Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2158 | 2 Drupal, Speedtech | 2 Drupal, Storm | 2010-06-07 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-2052 | 2010-06-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2155. Reason: This candidate is a duplicate of CVE-2010-2155. Notes: All CVE users should reference CVE-2010-2155 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-4769 | 1 Jasper | 1 Httpdx | 2010-06-06 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component. | |||||
| CVE-2009-4770 | 1 Jasper | 1 Httpdx | 2010-06-06 | 7.5 HIGH | N/A |
| The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access. | |||||
| CVE-2009-4776 | 1 Hitachi | 25 Cosminexus\/opentp1 Web Web Front-endset, Cosminexus Application Server, Cosminexus Client and 22 more | 2010-06-06 | 9.3 HIGH | N/A |
| Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794. | |||||
| CVE-2010-1160 | 1 Gnu | 1 Nano | 2010-06-06 | 1.9 LOW | N/A |
| GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim. | |||||
| CVE-2010-1161 | 1 Gnu | 1 Nano | 2010-06-06 | 3.7 LOW | N/A |
| Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. | |||||
| CVE-2010-1273 | 1 Emweb | 1 Wt | 2010-06-06 | 9.3 HIGH | N/A |
| Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors. | |||||
| CVE-2009-4824 | 1 Kolab | 1 Kolab Server | 2010-06-04 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form." | |||||
| CVE-2010-2144 | 1 Zeeways | 1 Ebay Clone Auction Script | 2010-06-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2146 | 1 Graviton-mediatech | 1 Visitor Logger | 2010-06-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter. | |||||
| CVE-2010-2150 | 1 Fujitsu | 1 E-pares | 2010-06-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-2151 | 1 Fujitsu | 1 E-pares | 2010-06-03 | 2.6 LOW | N/A |
| Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors. | |||||
| CVE-2010-2153 | 1 Tecnick | 1 Tcexam | 2010-06-03 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/. | |||||
| CVE-2010-0745 | 1 Dovecot | 1 Dovecot | 2010-06-02 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message. | |||||
| CVE-2010-0793 | 1 Barnowl | 1 Barnowl | 2010-06-02 | 7.5 HIGH | N/A |
| Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header. | |||||
| CVE-2008-7255 | 1 Amsn | 1 Amsn | 2010-06-02 | 4.6 MEDIUM | N/A |
| login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation. | |||||
| CVE-2009-4784 | 2 Joaktree, Joomla | 2 Com Joaktree, Joomla\! | 2010-06-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php. | |||||
| CVE-2009-4785 | 2 Bhavesh Chauhan, Joomla | 2 Com Quicknews, Joomla\! | 2010-06-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php. | |||||
| CVE-2009-4788 | 1 Pligg | 1 Pligg Cms | 2010-06-02 | 4.3 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php. | |||||