CWE: N/A
Read more
Critical

CVE-2010-3038

Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier f…

CVSS: 10.0CWE: CWE-255
Read more
Critical

CVE-2010-3826

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colo…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3824

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2010-3823

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2010-3820

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows re…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2010-3818

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2010-3817

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Casc…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3816

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2010-3813

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac O…

CVSS: 5.8CWE: CWE-264
Read more
Critical

CVE-2010-3812

Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2010-3811

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2010-3810

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof t…

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2010-3805

Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a den…

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of rando…

CVSS: 5.0CWE: CWE-310
Read more
Critical

CVE-2010-3803

Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a deni…

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2010-3618

PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent…

CVSS: 4.3CWE: CWE-310
Read more
2010-11-17
Medium

CVE-2010-4159

Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3869

Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.

CVSS: 4.0CWE: CWE-310
Read more
Medium

CVE-2010-4274

reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership.

CVSS: 4.4CWE: CWE-264
Read more
High

CVE-2010-4234

The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to cause a denial of service (device reboot) via a la…

CVSS: 7.8CWE: CWE-399
Read more
Critical

CVE-2010-4233

The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default passw…

CVSS: 10.0CWE: CWE-255
Read more
Medium

CVE-2010-4215

UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup.

CVSS: 6.5CWE: CWE-264
Read more
2010-11-16
Medium

CVE-2010-4010

Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document.

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2010-3792

Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movi…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2010-3784

The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-3783

Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via uns…

CVSS: 6.8CWE: CWE-264
Read more
Medium

CVE-2010-1847

The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) vi…

CVSS: 4.9CWE: CWE-399
Read more
2010-11-15
Medium

CVE-2010-1830

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via u…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-1803

Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volu…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-2638

Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Pro…

CVSS: 4.0CWE: CWE-399
Read more
Medium

CVE-2010-0113

The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers t…

CVSS: 4.3CWE: CWE-255
Read more
2010-11-12
Medium

CVE-2010-4236

Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PAT…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3899

IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2010-3898

IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveragin…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2010-3897

ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive infor…

CVSS: 5.0CWE: CWE-255
Read more
High

CVE-2010-3895

esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2010-3893

The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbit…

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2010-3892

Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2009-5016

Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanism…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2010-2637

IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information b…

CVSS: 4.3CWE: CWE-310
Read more
2010-11-10
Medium

CVE-2010-3634

Unspecified vulnerability in the edge process in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service via unknow…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-3633

Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service (memory consumption) via unspecified vectors.

CVSS: 5.0CWE: CWE-399
Read more
Critical

CVE-2010-3337

Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-2573

Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, ak…

CVSS: 9.3CWE: CWE-189
Read more
2010-11-09
Critical

CVE-2010-4218

Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown impact and attack vectors, related to a system that becomes "exposed to the internet."

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-4217

Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2008-7265

The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.

CVSS: 4.0CWE: CWE-399
Read more
Medium

CVE-2010-4214

The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive info…

CVSS: 4.3CWE: CWE-310
Read more
Medium

CVE-2010-4213

The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading applicat…

CVSS: 4.3CWE: CWE-310
Read more
Low

CVE-2010-4212

The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application da…

CVSS: 1.9CWE: CWE-264
Read more
Medium

CVE-2010-3436

fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.

CVSS: 5.0CWE: CWE-264
Read more
2010-11-07
Critical

CVE-2010-3652

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3650

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3649

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3648

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3647

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3646

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3645

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3644

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3643

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3642

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3641

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3640

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3639

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2010-3638

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2010-3636

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing o…

CVSS: 9.3CWE: CWE-264
Read more
2010-11-06
Critical

CVE-2010-4205

Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unkn…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2010-4204

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2010-4001

GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current workin…

CVSS: 4.6CWE: CWE-264
Read more
Medium

CVE-2010-4000

gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working dire…

CVSS: 6.9CWE: CWE-264
Read more
Medium

CVE-2010-3998

The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse share…

CVSS: 6.9CWE: N/A
Read more
Critical

CVE-2010-3916

Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915.

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3915

Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916.

CVSS: 9.3CWE: N/A
Read more
High

CVE-2009-5015

The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2009-5014

The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authoriz…

CVSS: 7.5CWE: CWE-310
Read more
2010-11-05
Critical

CVE-2010-4092

Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web si…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2010-4184

NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information…

CVSS: 5.0CWE: CWE-310
Read more
Medium

CVE-2010-3999

gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current wor…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3996

festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gai…

CVSS: 6.9CWE: N/A
Read more
2010-11-04
Critical

CVE-2010-4182

Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Busine…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2010-3611

ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a…

CVSS: 4.3CWE: N/A
Read more
2010-11-03
Critical

CVE-2010-3914

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary co…

CVSS: 9.3CWE: N/A
Read more
2010-11-02
Medium

CVE-2010-4105

Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to bypass intended access restrictions, and obtain sensitive information or modify data, via unknown vectors.

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2010-4104

Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-4103

Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-4102

Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-4100

Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2010-4031

Unspecified vulnerability in HP Insight Control Performance Management before 6.2 allows remote authenticated users to gain privileges via unknown vectors.

CVSS: 8.0CWE: N/A
Read more
Medium

CVE-2010-4145

Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb.

CVSS: 5.0CWE: CWE-264
Read more
2010-10-29
Medium

CVE-2010-3700

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attacke…

CVSS: 5.0CWE: CWE-264
Read more
2010-10-28
High

CVE-2010-4029

Unspecified vulnerability in HP Storage Essentials before 6.3.0, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of servic…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2010-4028

Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data,…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2010-4027

Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors.

CVSS: 5.6CWE: N/A
Read more
Medium

CVE-2010-4026

Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls.

CVSS: 6.2CWE: N/A
Read more
Critical

CVE-2010-4025

Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document.

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2010-3993

Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to obtain sensitive information or modify data via unknown vectors.

CVSS: 6.4CWE: N/A
Read more
Critical

CVE-2010-3992

Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote authenticated users to gain privileges via unknown vectors.

CVSS: 9.0CWE: N/A
Read more
Medium

CVE-2010-3990

Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-3988

Unspecified vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to bypass intended access restrictions and cause a denial of service via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-3713

rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended acce…

CVSS: 4.3CWE: CWE-264
Read more
2010-10-27
Medium

CVE-2010-4098

monotone before 0.48.1, when configured to allow remote commands, allows remote attackers to cause a denial of service (crash) via an empty argument to the mtn command.

CVSS: 5.0CWE: N/A
Read more
2010-10-26
Medium

CVE-2010-2584

The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote att…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2010-4094

The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by l…

CVSS: 5.0CWE: CWE-255
Read more
Medium

CVE-2010-3986

Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VCEM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
2010-10-25
Critical

CVE-2010-4070

Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before…

CVSS: 10.0CWE: CWE-189
Read more
Medium

CVE-2010-3717

The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, whi…

CVSS: 5.0CWE: CWE-264
Read more
High

CVE-2010-3714

The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values dur…

CVSS: 7.1CWE: CWE-264
Read more
>