Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4444 | 2 Oracle, Sun | 2 Opensso, Java System Access Manager | 2017-08-17 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-4445 | 1 Oracle | 1 Peoplesoft And Jdedwards Product Suite | 2017-08-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager. | |||||
| CVE-2010-4446 | 1 Sun | 1 Sunos | 2017-08-17 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to RDS and Kernel/InfiniBand. | |||||
| CVE-2010-4449 | 1 Oracle | 1 Audit Vault | 2017-08-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue is related to a crafted parameter in an action.execute request to the av component on TCP port 5700. | |||||
| CVE-2010-4455 | 1 Oracle | 1 Fusion Middleware | 2017-08-17 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin. | |||||
| CVE-2010-4456 | 1 Sun | 1 Java System Communications Express | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail. | |||||
| CVE-2010-4457 | 1 Sun | 1 Sunos | 2017-08-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to SMB and CIFS. | |||||
| CVE-2010-4458 | 1 Sun | 1 Sunos | 2017-08-17 | 4.1 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to ZFS. | |||||
| CVE-2010-4459 | 1 Sun | 1 Sunos | 2017-08-17 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to SCTP and Kernel/sockfs. | |||||
| CVE-2010-4460 | 1 Sun | 1 Sunos | 2017-08-17 | 3.6 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon. | |||||
| CVE-2010-4461 | 1 Oracle | 1 Peoplesoft And Jdedwards Product Suite | 2017-08-17 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #23, 9.0 Bundle #14, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance. | |||||
| CVE-2010-4464 | 1 Oracle | 1 Sun Convergence | 2017-08-17 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. | |||||
| CVE-2010-4496 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4497 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4498 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2017-08-17 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. | |||||
| CVE-2010-4499 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2017-08-17 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2010-4506 | 1 Oracle | 1 Passlogix V-go Self-service Password Reset And Oem | 2017-08-17 | 6.2 MEDIUM | N/A |
| Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard. | |||||
| CVE-2010-4509 | 1 Sixapart | 1 Movabletype | 2017-08-17 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 and 5.x before 5.04 have unknown impact and attack vectors related to the (1) mt:AssetProperty and (2) mt:EntryFlag tags. | |||||
| CVE-2010-4511 | 1 Sixapart | 1 Movabletype | 2017-08-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 has unknown impact and attack vectors related to the "dynamic publishing error message." | |||||
| CVE-2010-4525 | 1 Linux | 1 Linux Kernel | 2017-08-17 | 1.9 LOW | N/A |
| Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors. | |||||
| CVE-2010-4530 | 1 Muscle | 1 Pcsc-lite | 2017-08-17 | 4.4 MEDIUM | N/A |
| Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. | |||||
| CVE-2010-4539 | 1 Apache | 1 Subversion | 2017-08-17 | 6.8 MEDIUM | N/A |
| The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. | |||||
| CVE-2010-4544 | 1 Ibm | 1 Lotus Notes Traveler | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4554 | 1 Squirrelmail | 1 Squirrelmail | 2017-08-17 | 4.3 MEDIUM | N/A |
| functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2010-4555 | 1 Squirrelmail | 1 Squirrelmail | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page. | |||||
| CVE-2010-4556 | 1 Sap | 1 Netweaver Business Client | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods. | |||||
| CVE-2010-4567 | 1 Mozilla | 1 Bugzilla | 2017-08-17 | 4.3 MEDIUM | N/A |
| Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the URL (aka bug_file_loc) field. | |||||
| CVE-2010-4568 | 1 Mozilla | 1 Bugzilla | 2017-08-17 | 7.5 HIGH | N/A |
| Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function. | |||||
| CVE-2010-4569 | 1 Mozilla | 1 Bugzilla | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI. | |||||
| CVE-2010-4570 | 1 Mozilla | 1 Bugzilla | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the duplicate-detection functionality in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the summary field, related to the DataTable widget in YUI. | |||||
| CVE-2010-4572 | 1 Mozilla | 1 Bugzilla | 2017-08-17 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a different vulnerability than CVE-2010-2761 and CVE-2010-4411. | |||||
| CVE-2010-4602 | 1 Ibm | 1 Rational Clearquest | 2017-08-17 | 4.0 MEDIUM | N/A |
| The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark. | |||||
| CVE-2010-4603 | 1 Ibm | 1 Rational Clearquest | 2017-08-17 | 6.5 MEDIUM | N/A |
| IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference. | |||||
| CVE-2010-4611 | 1 Html-edit | 1 Html-edit Cms | 2017-08-17 | 5.0 MEDIUM | N/A |
| Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to (1) pages.php and (2) menu.php in includes/core_files and (3) extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message. | |||||
| CVE-2010-4615 | 1 Iskenderaltuntas | 1 Oto Galeri Sistemi | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp. | |||||
| CVE-2010-4617 | 2 Joomla, Kanich | 2 Joomla\!, Com Jotloader | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. | |||||
| CVE-2010-4619 | 1 Webscripti | 1 Mafya Oyun Scrpti | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-4622 | 1 Ibm | 2 Aix, Tivoli Access Manager For E-business | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI. | |||||
| CVE-2010-4623 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2017-08-17 | 4.0 MEDIUM | N/A |
| WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions. | |||||
| CVE-2010-4624 | 1 Mybb | 1 Mybb | 2017-08-17 | 3.5 LOW | N/A |
| MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created. | |||||
| CVE-2010-4625 | 1 Mybb | 1 Mybb | 2017-08-17 | 5.0 MEDIUM | N/A |
| MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page. | |||||
| CVE-2010-4626 | 1 Mybb | 1 Mybb | 2017-08-17 | 5.1 MEDIUM | N/A |
| The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack. | |||||
| CVE-2010-4627 | 1 Mybb | 1 Mybb | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2010-4628 | 1 Mybb | 1 Mybb | 2017-08-17 | 5.0 MEDIUM | N/A |
| member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table. | |||||
| CVE-2010-4629 | 1 Mybb | 1 Mybb | 2017-08-17 | 5.0 MEDIUM | N/A |
| MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php. | |||||
| CVE-2010-4630 | 2 Fubra, Wordpress | 2 Wp-survey-and-quiz-tool, Wordpress | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2010-4631 | 1 Pilotcart | 1 Pilot Cart | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow. | |||||
| CVE-2011-0987 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-17 | 6.5 MEDIUM | N/A |
| The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark. | |||||
| CVE-2011-0988 | 2 Novell, Pureftpd | 2 Suse Linux, Pure-ftpd | 2017-08-17 | 4.4 MEDIUM | N/A |
| pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors. | |||||
| CVE-2011-0989 | 2 Mono, Novell | 2 Mono, Moonlight | 2017-08-17 | 5.8 MEDIUM | N/A |
| The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct. | |||||