Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3449 | 2 Apache, Jesse Mcconnell | 2 Archiva, Redback | 2018-10-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials. | |||||
| CVE-2010-3455 | 1 Atutor | 1 Achecker | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0 allows remote attackers to inject arbitrary web script or HTML via the uri parameter. | |||||
| CVE-2010-3463 | 1 Santafox | 1 Santafox | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/search/search.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the search parameter to search.html. | |||||
| CVE-2010-3464 | 1 Santafox | 1 Santafox | 2018-10-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the save_admin action to admin/index.php. | |||||
| CVE-2010-3550 | 1 Sun | 2 Jdk, Jre | 2018-10-10 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-3086 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 4.9 MEDIUM | N/A |
| include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault. | |||||
| CVE-2010-3096 | 1 Softx | 1 Ftp Client | 2018-10-10 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via "..\" (dot dot backslash) sequences in a filename. | |||||
| CVE-2010-3128 | 1 Teamviewer | 1 Teamviewer | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file. | |||||
| CVE-2010-3131 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file. | |||||
| CVE-2010-3149 | 1 Adobe | 1 Device Central Cs5 | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse qtcf.dll that is located in the same folder as an ADCP file. | |||||
| CVE-2010-3150 | 1 Adobe | 1 Premier Pro Cs4 | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Adobe Premier Pro CS4 4.0.0 (314 (MC: 160820)) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as a .pproj, .prfpset, .prexport, .prm, .prmp, .prpreset, .prproj, .prsl, .prtl, or .vpr file. | |||||
| CVE-2010-3151 | 1 Adobe | 2 Onlocation Cs4, Premiere Pro Cs4 | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Adobe On Location CS4 Build 315 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an OLPROJ file. | |||||
| CVE-2010-3152 | 1 Adobe | 1 Illustrator | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or aires.dll that is located in the same folder as an .ait or .eps file. | |||||
| CVE-2010-3153 | 1 Adobe | 1 Indesign Cs4 | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an .indl, .indp, .indt, or .inx file. | |||||
| CVE-2010-3188 | 1 Ifdefined | 1 Bugtracker.net | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via a custom field to the search page. | |||||
| CVE-2010-3189 | 1 Trendmicro | 1 Internet Security | 2018-10-10 | 9.3 HIGH | N/A |
| The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. | |||||
| CVE-2010-3199 | 1 Tigris | 1 Tortoisesvn | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default. | |||||
| CVE-2010-3200 | 1 Microsoft | 1 Word | 2018-10-10 | 4.3 MEDIUM | N/A |
| MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc. | |||||
| CVE-2010-3201 | 1 Netwin | 1 Surgemail | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program. | |||||
| CVE-2010-3261 | 1 Rsa | 1 Authentication Agent For Web | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors. | |||||
| CVE-2010-3262 | 1 Flock | 1 Flock | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3.0.0.4114 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | |||||
| CVE-2010-3266 | 1 Ifdefined | 1 Bugtracker.net | 2018-10-10 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3267 | 1 Ifdefined | 1 Bugtracker.net | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3269 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism. | |||||
| CVE-2010-3270 | 1 Cisco | 1 Webex Meeting Center | 2018-10-10 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed. | |||||
| CVE-2010-3271 | 1 Ibm | 1 Websphere Application Server | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do. | |||||
| CVE-2010-3272 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2018-10-10 | 4.3 MEDIUM | N/A |
| accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action. | |||||
| CVE-2010-3273 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2018-10-10 | 5.0 MEDIUM | N/A |
| ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult. | |||||
| CVE-2010-3274 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. | |||||
| CVE-2010-3275 | 1 Videolan | 1 Vlc Media Player | 2018-10-10 | 9.3 HIGH | N/A |
| libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability." | |||||
| CVE-2010-3276 | 1 Videolan | 1 Vlc Media Player | 2018-10-10 | 9.3 HIGH | N/A |
| libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file. | |||||
| CVE-2010-3321 | 1 Rsa | 1 Authentication Client | 2018-10-10 | 1.5 LOW | N/A |
| RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests. | |||||
| CVE-2010-3397 | 1 Pgp | 1 Desktop | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file. | |||||
| CVE-2010-3407 | 1 Ibm | 1 Lotus Domino | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V. | |||||
| CVE-2010-3429 | 2 Ffmpeg, Mplayerhq | 3 Ffmpeg, Libavcodec, Mplayer | 2018-10-10 | 6.8 MEDIUM | N/A |
| flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability." | |||||
| CVE-2010-2846 | 2 Gonzalo Maser, Joomla | 2 Com Artforms, Joomla\! | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php. | |||||
| CVE-2010-2847 | 2 Gonzalo Maser, Joomla | 2 Com Artforms, Joomla\! | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php. | |||||
| CVE-2010-2848 | 2 Gonzalo Maser, Joomla | 2 Com Artforms, Joomla\! | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. | |||||
| CVE-2010-2851 | 2 Joomla, Ordasoft | 2 Joomla\!, Com Booklibrary | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | |||||
| CVE-2010-2858 | 1 Boesch-it | 1 Simpnews | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters. | |||||
| CVE-2010-2859 | 1 Boesch-it | 1 Simpnews | 2018-10-10 | 5.0 MEDIUM | N/A |
| news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message. | |||||
| CVE-2010-2860 | 1 Emc | 1 Celerra Network Attached Storage | 2018-10-10 | 9.3 HIGH | N/A |
| The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests. | |||||
| CVE-2010-2864 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file. | |||||
| CVE-2010-2866 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie. | |||||
| CVE-2010-2867 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to a "pointer offset vulnerability." | |||||
| CVE-2010-2868 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x320D of a certain file. | |||||
| CVE-2010-2869 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3712 of a certain file. | |||||
| CVE-2010-2870 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | |||||
| CVE-2010-2871 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie. | |||||
| CVE-2010-2872 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie. | |||||