Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-1225 | 1 Microsoft | 3 Virtual Pc, Virtual Server, Windows Virtual Pc | 2024-08-07 | N/A |
The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS." | ||||
CVE-2010-1190 | 1 Mediawiki | 1 Mediawiki | 2024-08-07 | N/A |
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations. | ||||
CVE-2010-1207 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2024-08-07 | N/A |
Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion. | ||||
CVE-2010-1206 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2024-08-07 | N/A |
The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. | ||||
CVE-2010-1172 | 2 Freedesktop, Redhat | 2 Dbus-glib, Enterprise Linux | 2024-08-07 | N/A |
DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services. | ||||
CVE-2010-1170 | 2 Postgresql, Redhat | 2 Postgresql, Enterprise Linux | 2024-08-07 | N/A |
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. | ||||
CVE-2010-1099 | 1 Apple | 1 Safari | 2024-08-07 | N/A |
Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. | ||||
CVE-2010-1141 | 2 Microsoft, Vmware | 8 Windows, Ace, Esx and 5 more | 2024-08-07 | N/A |
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share. | ||||
CVE-2010-1116 | 1 Aspindir | 1 Lookmer Muzik Portal | 2024-08-07 | N/A |
LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb. | ||||
CVE-2010-1140 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2024-08-07 | N/A |
The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk. | ||||
CVE-2010-1142 | 2 Microsoft, Vmware | 8 Windows, Ace, Esx and 5 more | 2024-08-07 | N/A |
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk. | ||||
CVE-2010-1136 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-08-07 | N/A |
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php. | ||||
CVE-2010-1146 | 1 Linux | 1 Linux Kernel | 2024-08-07 | N/A |
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/. | ||||
CVE-2010-1064 | 1 Aspindir | 1 Erolife Ajxgaleri Vt | 2024-08-07 | N/A |
Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb. | ||||
CVE-2010-1066 | 1 The-ghost | 1 Ar Web Content Manager | 2024-08-07 | N/A |
AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php. | ||||
CVE-2010-1067 | 1 Hasmir Alic | 1 E-membres | 2024-08-07 | N/A |
E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb. | ||||
CVE-2010-1065 | 1 Lebisoft | 1 Ziyaretci Defteri | 2024-08-07 | N/A |
Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb. | ||||
CVE-2010-0978 | 1 Kmsoft | 1 Guestbook | 2024-08-07 | N/A |
KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. | ||||
CVE-2010-0965 | 1 Jevci.net | 1 Jevci Siparis Formu Scripti | 2024-08-07 | N/A |
Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb. | ||||
CVE-2010-0977 | 1 Pordus | 1 Pd Portal | 2024-08-07 | N/A |
PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. |