Vulnerabilities > Microsoft > Windows
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-06-24 | CVE-2010-2428 | Cross-Site Scripting vulnerability in Wftpserver Wing FTP Server Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request. | 4.3 |
2010-06-18 | CVE-2010-0284 | Path Traversal vulnerability in Novell Access Manager 3.1 Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. | 10.0 |
2010-05-27 | CVE-2010-2090 | Improper Input Validation vulnerability in IBM Communications Server 6.1.3/6.3.1.0 The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small. | 5.0 |
2010-05-14 | CVE-2010-1940 | Credentials Management vulnerability in Apple Safari 4.0.5 Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. | 4.3 |
2010-05-14 | CVE-2010-1558 | Local Unauthorized Access vulnerability in HP MFP Digital Sending Software Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital Sending Software before 4.18.3 allows local users to bypass intended restrictions on the MFP "Send to e-mail" feature, and obtain sensitive information, via unknown vectors. | 4.7 |
2010-05-13 | CVE-2010-1939 | Resource Management Errors vulnerability in Apple Safari 4.0.5 Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. | 7.6 |
2010-05-07 | CVE-2010-1549 | Unspecified vulnerability in HP Loadrunner and Performance Center Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2010-05-06 | CVE-2010-1729 | Resource Management Errors vulnerability in Apple Safari and Webkit WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. | 4.3 |
2010-05-06 | CVE-2010-1728 | Resource Management Errors vulnerability in Opera Browser Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. | 9.3 |
2010-04-23 | CVE-2010-1034 | Remote vulnerability in HP System Management Homepage 6.0 Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. | 4.6 |