Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0537 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 2.6 LOW | N/A |
| DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. | |||||
| CVE-2010-1216 | 1 Notsopureedit | 1 Notsopureedit | 2010-06-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1375 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 7.2 HIGH | N/A |
| NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2010-1376 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL. | |||||
| CVE-2010-1377 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 9.3 HIGH | N/A |
| Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors. | |||||
| CVE-2010-1379 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 5.0 MEDIUM | N/A |
| Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name. | |||||
| CVE-2010-1380 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 7.5 HIGH | N/A |
| Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes. | |||||
| CVE-2010-1381 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 3.5 LOW | N/A |
| The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926. | |||||
| CVE-2010-1382 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field. | |||||
| CVE-2010-1514 | 1 Tomatocms | 1 Tomatocms | 2010-06-17 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2010-1515 | 1 Tomatocms | 1 Tomatocms | 2010-06-17 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO. | |||||
| CVE-2010-1937 | 1 Standards Based Linux Instrumentation | 1 Sblim-sfcb | 2010-06-17 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB before 1.3.8 might allow remote attackers to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug #3001896. | |||||
| CVE-2010-2267 | 1 Accoria | 1 Rock Web Server | 2010-06-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi. | |||||
| CVE-2010-2314 | 2 Edmondhui.homeip, Nucleus Group | 2 Np Twitter, Nucleus Cms | 2010-06-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2316 | 1 Wmsdesign | 1 Wmscms | 2010-06-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, different vectors than CVE-2007-3137. | |||||
| CVE-2010-2317 | 1 Wmsdesign | 1 Wmscms | 2010-06-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp. | |||||
| CVE-2010-2318 | 1 Phpcityportal | 1 Phpcityportal | 2010-06-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cms_data.php in PHPCityPortal 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2010-2319 | 1 Idevspot | 1 Textads | 2010-06-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2010-0543 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 6.8 MEDIUM | N/A |
| ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding. | |||||
| CVE-2010-0545 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 4.4 MEDIUM | N/A |
| The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations. | |||||