Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2242 | 1 Libvirt | 1 Libvirt | 2010-10-29 | 2.1 LOW | N/A |
| Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. | |||||
| CVE-2010-2237 | 1 Libvirt | 1 Libvirt | 2010-10-29 | 4.4 MEDIUM | N/A |
| Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | |||||
| CVE-2010-2239 | 1 Libvirt | 1 Libvirt | 2010-10-29 | 4.4 MEDIUM | N/A |
| Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors. | |||||
| CVE-2010-2238 | 1 Libvirt | 1 Libvirt | 2010-10-29 | 4.4 MEDIUM | N/A |
| Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | |||||
| CVE-2010-2584 | 1 Realpage | 1 Module Activex Controls | 2010-10-27 | 5.0 MEDIUM | N/A |
| The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property. | |||||
| CVE-2010-3713 | 1 Usebb | 1 Usebb | 2010-10-27 | 4.3 MEDIUM | N/A |
| rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed. | |||||
| CVE-2010-3717 | 1 Typo3 | 1 Typo3 | 2010-10-26 | 5.0 MEDIUM | N/A |
| The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710. | |||||
| CVE-2009-5012 | 1 G.rodola | 1 Pyftpdlib | 2010-10-19 | 4.0 MEDIUM | N/A |
| ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session. | |||||
| CVE-2007-6740 | 1 G.rodola | 1 Pyftpdlib | 2010-10-19 | 4.0 MEDIUM | N/A |
| The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command. | |||||
| CVE-2007-6741 | 1 G.rodola | 1 Pyftpdlib | 2010-10-19 | 6.5 MEDIUM | N/A |
| The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017. | |||||
| CVE-2010-3934 | 1 Rim | 2 Blackberry 9700, Blackberry Device Software | 2010-10-14 | 6.8 MEDIUM | N/A |
| The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-5008 | 1 Cisco | 1 Secure Desktop | 2010-10-13 | 2.1 LOW | N/A |
| Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file. | |||||
| CVE-2010-3887 | 1 Apple | 2 Mac Os X, Mail | 2010-10-11 | 4.3 MEDIUM | N/A |
| The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses. | |||||
| CVE-2009-4331 | 1 Ibm | 1 Db2 | 2010-10-06 | 7.2 HIGH | N/A |
| The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors. | |||||
| CVE-2010-3277 | 1 Vmware | 2 Player, Workstation | 2010-09-28 | 2.1 LOW | N/A |
| The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file. | |||||
| CVE-2010-3483 | 1 Bouzouste | 1 Primitive Cms | 2010-09-22 | 7.5 HIGH | N/A |
| cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters. | |||||
| CVE-2010-3092 | 1 Drupal | 1 Drupal | 2010-09-21 | 5.5 MEDIUM | N/A |
| The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name. | |||||
| CVE-2010-3093 | 1 Drupal | 1 Drupal | 2010-09-21 | 3.5 LOW | N/A |
| The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue. | |||||
| CVE-2006-7242 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.0 MEDIUM | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2006-7241 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.0 MEDIUM | N/A |
| The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | |||||