Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2010-04-28 CVE-2010-0738 Unspecified vulnerability in Redhat Jboss Enterprise Application Platform 4.2.0/4.3.0
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
network
low complexity
redhat
5.3
2010-04-07 CVE-2010-0629 Use After Free vulnerability in multiple products
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
network
low complexity
mit fedoraproject opensuse suse canonical CWE-416
6.5
2010-02-15 CVE-2009-3960 Unspecified vulnerability in Adobe products
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
network
low complexity
adobe
6.5
2010-02-02 CVE-2010-0467 Path Traversal vulnerability in Chillcreations COM Ccnewsletter 1.0.5
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a ..
network
low complexity
chillcreations CWE-22
5.8
2009-12-29 CVE-2009-4449 Path Traversal vulnerability in Mybboard Mybb 1.4.10
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.
network
low complexity
mybboard CWE-22
6.5
2009-11-24 CVE-2009-3897 Incorrect Permission Assignment for Critical Resource vulnerability in Dovecot
Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
local
low complexity
dovecot CWE-732
5.5
2009-11-23 CVE-2009-4053 Path Traversal vulnerability in Home FTP Server Project Home FTP Server 1.10.1.139
Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request.
network
low complexity
home-ftp-server-project CWE-22
6.5
2009-10-22 CVE-2009-3621 Resource Exhaustion vulnerability in multiple products
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.
5.5
2009-09-21 CVE-2009-3278 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qnap Ts-239 PRO Firmware and Ts-639 PRO Firmware
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack.
local
low complexity
qnap CWE-338
5.5
2009-09-18 CVE-2009-3238 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."
local
low complexity
linux canonical opensuse suse CWE-338
5.5