Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0537 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-18 | 2.6 LOW | N/A |
| DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. | |||||
| CVE-2010-2319 | 1 Idevspot | 1 Textads | 2010-06-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2010-2318 | 1 Phpcityportal | 1 Phpcityportal | 2010-06-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cms_data.php in PHPCityPortal 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2010-2316 | 1 Wmsdesign | 1 Wmscms | 2010-06-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, different vectors than CVE-2007-3137. | |||||
| CVE-2010-2314 | 2 Edmondhui.homeip, Nucleus Group | 2 Np Twitter, Nucleus Cms | 2010-06-18 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2267 | 1 Accoria | 1 Rock Web Server | 2010-06-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi. | |||||
| CVE-2010-1216 | 1 Notsopureedit | 1 Notsopureedit | 2010-06-18 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1937 | 1 Standards Based Linux Instrumentation | 1 Sblim-sfcb | 2010-06-18 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB before 1.3.8 might allow remote attackers to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug #3001896. | |||||
| CVE-2010-0545 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 4.4 MEDIUM | N/A |
| The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations. | |||||
| CVE-2010-0546 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 3.3 LOW | N/A |
| Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. | |||||
| CVE-2010-0543 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 6.8 MEDIUM | N/A |
| ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding. | |||||
| CVE-2010-1374 | 2 Aol, Apple | 3 Aim, Mac Os X, Mac Os X Server | 2010-06-17 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation. | |||||
| CVE-2010-1373 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content." | |||||
| CVE-2010-2274 | 1 Dojotoolkit | 1 Dojo | 2010-06-17 | 4.3 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html. | |||||
| CVE-2010-2282 | 1 Tomatocms | 1 Tomatocms | 2010-06-17 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. | |||||
| CVE-2010-2280 | 1 Ibm | 1 Lotus Connections | 2010-06-17 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH. | |||||
| CVE-2010-2270 | 1 Accoria | 1 Rock Web Server | 2010-06-17 | 7.5 HIGH | N/A |
| Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | |||||
| CVE-2010-2309 | 1 Evological | 1 Evocam | 2010-06-17 | 7.5 HIGH | N/A |
| Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2010-2269 | 1 Accoria | 1 Rock Web Server | 2010-06-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. | |||||
| CVE-2010-2312 | 1 Hauntmax | 1 Haunted House Directory Listing Cms | 2010-06-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in HauntmAx Haunted House Directory Listing CMS allows remote attackers to execute arbitrary SQL commands via the state parameter in a listings action. | |||||
| CVE-2010-2277 | 1 Ibm | 1 Lotus Connections | 2010-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component. | |||||
| CVE-2010-2276 | 1 Dojotoolkit | 1 Dojo | 2010-06-16 | 10.0 HIGH | N/A |
| The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component. | |||||
| CVE-2010-2275 | 1 Dojotoolkit | 1 Dojo | 2010-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html. | |||||
| CVE-2010-2279 | 1 Ibm | 1 Lotus Connections | 2010-06-16 | 7.6 HIGH | N/A |
| The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors. | |||||
| CVE-2010-2271 | 1 Accoria | 1 Rock Web Server | 2010-06-16 | 7.5 HIGH | N/A |
| Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter. | |||||
| CVE-2010-2273 | 1 Dojotoolkit | 1 Dojo | 2010-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html. | |||||
| CVE-2010-2281 | 1 Tomatocms | 1 Tomatocms | 2010-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) bannerid parameter in conjunction with a /admin/ad/banner/list PATH_INFO; and allow remote authenticated users, with certain privileges, to inject arbitrary web script or HTML via the (3) title or (4) answers parameter in conjunction with a /admin/poll/add PATH_INFO, or the (5) name parameter in conjunction with a /admin/category/add PATH_INFO. | |||||
| CVE-2010-2272 | 1 Dojotoolkit | 1 Dojo | 2010-06-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors. | |||||
| CVE-2010-2268 | 1 Accoria | 1 Rock Web Server | 2010-06-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts. | |||||
| CVE-2010-2278 | 1 Ibm | 1 Lotus Connections | 2010-06-16 | 4.0 MEDIUM | N/A |
| The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. | |||||
| CVE-2010-2054 | 1 Standards Based Linux Instrumentation | 1 Sblim-sfcb | 2010-06-15 | 10.0 HIGH | N/A |
| Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4894 | 1 Punbb | 1 Punbb | 2010-06-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail. | |||||
| CVE-2010-2155 | 1 Zonecheck | 1 Zonecheck | 2010-06-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, (2) zc-error text, (3) $zc_version, (4) domainname in a zc-title row, different vulnerabilities than CVE-2009-4882. | |||||
| CVE-2010-1916 | 2 S9y, Xinha | 2 Serendipity, Wysiwyg Editor | 2010-06-13 | 7.5 HIGH | N/A |
| The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin. | |||||
| CVE-2010-1857 | 1 Realitymedias | 1 Repairshop2 | 2010-06-13 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a products.details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-0598 | 1 Cisco | 4 Mediator Framework, Network Building Mediator Nbm-2400, Network Building Mediator Nbm-4800 and 1 more | 2010-06-13 | 9.3 HIGH | N/A |
| Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83631. | |||||
| CVE-2010-0597 | 1 Cisco | 4 Mediator Framework, Network Building Mediator Nbm-2400, Network Building Mediator Nbm-4800 and 1 more | 2010-06-13 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges or cause a denial of service (device reload), via a (1) XML RPC or (2) XML RPC over HTTPS request, aka Bug ID CSCtb83618. | |||||
| CVE-2010-0596 | 1 Cisco | 4 Mediator Framework, Network Building Mediator Nbm-2400, Network Building Mediator Nbm-4800 and 1 more | 2010-06-13 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges, via a (1) HTTP or (2) HTTPS request, aka Bug ID CSCtb83607. | |||||
| CVE-2010-0600 | 1 Cisco | 4 Mediator Framework, Network Building Mediator Nbm-2400, Network Building Mediator Nbm-4800 and 1 more | 2010-06-13 | 10.0 HIGH | N/A |
| Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512. | |||||
| CVE-2010-0599 | 1 Cisco | 4 Mediator Framework, Network Building Mediator Nbm-2400, Network Building Mediator Nbm-4800 and 1 more | 2010-06-13 | 9.3 HIGH | N/A |
| Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505. | |||||
| CVE-2009-4882 | 1 Zonecheck | 1 Zonecheck | 2010-06-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi. | |||||
| CVE-2009-4440 | 1 Sun | 1 Java System Directory Server | 2010-06-13 | 6.8 MEDIUM | N/A |
| Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593. | |||||
| CVE-2009-4443 | 1 Sun | 1 Java System Directory Server | 2010-06-13 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978. | |||||
| CVE-2009-4442 | 1 Sun | 1 Java System Directory Server | 2010-06-13 | 5.0 MEDIUM | N/A |
| Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665. | |||||
| CVE-2009-4441 | 1 Sun | 1 Java System Directory Server | 2010-06-13 | 5.0 MEDIUM | N/A |
| Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659. | |||||
| CVE-2009-2283 | 1 Sun | 2 Java Web Console, Solaris | 2010-06-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-2260 | 1 Stardict | 1 Stardict | 2010-06-13 | 5.0 MEDIUM | N/A |
| stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2010-1041 | 1 Ibm | 1 Db2 Content Manager | 2010-06-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors. | |||||
| CVE-2010-1479 | 2 Joomla, Rockettheme | 2 Joomla\!, Com Rokmodule | 2010-06-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php. | |||||
| CVE-2010-1478 | 2 Joomla, Ternaria | 2 Joomla\!, Com Jfeedback | 2010-06-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||