Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3027 | 1 Tycoon | 1 Baseball Script | 2010-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0.9 allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a game_player action. | |||||
| CVE-2010-2577 | 1 Pligg | 1 Pligg Cms | 2010-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to (1) storyrss.php or (2) story.php. | |||||
| CVE-2010-3013 | 1 Pligg | 1 Pligg Cms | 2010-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577. | |||||
| CVE-2010-2991 | 1 Citrix | 1 Online Plug-in For Windows For Xenapp \& Xendesktop | 2010-08-12 | 9.3 HIGH | N/A |
| The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. | |||||
| CVE-2009-4902 | 1 Muscle | 1 Pcsc-lite | 2010-08-12 | 6.8 MEDIUM | N/A |
| Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407. | |||||
| CVE-2009-0758 | 1 Avahi | 1 Avahi-daemon | 2010-08-12 | 7.8 HIGH | N/A |
| The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm. | |||||
| CVE-2010-2988 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2010-08-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333. | |||||
| CVE-2010-2987 | 1 Cisco | 2 Unified Wireless Network Solution Software, Wireless Control System Software | 2010-08-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854. | |||||
| CVE-2010-2977 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2010-08-10 | 10.0 HIGH | N/A |
| Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611. | |||||
| CVE-2010-2978 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2010-08-10 | 10.0 HIGH | N/A |
| Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660. | |||||
| CVE-2010-2976 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2010-08-10 | 10.0 HIGH | N/A |
| The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access. | |||||
| CVE-2010-0834 | 2 Dell, Ubuntu | 2 Latitude 2110 Netbook, Ubuntu Linux | 2010-08-10 | 9.3 HIGH | N/A |
| The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. | |||||
| CVE-2010-2474 | 1 Redhat | 2 Jboss Enterprise Service Bus, Jboss Enterprise Soa Platform | 2010-08-10 | 3.5 LOW | N/A |
| JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service. | |||||
| CVE-2010-2493 | 1 Redhat | 1 Jboss Enterprise Soa Platform | 2010-08-10 | 5.0 MEDIUM | N/A |
| The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) the jbpm-console application, (7) the contract application, and (8) the uddi-console application in JBoss Enterprise SOA Platform before 5.0.2 contains GET and POST http-method elements, which allows remote attackers to bypass intended access restrictions via a crafted HTTP request. | |||||
| CVE-2010-2985 | 1 Ibm | 1 Websphere Service Registry And Repository | 2010-08-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do. | |||||
| CVE-2010-2979 | 1 Cisco | 2 5508 Wireless Controller, Unified Wireless Network Solution Software | 2010-08-10 | 7.8 HIGH | N/A |
| Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508. | |||||
| CVE-2010-2980 | 1 Cisco | 2 5508 Wireless Controller, Unified Wireless Network Solution Software | 2010-08-10 | 7.8 HIGH | N/A |
| Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794. | |||||
| CVE-2010-2981 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2010-08-10 | 7.1 HIGH | N/A |
| Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370. | |||||
| CVE-2010-2982 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2010-08-10 | 7.1 HIGH | N/A |
| Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037. | |||||
| CVE-2010-2983 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2010-08-10 | 7.8 HIGH | N/A |
| The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an "EAPoL logoff attack," aka Bug ID CSCte43374. | |||||