Vulnerabilities > Configuration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-06-15 | CVE-2010-2276 | Configuration vulnerability in Dojotoolkit Dojo The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component. | 10.0 |
| 2010-05-12 | CVE-2010-1913 | Configuration vulnerability in Consona products The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server. | 9.3 |
| 2010-03-30 | CVE-2010-0058 | Configuration vulnerability in Apple mac OS X and mac OS X Server freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system. | 6.4 |
| 2010-03-15 | CVE-2010-0044 | Configuration vulnerability in Apple Safari PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. | 4.3 |
| 2010-02-26 | CVE-2010-0717 | Configuration vulnerability in Moinmo Moinmoin The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors. | 7.5 |
| 2010-02-05 | CVE-2010-0559 | Configuration vulnerability in SUN Opensolaris The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain. | 7.5 |
| 2010-02-05 | CVE-2010-0558 | Configuration vulnerability in SUN Opensolaris The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain. | 7.5 |
| 2010-02-04 | CVE-2009-2750 | Configuration vulnerability in IBM Websphere Service Registry and Repository 6.3.0/6.3.0.1 IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query. | 5.5 |
| 2010-01-25 | CVE-2010-0386 | Configuration vulnerability in SUN Java System Application Server 7.0 The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. | 4.3 |
| 2010-01-25 | CVE-2008-7253 | Configuration vulnerability in IBM Lotus Domino Server The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. | 4.3 |