Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4918 | 1 Cisco | 1 Asa 5580 | 2010-06-30 | 7.8 HIGH | N/A |
| Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439. | |||||
| CVE-2009-4919 | 1 Cisco | 1 Asa 5580 | 2010-06-30 | 10.0 HIGH | N/A |
| Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121. | |||||
| CVE-2009-4920 | 1 Cisco | 1 Asa 5580 | 2010-06-30 | 7.8 HIGH | N/A |
| Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412. | |||||
| CVE-2009-4921 | 1 Cisco | 1 Asa 5580 | 2010-06-30 | 7.8 HIGH | N/A |
| Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110. | |||||
| CVE-2009-4922 | 1 Cisco | 1 Asa 5580 | 2010-06-30 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583. | |||||
| CVE-2009-4923 | 1 Cisco | 1 Asa 5580 | 2010-06-30 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162. | |||||
| CVE-2010-2516 | 1 2daybiz | 1 Multi Level Marketing Software | 2010-06-30 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1299 | 1 Pulseaudio | 1 Pulseaudio | 2010-06-29 | 6.9 MEDIUM | N/A |
| The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file. | |||||
| CVE-2010-2508 | 1 2daybiz | 1 Video Community Portal Script | 2010-06-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
| CVE-2009-3734 | 1 S2sys | 1 Linear Emerge Access Control System | 2010-06-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the management console in the S2 Security Linear eMerge Access Control System 2.5.x allows remote attackers to cause a denial of service (configuration reset) via a request to a crafted URI. | |||||
| CVE-2006-6998 | 1 Headstart Solutions | 1 Deskpro | 2010-06-29 | 5.0 MEDIUM | N/A |
| install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function. | |||||
| CVE-2009-1797 | 1 Apc | 2 Network Management Card, Switched Rack Pdu | 2010-06-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact. | |||||
| CVE-2009-1798 | 1 Apc | 2 Network Management Card, Switched Rack Pdu | 2010-06-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406. | |||||
| CVE-2009-4325 | 1 Ibm | 1 Db2 | 2010-06-29 | 6.4 MEDIUM | N/A |
| The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | |||||
| CVE-2009-4326 | 1 Ibm | 1 Db2 | 2010-06-29 | 4.3 MEDIUM | N/A |
| The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. | |||||
| CVE-2009-4327 | 1 Ibm | 1 Db2 | 2010-06-29 | 5.0 MEDIUM | N/A |
| The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2009-4328 | 1 Ibm | 1 Db2 | 2010-06-29 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances. | |||||
| CVE-2009-4330 | 1 Ibm | 1 Db2 | 2010-06-29 | 7.2 HIGH | N/A |
| Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors. | |||||
| CVE-2009-4332 | 1 Ibm | 1 Db2 | 2010-06-29 | 5.0 MEDIUM | N/A |
| db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors. | |||||
| CVE-2009-4333 | 1 Ibm | 1 Db2 | 2010-06-29 | 7.5 HIGH | N/A |
| The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. | |||||
| CVE-2009-4334 | 1 Ibm | 1 Db2 | 2010-06-29 | 4.6 MEDIUM | N/A |
| The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file. | |||||
| CVE-2009-4373 | 1 Alienvault | 1 Open Source Security Information Management | 2010-06-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/. | |||||
| CVE-2009-4431 | 2 Anything-digital, Joomla | 2 Com Jcalpro, Joomla\! | 2010-06-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2009-4438 | 1 Ibm | 1 Db2 | 2010-06-29 | 6.5 MEDIUM | N/A |
| The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors. | |||||
| CVE-2009-4439 | 1 Ibm | 1 Db2 | 2010-06-29 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query. | |||||
| CVE-2010-2470 | 1 Mozilla | 1 Bugzilla | 2010-06-29 | 1.9 LOW | N/A |
| Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180. | |||||
| CVE-2010-2502 | 1 Splunk | 1 Splunk | 2010-06-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067. | |||||
| CVE-2010-2503 | 1 Splunk | 1 Splunk | 2010-06-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user input," aka SPL-31085. | |||||
| CVE-2010-2504 | 1 Splunk | 1 Splunk | 2010-06-29 | 6.0 MEDIUM | N/A |
| Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066. | |||||
| CVE-2010-2505 | 1 Saschart | 1 Sascam Webcam Server | 2010-06-29 | 5.0 MEDIUM | N/A |
| Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request. | |||||
| CVE-2010-2509 | 1 2daybiz | 1 Web Template Software | 2010-06-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php. | |||||
| CVE-2010-2510 | 1 2daybiz | 1 Web Template Software | 2010-06-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
| CVE-2010-2511 | 1 2daybiz | 1 Multi Level Marketing Software | 2010-06-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter. | |||||
| CVE-2010-2512 | 1 2daybiz | 1 Matrimonial Script | 2010-06-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2513 | 2 Harmistechnology, Joomla | 2 Com Jeajaxeventcalendar, Joomla\! | 2010-06-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. | |||||
| CVE-2010-2514 | 2 Dacian Strain, Joomla | 2 Com Jfaq, Joomla\! | 2010-06-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php. | |||||
| CVE-2010-2515 | 2 Dacian Strain, Joomla | 2 Com Jfaq, Joomla\! | 2010-06-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0180 | 1 Mozilla | 1 Bugzilla | 2010-06-28 | 1.9 LOW | N/A |
| Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field. | |||||
| CVE-2010-1204 | 1 Mozilla | 1 Bugzilla | 2010-06-28 | 5.0 MEDIUM | N/A |
| Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search." | |||||
| CVE-2009-4905 | 1 Accscripts | 1 Acc Statistics | 2010-06-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses. | |||||
| CVE-2009-4906 | 1 Accscripts | 1 Acc Php Email | 2010-06-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords. | |||||
| CVE-2010-2444 | 1 Maradns | 1 Maradns | 2010-06-28 | 4.3 MEDIUM | N/A |
| parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file. | |||||
| CVE-2010-2463 | 1 Jamroom | 1 Jamroom | 2010-06-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action. | |||||
| CVE-2010-2469 | 1 Linearcorp | 2 Emerge 50, Emerge 5000 | 2010-06-28 | 5.0 MEDIUM | N/A |
| The Linear eMerge 50 and 5000 uses a default password of eMerge for the IEIeMerge account, which makes it easier for remote attackers to obtain Video Recorder data by establishing a session to the device. | |||||
| CVE-2009-3164 | 1 Sun | 2 Opensolaris, Solaris | 2010-06-25 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136. | |||||
| CVE-2010-1011 | 2 Tim Lochmueller, Typo3 | 2 Mydashboard, Typo3 | 2010-06-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1013 | 2 Fr.simon Rundell, Typo3 | 2 Pd Diocesedatabase, Typo3 | 2010-06-25 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-2223 | 1 Redhat | 1 Enterprise Virtualization Hypervisor | 2010-06-25 | 2.1 LOW | N/A |
| Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. | |||||
| CVE-2010-2440 | 1 Upredsun | 1 Subtitle Translation Wizard | 2010-06-25 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in st-wizard.exe in Subtitle Translation Wizard 3.0 allows user-assisted remote attackers to execute arbitrary code via a crafted SRT file with a long line after a time range. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2323 | 1 Ibm | 2 Websphere Application Server, Zos | 2010-06-24 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT. | |||||