Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2437 | 1 Anecms | 1 Anecms Blog | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php. | |||||
| CVE-2010-2453 | 1 Synology | 13 Disk Station Ds1010\+, Disk Station Ds109, Disk Station Ds110\+ and 10 more | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue. | |||||
| CVE-2010-2506 | 1 Cisco | 2 Linksys Firmware, Linksys Wap54g | 2018-10-10 | 2.9 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter. | |||||
| CVE-2010-2521 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 10.0 HIGH | N/A |
| Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions. | |||||
| CVE-2010-2574 | 1 Mantisbt | 1 Mantisbt | 2018-10-10 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action. | |||||
| CVE-2010-2575 | 1 Kde | 1 Kde Sc | 2018-10-10 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file. | |||||
| CVE-2010-2576 | 1 Opera | 1 Opera Browser | 2018-10-10 | 6.8 MEDIUM | N/A |
| Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407. | |||||
| CVE-2010-2580 | 1 Mailenable | 1 Mailenable | 2018-10-10 | 5.0 MEDIUM | N/A |
| The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error." | |||||
| CVE-2010-2581 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of sub-chunks, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088. | |||||
| CVE-2010-2582 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code. | |||||
| CVE-2010-2583 | 1 Sonicwall | 1 Ssl-vpn End-point Interrogator\/installer Activex Control | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method. | |||||
| CVE-2010-2586 | 1 Nullsoft | 1 Winamp | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow. | |||||
| CVE-2010-2590 | 1 Sap | 1 Crystal Reports | 2018-10-10 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value. | |||||
| CVE-2010-2599 | 1 Rim | 1 Blackberry Software | 2018-10-10 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. | |||||
| CVE-2010-2614 | 1 Grafik-power | 1 Grafik Cms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit_page action. | |||||
| CVE-2010-2615 | 1 Grafik-power | 1 Grafik Cms | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action. | |||||
| CVE-2010-2624 | 1 Iscripts | 1 Easysnaps | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php. | |||||
| CVE-2010-2629 | 1 Cisco | 2 Ace 4710, Content Services Switch 11500 | 2018-10-10 | 7.5 HIGH | N/A |
| The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576. | |||||
| CVE-2010-2634 | 1 Rsa | 1 Envision | 2018-10-10 | 4.0 MEDIUM | N/A |
| RSA enVision before 3.7 SP1 allows remote authenticated users to cause a denial of service via unspecified vectors. | |||||
| CVE-2010-2667 | 1 Vmware | 1 Studio | 2018-10-10 | 6.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance. | |||||
| CVE-2010-2668 | 1 Adaptivedisplays | 2 Alpha Ethernet Adapter Ii, Alpha Ethernet Adapter Ii Web Manager | 2018-10-10 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors. | |||||
| CVE-2010-2678 | 2 Guillermo Vargas, Joomla | 2 Com Xmap, Joomla\! | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2010-2679 | 1 Joomla | 2 Com Weblinks, Joomla\! | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | |||||
| CVE-2010-2686 | 1 Topmanage | 1 Olk Module | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters, as reachable from olk/c_p/searchCart.asp, and other unspecified vectors when performing an advanced search. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2695 | 1 Xlightftpd | 1 Xlight Ftp Server | 2018-10-10 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands. | |||||
| CVE-2010-2703 | 2 Hp, Microsoft | 2 Openview Network Node Manager, Windows | 2018-10-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe. | |||||
| CVE-2010-2704 | 1 Hp | 1 Openview Network Node Manager | 2018-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe. | |||||
| CVE-2010-2717 | 1 Cruxsoftware | 1 Cruxcms | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manager/login.php in CruxSoftware CruxCMS 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the txtusername parameter. | |||||
| CVE-2010-2718 | 1 Cruxsoftware | 1 Cruxpa | 2018-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php. | |||||
| CVE-2010-1913 | 1 Consona | 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance | 2018-10-10 | 9.3 HIGH | N/A |
| The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server. | |||||
| CVE-2010-1922 | 1 29o3 Cms | 1 29o3 Cms | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the LibDir parameter to (1) lib/page/pageDescriptionObject.php, and (2) layoutHeaderFuncs.php, (3) layoutManager.php, and (4) layoutParser.php in lib/layout/. | |||||
| CVE-2010-1929 | 1 Novell | 1 Imanager | 2018-10-10 | 9.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc. | |||||
| CVE-2010-1930 | 1 Novell | 1 Imanager | 2018-10-10 | 5.0 MEDIUM | N/A |
| Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. | |||||
| CVE-2010-1931 | 1 Cubecart | 1 Cubecart | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php. | |||||
| CVE-2010-1960 | 1 Hp | 1 Openview Network Node Manager | 2018-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe. | |||||
| CVE-2010-1961 | 1 Hp | 1 Openview Network Node Manager | 2018-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function. | |||||
| CVE-2010-1964 | 1 Hp | 1 Openview Network Node Manager | 2018-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683. | |||||
| CVE-2010-1986 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2018-10-10 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571. | |||||
| CVE-2010-1987 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2018-10-10 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571. | |||||
| CVE-2010-1988 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2018-10-10 | 10.0 HIGH | N/A |
| Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. | |||||
| CVE-2010-1989 | 1 Opera | 1 Opera Browser | 2018-10-10 | 5.0 MEDIUM | N/A |
| Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181. | |||||
| CVE-2010-1990 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-10 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. | |||||
| CVE-2010-1992 | 1 Google | 1 Chrome | 2018-10-10 | 5.0 MEDIUM | N/A |
| Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. | |||||
| CVE-2010-1993 | 1 Opera | 1 Opera Browser | 2018-10-10 | 5.0 MEDIUM | N/A |
| Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements. | |||||
| CVE-2010-1994 | 1 Tomatocms | 1 Tomatocms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO. | |||||
| CVE-2010-1995 | 1 Tomatocms | 1 Tomatocms | 2018-10-10 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the (1) title, (2) subTitle, and (3) author parameters in conjunction with a /admin/news/article/add PATH_INFO. | |||||
| CVE-2010-1997 | 1 Saurus | 1 Saurus Cms | 2018-10-10 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter. | |||||
| CVE-2010-2003 | 1 Proxy2 | 1 Advanced Poll | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter. | |||||
| CVE-2010-2006 | 1 Letodms | 1 Letodms | 2018-10-10 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2010-2007 | 1 Letodms | 1 Letodms | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use (1) op/op.EditUserData.php, (2) op/op.UsrMgr.php, (3) out/out.RemoveVersion.php, (4) op/op.RemoveFolder.php, (5) op/op.DefaultKeywords.php, (6) op/op.GroupMgr.php, (7) op/op.FolderAccess.php, (8) op/op.FolderNotify.php, or (9) op.MoveFolder.php in mydms. | |||||