Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-0976 | 1 Acidcat | 1 Acidcat Cms | 2024-08-07 | N/A |
Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory." | ||||
CVE-2010-0984 | 1 Acidcat | 1 Acidcat Cms | 2024-08-07 | N/A |
Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb. | ||||
CVE-2010-0962 | 1 Apple | 3 Airport Express, Airport Extreme, Time Capsule | 2024-08-07 | N/A |
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command. | ||||
CVE-2010-0939 | 1 Visialis | 1 Abb Forum | 2024-08-07 | N/A |
Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb. | ||||
CVE-2010-0825 | 1 Gnu | 1 Emacs | 2024-08-07 | N/A |
lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks. | ||||
CVE-2010-0812 | 1 Microsoft | 5 Windows 2003 Server, Windows Server 2003, Windows Server 2008 and 2 more | 2024-08-07 | N/A |
Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability." | ||||
CVE-2010-0765 | 1 Fipsasp | 1 Fipsforum | 2024-08-07 | N/A |
fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for _database/forumFips.mdb. | ||||
CVE-2010-0774 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
CVE-2010-0791 | 1 Ncpfs | 1 Ncpfs | 2024-08-07 | N/A |
The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. | ||||
CVE-2010-0734 | 2 Curl, Redhat | 2 Libcurl, Enterprise Linux | 2024-08-07 | N/A |
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. | ||||
CVE-2010-0752 | 2 Drupal, Earl Dunovant | 2 Drupal, Week | 2024-08-07 | N/A |
The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors. | ||||
CVE-2010-0729 | 1 Redhat | 1 Enterprise Linux | 2024-08-07 | N/A |
A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call. | ||||
CVE-2010-0728 | 1 Samba | 1 Samba | 2024-08-07 | N/A |
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client. | ||||
CVE-2010-0661 | 2 Apple, Google | 2 Webkit, Chrome | 2024-08-07 | N/A |
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method. | ||||
CVE-2010-0650 | 3 Apple, Canonical, Google | 3 Safari, Ubuntu Linux, Chrome | 2024-08-07 | N/A |
WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. | ||||
CVE-2010-0682 | 1 Wordpress | 1 Wordpress | 2024-08-07 | N/A |
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. | ||||
CVE-2010-0674 | 1 2enetworx | 1 Statcountex | 2024-08-07 | N/A |
StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb. | ||||
CVE-2010-0681 | 1 Zeuscms | 1 Zeuscms | 2024-08-07 | N/A |
ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql. | ||||
CVE-2010-0665 | 1 Xs4all | 1 Jag | 2024-08-07 | N/A |
JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql. | ||||
CVE-2010-0542 | 2 Apple, Redhat | 2 Cups, Enterprise Linux | 2024-08-07 | N/A |
The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file. |