Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1535 | 2 Joomla, Peter Hocherl | 2 Joomla\!, Com Travelbook | 2010-05-23 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1540 | 2 Joomla, Myblog | 2 Joomla\!, Com Myblog | 2010-05-23 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2009 | 1 Bsplayer | 1 Bs.player | 2010-05-23 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the media library in BS.Global BS.Player 2.51 build 1022, 2.41 build 1003, and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long ID3 tag in a .MP3 file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2011 | 1 Microsoft | 1 Dynamics Gp | 2010-05-23 | 4.0 MEDIUM | N/A |
| Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents. | |||||
| CVE-2010-1192 | 1 Stafford.uklinux | 1 Libesmtp | 2010-05-21 | 6.8 MEDIUM | N/A |
| libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2010-1194 | 1 Stafford.uklinux | 1 Libesmtp | 2010-05-21 | 6.8 MEDIUM | N/A |
| The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName. | |||||
| CVE-2010-1557 | 1 Hp | 1 Insight Control Server Migration For Windows | 2010-05-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1561 | 1 Cisco | 1 Pgw 2200 Softswitch | 2010-05-20 | 7.8 HIGH | N/A |
| The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a long message, aka Bug ID CSCsk44115. | |||||
| CVE-2010-1562 | 1 Cisco | 1 Pgw 2200 Softswitch | 2010-05-20 | 7.8 HIGH | N/A |
| The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed Contact header, aka Bug ID CSCsj98521. | |||||
| CVE-2010-1563 | 1 Cisco | 1 Pgw 2200 Softswitch | 2010-05-20 | 7.8 HIGH | N/A |
| The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588. | |||||
| CVE-2010-1565 | 1 Cisco | 1 Pgw 2200 Softswitch | 2010-05-20 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (TCP socket exhaustion) via unknown vectors, aka Bug ID CSCsk13561. | |||||
| CVE-2010-1567 | 1 Cisco | 1 Pgw 2200 Softswitch | 2010-05-20 | 7.8 HIGH | N/A |
| The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590. | |||||
| CVE-2010-0512 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-05-20 | 9.3 HIGH | N/A |
| The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials. | |||||
| CVE-2010-0524 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-05-20 | 7.5 HIGH | N/A |
| The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message. | |||||
| CVE-2010-0601 | 1 Cisco | 1 Pgw 2200 Softswitch | 2010-05-20 | 7.8 HIGH | N/A |
| The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl39126. | |||||
| CVE-2010-0602 | 1 Cisco | 1 Pgw 2200 Softswitch | 2010-05-20 | 7.8 HIGH | N/A |
| The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsk32606. | |||||
| CVE-2010-0604 | 1 Cisco | 1 Pgw 2200 Softswitch | 2010-05-20 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via unknown SIP traffic, as demonstrated by "SIP testing," aka Bug ID CSCsk38165. | |||||
| CVE-2009-4842 | 1 Toutvirtual | 1 Virtualiq | 2010-05-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) addNewDept, (2) deptId, or (3) deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the (4) firstName, (5) lastName, or (6) email parameter in a save action to tvserver/user/user.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1977 | 2 Gohigheris, Joomla | 2 Com Jwhmcs, Joomla\! | 2010-05-20 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1999 | 1 Openmairie | 1 Opencatalogue | 2010-05-20 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | |||||