Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-5000 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages. | |||||
| CVE-2009-5001 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.0 MEDIUM | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | |||||
| CVE-2009-5002 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 6.4 MEDIUM | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection. | |||||
| CVE-2010-2149 | 1 Fujitsu | 1 E-pares | 2010-09-20 | 4.0 MEDIUM | N/A |
| Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2010-3470 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3471 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2010-3472 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3473 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-20 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2010-3075 | 1 Arg0 | 1 Encfs | 2010-09-19 | 5.0 MEDIUM | N/A |
| EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte. | |||||
| CVE-2010-3462 | 1 Mollify | 1 Mollify | 2010-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in backend/plugin/Registration/index.php in Mollify 1.6, 1.6.5.5, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the confirm parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3403 | 1 Qualcomm | 1 Extensible Diagnostic Monitor | 2010-09-16 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic Monitor (QXDM) 03.09.19 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .isf file. | |||||
| CVE-2010-3422 | 2 Joomla, Solventus | 2 Joomla\!, Com Jgen | 2010-09-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | |||||
| CVE-2010-3427 | 1 Open-classifieds | 1 Open Classifieds | 2010-09-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Classifieds 1.7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) desc, (2) price, (3) title, and (4) place parameters to index.php and the (5) subject parameter to contact.htm, related to content/contact.php. | |||||
| CVE-2010-3428 | 1 Intermesh | 1 Group-office | 2010-09-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action. | |||||
| CVE-2010-3398 | 1 Ibm | 1 Lotus Sametime | 2010-09-15 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W. | |||||
| CVE-2007-0822 | 1 Linux | 1 Linux Kernel | 2010-09-14 | 1.9 LOW | N/A |
| umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents. | |||||
| CVE-2007-0460 | 1 Suse | 1 Suse Linux | 2010-09-14 | 10.0 HIGH | N/A |
| Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations." | |||||
| CVE-2006-5874 | 1 Clam Anti-virus | 1 Clamav | 2010-09-14 | 5.0 MEDIUM | N/A |
| Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference. | |||||
| CVE-2006-3018 | 1 Php Group | 1 Php | 2010-09-14 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption. | |||||
| CVE-2010-2799 | 1 Dest-unreach | 1 Socat | 2010-09-14 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments. | |||||