Search Results (121206 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1746 2 Joomla, Toolsjx 2 Joomla\!, Com Grid 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php.
CVE-2010-1750 2 Apple, Microsoft 4 Safari, Windows 7, Windows Vista and 1 more 2025-04-11 N/A
Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.
CVE-2010-1751 1 Apple 2 Iphone Os, Ipod Touch 2025-04-11 N/A
Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.
CVE-2010-1752 1 Apple 2 Iphone Os, Ipod Touch 2025-04-11 N/A
Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.
CVE-2010-2054 1 Standards Based Linux Instrumentation 1 Sblim-sfcb 2025-04-11 N/A
Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information.
CVE-2010-1190 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.
CVE-2010-0270 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-11 N/A
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
CVE-2010-1757 1 Apple 2 Iphone Os, Ipod Touch 2025-04-11 N/A
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.
CVE-2010-1195 1 Ikiwiki 1 Ikiwiki 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.
CVE-2010-0284 2 Microsoft, Novell 2 Windows, Access Manager 2025-04-11 N/A
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.
CVE-2010-1758 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects.
CVE-2010-1760 1 Apple 1 Webkit 2025-04-11 N/A
loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.
CVE-2010-2057 1 Apache 1 Myfaces 2025-04-11 N/A
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
CVE-2010-0294 1 Tuxfamily 1 Chrony 2025-04-11 N/A
chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets.
CVE-2010-2461 1 Jce-tech 1 Overstock Script 2025-04-11 N/A
SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter.
CVE-2010-0295 1 Lighttpd 1 Lighttpd 2025-04-11 N/A
lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
CVE-2010-1204 1 Mozilla 1 Bugzilla 2025-04-11 N/A
Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search."
CVE-2010-1762 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.
CVE-2010-2060 1 Wildbit 1 Beanstalkd 2025-04-11 N/A
The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c.
CVE-2010-1206 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2025-04-11 N/A
The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call.