Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-02-03 | CVE-2009-3387 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances. | 5.0 |
| 2010-02-03 | CVE-2010-0453 | Improper Input Validation vulnerability in SUN Opensolaris and Solaris The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision. | 4.9 |
| 2010-02-03 | CVE-2010-0308 | Improper Input Validation vulnerability in Squid-Cache Squid lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. | 4.0 |
| 2010-02-03 | CVE-2010-0304 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function. | 7.5 |
| 2010-02-03 | CVE-2010-0185 | Permissions, Privileges, and Access Controls vulnerability in Adobe Coldfusion 9.0 The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL. | 5.0 |
| 2010-02-03 | CVE-2009-4184 | Privilege Escalation vulnerability in HP Enterprise Cluster Master Toolkit B.05.00 Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (11i v2) and HP-UX B.11.31 (11i v3) allows local users to gain access to an Oracle or Sybase database via unknown vectors. | 6.2 |
| 2010-02-02 | CVE-2010-0472 | Remote Denial of Service vulnerability in IBM DB2 9.7.0.1 kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence. | 5.0 |
| 2010-02-02 | CVE-2010-0471 | SQL Injection vulnerability in Enanocms SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | 7.5 |
| 2010-02-02 | CVE-2010-0470 | Cross-Site Scripting vulnerability in Comtrend Ct-507It Adsl Router Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend CT-507IT ADSL Router allows remote attackers to inject arbitrary web script or HTML via the srvName parameter. | 4.3 |
| 2010-02-02 | CVE-2010-0469 | SQL Injection vulnerability in Files2Links F2L 3000 Appliance 4.0.0 SQL injection vulnerability in Files2Links F2L 3000 appliance 4.0.0, and possibly other versions and models, allows remote attackers to execute arbitrary SQL commands via unspecified parameters to the login page. | 7.5 |