Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4057 | 1 Ibm | 1 Soliddb | 2017-08-16 | 5.0 MEDIUM | N/A |
| solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access and daemon crash) via a TCP session on port 1315. | |||||
| CVE-2010-4098 | 1 Monotone | 1 Monotone | 2017-08-16 | 5.0 MEDIUM | N/A |
| monotone before 0.48.1, when configured to allow remote commands, allows remote attackers to cause a denial of service (crash) via an empty argument to the mtn command. | |||||
| CVE-2010-4099 | 1 Nitrosecurity | 2 Nitroview Esm, Nitroview Esm Software | 2017-08-16 | 6.8 MEDIUM | N/A |
| ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess. | |||||
| CVE-2010-4100 | 1 Hp | 1 Insight Control Performance Management | 2017-08-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2010-4103 | 1 Hp | 1 Insight Managed System Setup Wizard | 2017-08-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2010-4106 | 1 Hp | 1 Insight Control For Linux | 2017-08-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2010-4107 | 1 Hp | 8 9000, Color Laserjet Mfp, Laserjet 4100 and 5 more | 2017-08-16 | 7.8 HIGH | N/A |
| The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack. | |||||
| CVE-2010-4120 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/. | |||||
| CVE-2010-4144 | 1 Aspindir | 1 Kisisel Radyo Script | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter. | |||||
| CVE-2010-4146 | 1 Attachmate | 1 Reflection For The Web | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4147 | 1 Avactis | 1 Avactis Shopping Cart | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php. | |||||
| CVE-2010-4148 | 1 Anyconnect | 1 Anyconnect | 2017-08-16 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | |||||
| CVE-2010-4153 | 1 Crossftp | 1 Crossftp Pro | 2017-08-16 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | |||||
| CVE-2010-4154 | 1 Rhinosoft | 1 Ftp Voyager | 2017-08-16 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | |||||
| CVE-2010-4155 | 1 Exv2 | 1 Exv2 | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to (2) modules/news/archive.php, (3) modules/news/topics.php, and (4) modules/contact/index.php, different vectors than CVE-2007-1965. | |||||
| CVE-2010-4175 | 1 Linux | 1 Linux Kernel | 2017-08-16 | 4.9 MEDIUM | N/A |
| Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865. | |||||
| CVE-2010-4181 | 1 Yaws | 1 Yaws | 2017-08-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences. | |||||
| CVE-2010-4184 | 1 Netsupportsoftware | 1 Netsupport Manager | 2017-08-16 | 5.0 MEDIUM | N/A |
| NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network. | |||||
| CVE-2010-4186 | 1 Onlinetechtools.com | 1 Oasys Professional | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4211 | 2 Apple, Ebay | 2 Iphone Os, Paypal | 2017-08-16 | 2.9 LOW | N/A |
| The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | |||||