Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0216 | 1 Inventivetec | 1 Mediacast | 2017-08-16 | 5.0 MEDIUM | N/A |
| authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows remote attackers to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter. | |||||
| CVE-2010-0271 | 1 Sun | 1 Opensolaris | 2017-08-16 | 4.6 MEDIUM | N/A |
| hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspecified attempts to write to the auditing log, which makes it easier for physically proximate attackers to avoid detection of changes to the set of connected hardware devices supporting the Hardware Abstraction Layer (HAL) specification. | |||||
| CVE-2010-0272 | 1 Sun | 1 Java System Web Server | 2017-08-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2010-0274 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2017-08-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, aka SPR LSHR7TBLY5. | |||||
| CVE-2010-0275 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2017-08-16 | 10.0 HIGH | N/A |
| Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58. | |||||
| CVE-2010-0276 | 1 Ibm | 3 Domino Web Access, Lotus Domino, Lotus Inotes | 2017-08-16 | 10.0 HIGH | N/A |
| IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU. | |||||
| CVE-2010-0279 | 1 Bts-gi.net | 1 Read Excel | 2017-08-16 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in BTS-GI Read excel 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0284 | 2 Microsoft, Novell | 2 Windows, Access Manager | 2017-08-16 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678. | |||||
| CVE-2010-0285 | 1 Gnome | 1 Screensaver | 2017-08-16 | 5.6 MEDIUM | N/A |
| gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor. | |||||
| CVE-2010-0286 | 1 Typo3 | 1 Typo3 | 2017-08-16 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication. | |||||
| CVE-2010-0295 | 1 Lighttpd | 1 Lighttpd | 2017-08-16 | 5.0 MEDIUM | N/A |
| lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate. | |||||
| CVE-2010-0301 | 1 Maildrop | 1 Maildrop | 2017-08-16 | 6.9 MEDIUM | N/A |
| main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file. | |||||
| CVE-2010-0303 | 1 Dinko Korunic | 1 Hybserv2 | 2017-08-16 | 5.0 MEDIUM | N/A |
| mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 through 1.9.4 allows remote attackers to cause a denial of service (daemon crash) via a ":help \t" private message to the MemoServ service. | |||||
| CVE-2010-0305 | 1 Process-one | 1 Ejabberd | 2017-08-16 | 5.0 MEDIUM | N/A |
| ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload. | |||||
| CVE-2010-0311 | 2 Ibm, Sun | 4 Tivoli Access Manager For E-business, Java System Access Manager, Java System Identity Server and 1 more | 2017-08-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors. | |||||
| CVE-2010-0313 | 1 Sun | 1 Java System Directory Server | 2017-08-16 | 5.0 MEDIUM | N/A |
| The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message. | |||||
| CVE-2010-0319 | 1 Docmint | 1 Docmint | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 and 2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0320 | 1 X10media | 1 Glitter Central Script | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter Central Script allows remote attackers to inject arbitrary web script or HTML via the catid parameter. | |||||
| CVE-2010-0321 | 1 Jamit | 1 Jamit Job Board | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter. | |||||
| CVE-2010-0356 | 1 Viscomsoft | 1 Movie Player Pro Sdk Activex | 2017-08-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. | |||||