Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-02-25 | CVE-2010-0704 | Cross-Site Scripting vulnerability in IBM Websphere Portal 6.0.1.5 Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field. | 4.3 |
| 2010-02-25 | CVE-2010-0620 | Path Traversal vulnerability in EMC Homebase Server 6.2/6.3 Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. | 9.3 |
| 2010-02-25 | CVE-2010-0119 | Information Exposure vulnerability in Becauseinter Bournal Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing." | 2.1 |
| 2010-02-25 | CVE-2010-0118 | Link Following vulnerability in Becauseinter Bournal Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check. | 3.3 |
| 2010-02-24 | CVE-2010-0640 | Cross-Site Scripting vulnerability in CA Ehealth Performance Manager 6.0/6.1/6.2 Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request. | 2.6 |
| 2010-02-24 | CVE-2010-0426 | Permissions, Privileges, and Access Controls vulnerability in Todd Miller Sudo sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | 6.9 |
| 2010-02-24 | CVE-2010-0423 | Resource Management Errors vulnerability in Pidgin gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat. | 5.0 |
| 2010-02-24 | CVE-2010-0422 | Unspecified vulnerability in Gnome Screensaver 2.28.0/2.28.1/2.28.2 gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414. | 4.0 |
| 2010-02-24 | CVE-2010-0420 | Improper Input Validation vulnerability in Pidgin libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname. | 4.3 |
| 2010-02-24 | CVE-2010-0285 | Unspecified vulnerability in Gnome Screensaver gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor. | 5.6 |