Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3829 | 1 Apple | 1 Iphone Os | 2017-08-17 | 5.8 MEDIUM | N/A |
| WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. | |||||
| CVE-2010-3830 | 1 Apple | 1 Iphone Os | 2017-08-17 | 7.2 HIGH | N/A |
| Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2010-3831 | 1 Apple | 1 Iphone Os | 2017-08-17 | 4.3 MEDIUM | N/A |
| Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action. | |||||
| CVE-2010-3832 | 1 Apple | 3 Ipad, Iphone, Iphone Os | 2017-08-17 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field. | |||||
| CVE-2010-3841 | 1 Twiki | 1 Twiki | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script. | |||||
| CVE-2010-3846 | 1 Nongnu | 1 Cvs | 2017-08-17 | 6.9 MEDIUM | N/A |
| Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. | |||||
| CVE-2010-3852 | 1 Redhat | 2 Conga, Luci | 2017-08-17 | 6.4 MEDIUM | N/A |
| The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. | |||||
| CVE-2010-3871 | 1 Mahara | 1 Mahara | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3872 | 1 Apache | 1 Mod Fcgid | 2017-08-17 | 7.2 HIGH | N/A |
| The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite." | |||||
| CVE-2010-3905 | 1 Eucalyptus | 1 Eucalyptus | 2017-08-17 | 7.5 HIGH | N/A |
| The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users. | |||||
| CVE-2010-3912 | 1 Novell | 1 Suse Linux | 2017-08-17 | 10.0 HIGH | N/A |
| The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. | |||||
| CVE-2010-3915 | 1 Justsystems | 1 Ichitaro | 2017-08-17 | 9.3 HIGH | N/A |
| Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916. | |||||
| CVE-2010-3916 | 1 Justsystems | 1 Ichitaro | 2017-08-17 | 9.3 HIGH | N/A |
| Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915. | |||||
| CVE-2010-3924 | 1 Aimluck | 1 Aipo | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-3925 | 1 Wb-i | 1 Contents-mall | 2017-08-17 | 5.8 MEDIUM | N/A |
| Contents-Mall before 15 does not properly handle passwords, which allows remote attackers to discover the administrative password, and consequently obtain sensitive information or modify data, via unspecified vectors. | |||||
| CVE-2010-3926 | 1 Wb-i | 2 Sgx-sp Final, Sgx-sp Final Ne | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX-SP Final NE before 11.00 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3927 | 1 Lunascape | 1 Lunascape | 2017-08-17 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Lunascape before 6.4.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2010-3928 | 1 Wayneeseguin | 1 Ruby Version Manager | 2017-08-17 | 6.8 MEDIUM | N/A |
| Ruby Version Manager (RVM) before 1.2.1 writes file contents to a terminal without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via a crafted file, related to an "escape sequence injection vulnerability." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3929 | 1 Modxcms | 1 Evolution | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch. | |||||
| CVE-2010-3982 | 1 Sap | 1 Businessobjects | 2017-08-17 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. | |||||
| CVE-2010-4010 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-17 | 6.8 MEDIUM | N/A |
| Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. | |||||
| CVE-2010-4015 | 1 Postgresql | 1 Postgresql | 2017-08-17 | 6.5 MEDIUM | N/A |
| Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions. | |||||
| CVE-2010-4030 | 1 Hp | 1 Insight Control Performance Management | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4031 | 1 Hp | 1 Insight Control Performance Management | 2017-08-17 | 8.0 HIGH | N/A |
| Unspecified vulnerability in HP Insight Control Performance Management before 6.2 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2010-4032 | 1 Hp | 1 Insight Control Performance Management | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2010-4053 | 1 Ibm | 1 Informix Dynamic Server | 2017-08-17 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243. | |||||
| CVE-2010-4055 | 1 Ibm | 1 Soliddb | 2017-08-17 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive calls of a certain function. | |||||
| CVE-2010-4056 | 1 Ibm | 1 Soliddb | 2017-08-17 | 5.0 MEDIUM | N/A |
| solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TCP session on port 1315. | |||||
| CVE-2010-4057 | 1 Ibm | 1 Soliddb | 2017-08-17 | 5.0 MEDIUM | N/A |
| solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access and daemon crash) via a TCP session on port 1315. | |||||
| CVE-2010-4098 | 1 Monotone | 1 Monotone | 2017-08-17 | 5.0 MEDIUM | N/A |
| monotone before 0.48.1, when configured to allow remote commands, allows remote attackers to cause a denial of service (crash) via an empty argument to the mtn command. | |||||
| CVE-2010-4099 | 1 Nitrosecurity | 2 Nitroview Esm, Nitroview Esm Software | 2017-08-17 | 6.8 MEDIUM | N/A |
| ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess. | |||||
| CVE-2010-4100 | 1 Hp | 1 Insight Control Performance Management | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2010-4103 | 1 Hp | 1 Insight Managed System Setup Wizard | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2010-4106 | 1 Hp | 1 Insight Control For Linux | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2010-4107 | 1 Hp | 8 9000, Color Laserjet Mfp, Laserjet 4100 and 5 more | 2017-08-17 | 7.8 HIGH | N/A |
| The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack. | |||||
| CVE-2010-4120 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/. | |||||
| CVE-2010-4144 | 1 Aspindir | 1 Kisisel Radyo Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter. | |||||
| CVE-2010-4146 | 1 Attachmate | 1 Reflection For The Web | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4147 | 1 Avactis | 1 Avactis Shopping Cart | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php. | |||||
| CVE-2010-4148 | 1 Anyconnect | 1 Anyconnect | 2017-08-17 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | |||||
| CVE-2010-4153 | 1 Crossftp | 1 Crossftp Pro | 2017-08-17 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | |||||
| CVE-2010-4154 | 1 Rhinosoft | 1 Ftp Voyager | 2017-08-17 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | |||||
| CVE-2010-4155 | 1 Exv2 | 1 Exv2 | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to (2) modules/news/archive.php, (3) modules/news/topics.php, and (4) modules/contact/index.php, different vectors than CVE-2007-1965. | |||||
| CVE-2010-4171 | 1 Systemtap | 1 Systemtap | 2017-08-17 | 2.1 LOW | N/A |
| The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules). | |||||
| CVE-2010-4175 | 1 Linux | 1 Linux Kernel | 2017-08-17 | 4.9 MEDIUM | N/A |
| Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865. | |||||
| CVE-2010-4181 | 1 Yaws | 1 Yaws | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences. | |||||
| CVE-2010-4184 | 1 Netsupportsoftware | 1 Netsupport Manager | 2017-08-17 | 5.0 MEDIUM | N/A |
| NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network. | |||||
| CVE-2010-4186 | 1 Onlinetechtools.com | 1 Oasys Professional | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4211 | 2 Apple, Ebay | 2 Iphone Os, Paypal | 2017-08-17 | 2.9 LOW | N/A |
| The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | |||||
| CVE-2010-4215 | 1 Foswiki | 1 Foswiki | 2017-08-17 | 6.5 MEDIUM | N/A |
| UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup. | |||||