Vulnerabilities > Microsoft > Windows > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-07-15 | CVE-2010-1971 | Cross-Site Request Forgery (CSRF) vulnerability in HP Insight Software Installer 3.00/3.10 Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968. | 6.8 |
| 2010-07-15 | CVE-2010-1970 | Unspecified vulnerability in HP Insight Software Installer 3.00/3.10 Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors. | 4.6 |
| 2010-07-15 | CVE-2010-1968 | Cross-Site Request Forgery (CSRF) vulnerability in HP Insight Software Installer 3.00/3.10 Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971. | 6.8 |
| 2010-07-15 | CVE-2010-1966 | Unspecified vulnerability in HP Insight Control 3.00/3.10 Unspecified vulnerability in HP Insight Control power management for Windows before 6.1 allows local users to read or modify data, or cause a denial of service, via unknown vectors. | 4.6 |
| 2010-07-08 | CVE-2010-2665 | Cross-Site Scripting vulnerability in Opera Browser Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site." | 4.3 |
| 2010-07-08 | CVE-2010-2661 | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. | 4.3 |
| 2010-07-08 | CVE-2010-2660 | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. | 4.3 |
| 2010-07-08 | CVE-2010-2659 | Information Exposure vulnerability in Opera Browser Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site. | 4.3 |
| 2010-06-24 | CVE-2010-2428 | Cross-Site Scripting vulnerability in Wftpserver Wing FTP Server Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request. | 4.3 |
| 2010-05-27 | CVE-2010-2090 | Improper Input Validation vulnerability in IBM Communications Server 6.1.3/6.3.1.0 The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small. | 5.0 |