Vulnerabilities > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-10-05 | CVE-2010-3732 | Improper Input Validation vulnerability in IBM DB2 9.5 The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers. | 3.5 |
2010-10-05 | CVE-2010-2535 | Cross-Site Scripting vulnerability in Joomla Joomla! Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. | 3.5 |
2010-09-29 | CVE-2010-3684 | Credentials Management vulnerability in Synology DSM The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. | 2.1 |
2010-09-28 | CVE-2010-3277 | Permissions, Privileges, and Access Controls vulnerability in VMWare Player and Workstation The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file. | 2.1 |
2010-09-21 | CVE-2010-3094 | Cross-Site Scripting vulnerability in Drupal Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module. | 2.1 |
2010-09-21 | CVE-2010-3093 | Permissions, Privileges, and Access Controls vulnerability in Drupal The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue. | 3.5 |
2010-09-20 | CVE-2009-4998 | Permissions, Privileges, and Access Controls vulnerability in IBM Filenet P8 Application Engine 3.5.1/4.0.2 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | 2.6 |
2010-09-20 | CVE-2008-7261 | Credentials Management vulnerability in IBM Filenet P8 Application Engine 3.5.1 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file. | 2.1 |
2010-09-20 | CVE-2010-2080 | Cross-Site Scripting vulnerability in Otrs Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2010-09-17 | CVE-2010-3074 | Cryptographic Issues vulnerability in Arg0 Encfs SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack. | 2.1 |