CVE Daily
← All years

Uncategorized 2010

Page 3/14.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2010-10-25
Medium

CVE-2010-3710

Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of s…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2010-3165

Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and earlier, OuiEditor 1.6.1.1 and earlier, UnEditor 1.10.1.2 and earlier, DeuxEditor 1.7.1.2 and earlier, SQLEditorXP 3.14.1.2 and earl…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3164

Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and earlier and Grani 4.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working dire…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3163

Untrusted search path vulnerability in Fenrir Sleipnir before 2.9.5 and Grani before 4.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3162

Untrusted search path vulnerability in Apsaly before 3.74 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3161

Untrusted search path vulnerability in TeraPad before 1.00 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3160

Untrusted search path vulnerability in Archive Decoder 1.23 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3156

Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

CVSS: 6.9CWE: N/A
Read more
2010-10-23
Medium

CVE-2010-4057

solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, whic…

CVSS: 5.0CWE: CWE-189
Read more
Medium

CVE-2010-4056

solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attacke…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-4055

Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 13…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2010-3290

Unspecified vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote authenticated users to gain privileges via unknown vectors.

CVSS: 6.5CWE: N/A
Read more
2010-10-21
Critical

CVE-2010-4045

Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scrip…

CVSS: 9.3CWE: CWE-264
Read more
Medium

CVE-2010-4043

Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive infor…

CVSS: 4.3CWE: CWE-264
Read more
Critical

CVE-2010-4041

The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unsp…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2010-4039

Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2010-4037

Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2010-4033

Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-3182

A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3181

Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users…

CVSS: 6.9CWE: N/A
Read more
Critical

CVE-2010-3180

Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows rem…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2010-3178

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs…

CVSS: 5.8CWE: CWE-264
Read more
Critical

CVE-2010-3176

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3175

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corrup…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3174

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memo…

CVSS: 9.3CWE: N/A
Read more
High

CVE-2010-3173

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key leng…

CVSS: 7.5CWE: CWE-310
Read more
Medium

CVE-2010-3170

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field o…

CVSS: 4.3CWE: CWE-310
Read more
2010-10-20
Medium

CVE-2010-4007

Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding…

CVSS: 5.0CWE: CWE-310
Read more
Medium

CVE-2010-3394

The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared libra…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3393

magics-config in Magics++ 2.10.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working direc…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3389

The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allow…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3387

vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3386

usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the curre…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3385

TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3384

The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain pr…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3383

The (1) teamspeak and (2) teamspeak-server scripts in TeamSpeak 2.0.32 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3382

tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the cu…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3381

The (1) tangerine and (2) tangerine-properties scripts in Tangerine 0.3.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse s…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3378

The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scilab 5.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan hors…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3377

The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) hxx2salome scripts in SALOME 5.1.3 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain priv…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3376

The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ROOT 5.18/00 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3369

The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, and other versions before 2.8.1, place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privi…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3366

Mn_Fit 5.13 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3365

Mistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3364

The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working di…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3363

roarify in roaraudio 0.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3362

lastfm 1.5.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3361

The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared l…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3360

Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3358

HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3357

gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3355

Ember 0.5.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3354

dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3353

Cowbell 0.2.7.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3351

startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directo…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-3349

Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-2057

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it e…

CVSS: 5.0CWE: CWE-310
Read more
Medium

CVE-2010-0782

IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguishe…

CVSS: 4.3CWE: N/A
Read more
2010-10-19
Critical

CVE-2010-3574

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, int…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-3573

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availabil…

CVSS: 5.1CWE: N/A
Read more
Critical

CVE-2010-3572

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrit…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-3571

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity,…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2010-3570

Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via un…

CVSS: 7.6CWE: N/A
Read more
Critical

CVE-2010-3569

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality,…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-3568

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality,…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-3567

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-3566

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-3565

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availa…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-3563

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown ve…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-3562

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity,…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2010-3561

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability v…

CVSS: 7.5CWE: N/A
Read more
Low

CVE-2010-3560

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 2.6CWE: N/A
Read more
Critical

CVE-2010-3559

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrit…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-3558

Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknow…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-3557

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrit…

CVSS: 6.8CWE: N/A
Read more
Critical

CVE-2010-3556

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity,…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-3555

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown ve…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3554

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrit…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-3553

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrit…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-3552

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unkn…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-3551

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown ve…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2010-3550

Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and avail…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2010-3549

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, int…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2010-3548

Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affec…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-3541

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, int…

CVSS: 5.1CWE: N/A
Read more
Critical

CVE-2010-3976

Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and cond…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-3975

Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2010-3492

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should han…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-3158

Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Critical

CVE-2010-3157

Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explore…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2009-5013

Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during…

CVSS: 4.0CWE: CWE-399
Read more
Medium

CVE-2009-5012

ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directo…

CVSS: 4.0CWE: CWE-264
Read more
Medium

CVE-2007-6741

The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from…

CVSS: 6.5CWE: CWE-264
Read more
Medium

CVE-2007-6740

The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of…

CVSS: 4.0CWE: CWE-264
Read more
Medium

CVE-2007-6738

pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the n…

CVSS: 5.0CWE: N/A
Read more
2010-10-18
Critical

CVE-2010-3983

CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.

CVSS: 9.0CWE: CWE-264
Read more
Medium

CVE-2010-3980

Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids…

CVSS: 4.0CWE: N/A
Read more
High

CVE-2010-3287

Unspecified vulnerability on HP ProCurve Access Points, Access Controllers, and Mobility Controllers with software 5.1.x through 5.1.9, 5.2.x through 5.2.7, 5.3.x through 5.3.5, and 5.4.x through 5.4…

CVSS: 8.3CWE: N/A
Read more
Medium

CVE-2010-3286

Unspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-2369

Untrusted search path vulnerability in Lhasa 0.19 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2010-2368

Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Critical

CVE-2010-0219

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier…

CVSS: 10.0CWE: CWE-255
Read more
Medium

CVE-2009-5006

The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and o…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2009-5005

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daem…

CVSS: 5.0CWE: N/A
Read more
2010-10-14
Medium

CVE-2010-3934

The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows re…

CVSS: 6.8CWE: CWE-264
Read more
Critical

CVE-2010-3585

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agen…

CVSS: 9.0CWE: N/A
Read more
Medium

CVE-2010-3584

Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the…

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2010-3583

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agen…

CVSS: 9.0CWE: N/A
Read more
Critical

CVE-2010-3582

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agen…

CVSS: 9.0CWE: N/A
Read more
Low

CVE-2010-3581

Unspecified vulnerability in the BPEL Console component in Oracle Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0 allows remote authenticated users to affect integrity via unknown vectors.

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2010-3580

Unspecified vulnerability in Oracle OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/File System.

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2010-3579

Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality an…

CVSS: 6.4CWE: N/A
Read more
Critical

CVE-2010-3578

Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depot Server.

CVSS: 9.0CWE: N/A
Read more
Medium

CVE-2010-3577

Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality and integrity, related to Kernel/CIFS.

CVSS: 6.4CWE: N/A
Read more
Low

CVE-2010-3576

Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver.

CVSS: 3.6CWE: N/A
Read more
Medium

CVE-2010-3575

Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 6.0, 6.2, 6.3, and 7.0 allows remote attackers to aff…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2010-3564

Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2010-3547

Unspecified vulnerability in the PeopleSoft FMS ESA - EX component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affe…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2010-3546

Unspecified vulnerability in the Sun Java System Identity Manager component in Oracle Sun Products Suite 8.1 allows remote attackers to affect confidentiality and integrity via unknown vectors.

CVSS: 5.8CWE: N/A
Read more
Medium

CVE-2010-3545

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via…

CVSS: 5.8CWE: N/A
Read more
>