Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-02-02 | CVE-2010-0468 | Cross-Site Scripting vulnerability in Paperthin Commonspot Content Server Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 4.3 |
2010-02-02 | CVE-2010-0467 | Path Traversal vulnerability in Chillcreations COM Ccnewsletter 1.0.5 Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. | 5.8 |
2010-02-02 | CVE-2009-4013 | Path Traversal vulnerability in multiple products Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems. | 9.8 |
2010-02-02 | CVE-2009-3035 | Credentials Management vulnerability in Symantec Altiris Notification Server 6.0 The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials. | 4.3 |
2010-01-29 | CVE-2010-0464 | Information Exposure vulnerability in Roundcube Webmail Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. | 5.0 |
2010-01-29 | CVE-2010-0463 | Information Exposure vulnerability in Horde IMP Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. | 5.0 |
2010-01-29 | CVE-2010-0005 | Permissions, Privileges, and Access Controls vulnerability in Viewvc query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query. | 7.5 |
2010-01-29 | CVE-2009-4630 | Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. | 5.0 |
2010-01-29 | CVE-2009-4629 | Information Exposure vulnerability in Mozilla Seamonkey and Thunderbird Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird. | 5.0 |
2010-01-29 | CVE-2009-2624 | Improper Input Validation vulnerability in GNU Gzip The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. | 6.8 |