Weekly Vulnerabilities Reports > October 18 to 24, 2010
Overview
138 new vulnerabilities reported during this period, including 40 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 83 products from 51 vendors including SUN, G Rodola, Mozilla, Google, and Opera. Vulnerabilities are notably categorized as "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", and "Race Condition".
- 104 reported vulnerabilities are remotely exploitables.
- 5 reported vulnerabilities have public exploit available.
- 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 126 reported vulnerabilities are exploitable by an anonymous user.
- SUN has the most reported vulnerabilities, with 27 reported vulnerabilities.
- SUN has the most reported critical vulnerabilities, with 18 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
40 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-10-19 | CVE-2010-3574 | SUN | Remote Networking vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3572 | SUN | Remote Sound vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3571 | SUN | ICC Profile vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3569 | SUN | Unspecified vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3568 | SUN | Remote Java Runtime Environment vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3567 | SUN | Remote 2D vulnerability in SUN JDK and JRE Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3566 | SUN | ICC Profile vulnerability in SUN JDK and JRE Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3565 | SUN | JPEGImageWriter.writeImage vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3563 | SUN | BasicServiceImpl vulnerability in SUN JDK and JRE Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3562 | SUN | Remote 2D vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3559 | SUN | HeadspaceSoundbank.nGetName vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3558 | SUN | Remote Java Web Start vulnerability in SUN JDK and JRE Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3556 | SUN | Remote 2D vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3554 | SUN | Remote CORBA vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3553 | SUN | Remote Swing vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3552 | SUN | Remote New Java Plug-in vulnerability in SUN JDK and JRE Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2010-10-19 | CVE-2010-3748 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors. | 10.0 |
2010-10-18 | CVE-2010-0219 | Apache SAP | Credentials Management vulnerability in multiple products Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. | 10.0 |
2010-10-21 | CVE-2010-4045 | Opera | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context. | 9.3 |
2010-10-21 | CVE-2010-4035 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. | 9.3 | |
2010-10-21 | CVE-2010-4034 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. | 9.3 | |
2010-10-21 | CVE-2010-3183 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. | 9.3 |
2010-10-21 | CVE-2010-3180 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. | 9.3 |
2010-10-21 | CVE-2010-3179 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. | 9.3 |
2010-10-21 | CVE-2010-3176 | Mozilla | Memory-Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2010-10-21 | CVE-2010-3175 | Mozilla | Memory-Corruption vulnerability in Mozilla Firefox and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2010-10-21 | CVE-2010-3174 | Mozilla | Memory-Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2010-10-19 | CVE-2010-3555 | SUN | Remote ActiveX Plug-in vulnerability in SUN JDK and JRE Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 9.3 |
2010-10-19 | CVE-2010-3550 | SUN | Remote Java Web Start vulnerability in SUN JDK and JRE Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 9.3 |
2010-10-19 | CVE-2010-3976 | Adobe Microsoft | DLL Loading Arbitrary Code Execution vulnerability in Adobe Flash Player Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player. | 9.3 |
2010-10-19 | CVE-2010-3975 | Adobe | Unspecified vulnerability in Adobe Flash Player 9.0 Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash. | 9.3 |
2010-10-19 | CVE-2010-3157 | Kmonos | Unspecified vulnerability in Kmonos Xacrett 49 Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explorer. | 9.3 |
2010-10-19 | CVE-2010-3751 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP Multiple heap-based buffer overflows in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 allow remote attackers to execute arbitrary code via a long .smil argument to the (1) tfile, (2) pnmm, or (3) cdda protocol handler. | 9.3 |
2010-10-19 | CVE-2010-3750 | Realnetworks | Improper Input Validation vulnerability in Realnetworks Realplayer and Realplayer SP rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file. | 9.3 |
2010-10-19 | CVE-2010-3749 | Realnetworks | Code Injection vulnerability in Realnetworks Realplayer and Realplayer SP The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection." | 9.3 |
2010-10-19 | CVE-2010-3747 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI. | 9.3 |
2010-10-19 | CVE-2010-2998 | Realnetworks | Improper Input Validation vulnerability in Realnetworks Realplayer and Realplayer SP Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue. | 9.3 |
2010-10-19 | CVE-2010-2578 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted QCP file. | 9.3 |
2010-10-23 | CVE-2010-4053 | IBM | Buffer Errors vulnerability in IBM Informix Dynamic Server 11.10/11.50 Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243. | 9.0 |
2010-10-18 | CVE-2010-3983 | SAP | Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects 3.2 CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. | 9.0 |
9 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-10-18 | CVE-2010-3287 | HP | Unspecified vulnerability in HP products Unspecified vulnerability on HP ProCurve Access Points, Access Controllers, and Mobility Controllers with software 5.1.x through 5.1.9, 5.2.x through 5.2.7, 5.3.x through 5.3.5, and 5.4.x through 5.4.0 allows remote attackers to execute arbitrary code via unknown vectors. | 8.3 |
2010-10-19 | CVE-2010-3570 | SUN | Remote Deployment Toolkit vulnerability in SUN JDK and JRE Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 7.6 |
2010-10-21 | CVE-2010-4042 | Google Opensuse | Improper Input Validation vulnerability in Google Chrome Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements." | 7.5 |
2010-10-21 | CVE-2010-4041 | Google Linux | Multiple Security vulnerability in Google Chrome prior to 7.0.517.41 The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | 7.5 |
2010-10-21 | CVE-2010-4039 | Google Linux | Multiple Security vulnerability in Google Chrome prior to 7.0.517.41 Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors. | 7.5 |
2010-10-21 | CVE-2010-3173 | Mozilla | Cryptographic Issues vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | 7.5 |
2010-10-19 | CVE-2010-3561 | SUN | Remote CORBA vulnerability in SUN JDK and JRE Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 7.5 |
2010-10-19 | CVE-2008-7263 | G Rodola | Improper Authentication vulnerability in G.Rodola Pyftpdlib ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. | 7.5 |
2010-10-19 | CVE-2007-6737 | G Rodola | Improper Authentication vulnerability in G.Rodola Pyftpdlib 0.1 FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack. | 7.5 |
88 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-10-21 | CVE-2010-3182 | Mozilla | Local Privilege Escalation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-21 | CVE-2010-3181 | Mozilla | Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3394 | Texmacs | Unspecified vulnerability in Texmacs 1.0.7.4 The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3393 | Ecmwf | Unspecified vulnerability in Ecmwf Magics++ 2.10.0 magics-config in Magics++ 2.10.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3389 | Linux HA | Unspecified vulnerability in Linux-Ha OCF Resource Agents 1.0.3 The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3386 | Lttng | Unspecified vulnerability in Lttng UST 0.7 usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3385 | Herac | Unspecified vulnerability in Herac Tuxguitar 1.2 TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3384 | Bernhard Wymann | Unspecified vulnerability in Bernhard Wymann Torcs 1.3.1 The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3383 | Teamspeak | Unspecified vulnerability in Teamspeak 2.0.32 The (1) teamspeak and (2) teamspeak-server scripts in TeamSpeak 2.0.32 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3382 | Uoregon | Unspecified vulnerability in Uoregon TAU 2.16.4 tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3381 | Alex Launi | Unspecified vulnerability in Alex Launi Tangerine 0.3.2.2 The (1) tangerine and (2) tangerine-properties scripts in Tangerine 0.3.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3378 | Scilab | Unspecified vulnerability in Scilab 5.2.2 The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scilab 5.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3377 | Salome Platform | Unspecified vulnerability in Salome-Platform Salome 5.1.3 The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) hxx2salome scripts in SALOME 5.1.3 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3376 | Root | Unspecified vulnerability in Root 5.18/00 The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ROOT 5.18/00 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3369 | Debian | Unspecified vulnerability in Debian Mono-Debugger The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, and other versions before 2.8.1, place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3366 | Zeus Physik UNI Bonn | Unspecified vulnerability in Zeus.Physik.Uni-Bonn MN FIT 5.13 Mn_Fit 5.13 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3365 | Mistelix | Unspecified vulnerability in Mistelix 0.31 Mistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3364 | Vips | Unspecified vulnerability in Vips 7.22.2 The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3363 | Roaraudio | Unspecified vulnerability in Roaraudio 0.3 roarify in roaraudio 0.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3362 | Last | Unspecified vulnerability in Last Last.Fm 1.5.4 lastfm 1.5.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3361 | Shrew | Unspecified vulnerability in Shrew VPN Client 2.1.5 The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3360 | Pedro Villavicencio Garrido | Unspecified vulnerability in Pedro Villavicencio Garrido Hipo 0.6.1 Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3358 | Henner Zeller | Unspecified vulnerability in Henner Zeller Henplus 0.9.7 HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3357 | Pedro Castro | Unspecified vulnerability in Pedro Castro Gnome-Subtitles 1.0 gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3355 | Erik Hjortsberg | Unspecified vulnerability in Erik Hjortsberg Ember 0.5.7 Ember 0.5.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3354 | Dropbox | Unspecified vulnerability in Dropbox 0.7.110 dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3353 | More Cowbell | Unspecified vulnerability in More-Cowbell Cowbell 0.2.7.1 Cowbell 0.2.7.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3351 | Nick Copeland | Local Privilege Escalation vulnerability in Bristol 'LD_LIBRARY_PATH' startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3350 | Bareftp | Improper Input Validation vulnerability in Bareftp 0.3.4 bareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-20 | CVE-2010-3349 | Ardour | Unspecified vulnerability in Ardour 2.8.11 Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-10-19 | CVE-2010-3158 | Lhaplus | Unspecified vulnerability in Lhaplus Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | 6.9 |
2010-10-18 | CVE-2010-2369 | Susie RO | Unspecified vulnerability in Susie RO Lhasa Untrusted search path vulnerability in Lhasa 0.19 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory. | 6.9 |
2010-10-18 | CVE-2010-2368 | Lhaplus | Unspecified vulnerability in Lhaplus Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 6.9 |
2010-10-23 | CVE-2010-3288 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP Systems Insight Manager Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2010-10-21 | CVE-2010-4040 | Google Debian Opensuse | Improper Input Validation vulnerability in Google Chrome Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image. | 6.8 |
2010-10-21 | CVE-2010-4036 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors. | 6.8 | |
2010-10-19 | CVE-2010-3557 | SUN | Remote Swing vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 6.8 |
2010-10-19 | CVE-2010-3549 | SUN | HTTP Response Splitting vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 6.8 |
2010-10-23 | CVE-2010-3290 | HP | Remote Privilege Escalation vulnerability in HP Systems Insight Manager Unspecified vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote authenticated users to gain privileges via unknown vectors. | 6.5 |
2010-10-19 | CVE-2008-7262 | G Rodola | Path Traversal vulnerability in G.Rodola Pyftpdlib 0.1/0.1.1 Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command. | 6.5 |
2010-10-19 | CVE-2007-6741 | G Rodola | Permissions, Privileges, and Access Controls vulnerability in G.Rodola Pyftpdlib 0.1 The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017. | 6.5 |
2010-10-19 | CVE-2007-6736 | G Rodola | Path Traversal vulnerability in G.Rodola Pyftpdlib 0.1 Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. | 6.5 |
2010-10-21 | CVE-2010-3178 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. | 5.8 |
2010-10-19 | CVE-2010-3573 | SUN | Same Origin Bypass vulnerability in SUN JDK and JRE Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 5.1 |
2010-10-19 | CVE-2010-3541 | SUN | Remote Networking vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 5.1 |
2010-10-23 | CVE-2010-4057 | IBM | Numeric Errors vulnerability in IBM Soliddb solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access and daemon crash) via a TCP session on port 1315. | 5.0 |
2010-10-23 | CVE-2010-4056 | IBM | Denial-Of-Service vulnerability in solidDB solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TCP session on port 1315. | 5.0 |
2010-10-23 | CVE-2010-4055 | IBM | Resource Management Errors vulnerability in IBM Soliddb Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive calls of a certain function. | 5.0 |
2010-10-21 | CVE-2010-4038 | Improper Resource Shutdown OR Release vulnerability in Google Chrome The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | 5.0 | |
2010-10-21 | CVE-2010-4033 | Multiple Security vulnerability in Google Chrome prior to 7.0.517.41 Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors. | 5.0 | |
2010-10-20 | CVE-2010-4007 | Oracle | Cryptographic Issues vulnerability in Oracle Mojarra Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057. | 5.0 |
2010-10-20 | CVE-2010-2057 | Apache | Cryptographic Issues vulnerability in Apache Myfaces shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack. | 5.0 |
2010-10-19 | CVE-2010-3551 | SUN | Remote Networking vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | 5.0 |
2010-10-19 | CVE-2010-3548 | SUN | Remote JNDI vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | 5.0 |
2010-10-19 | CVE-2010-3492 | Python | Denial-Of-Service vulnerability in Python The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. | 5.0 |
2010-10-19 | CVE-2007-6739 | G Rodola | Improper Input Validation vulnerability in G.Rodola Pyftpdlib 0.1 FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command. | 5.0 |
2010-10-19 | CVE-2007-6738 | G Rodola | Unspecified vulnerability in G.Rodola Pyftpdlib pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command. | 5.0 |
2010-10-18 | CVE-2010-3982 | SAP | Information Exposure vulnerability in SAP Businessobjects 3.2 SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. | 5.0 |
2010-10-18 | CVE-2010-3979 | SAP | Information Exposure vulnerability in SAP Businessobjects 3.2 Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI. | 5.0 |
2010-10-18 | CVE-2010-3286 | HP | Unspecified vulnerability in HP Systems Insight Manager 6.0/6.1 Unspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
2010-10-18 | CVE-2009-5005 | Apache Redhat | The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data. | 5.0 |
2010-10-23 | CVE-2010-4054 | Artifex | Buffer Errors vulnerability in Artifex products The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043. | 4.3 |
2010-10-23 | CVE-2010-3289 | HP | Cross-Site Scripting vulnerability in HP Systems Insight Manager Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-10-21 | CVE-2010-4050 | Opera | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Browser Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element. | 4.3 |
2010-10-21 | CVE-2010-4049 | Opera | Improper Input Validation vulnerability in Opera Browser Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document. | 4.3 |
2010-10-21 | CVE-2010-4048 | Opera | Improper Input Validation vulnerability in Opera Browser Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file. | 4.3 |
2010-10-21 | CVE-2010-4047 | Opera | Cross-Site Scripting vulnerability in Opera Browser Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. | 4.3 |
2010-10-21 | CVE-2010-4046 | Opera | Information Exposure vulnerability in Opera Browser Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content. | 4.3 |
2010-10-21 | CVE-2010-4044 | Opera | Improper Input Validation vulnerability in Opera Browser Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size. | 4.3 |
2010-10-21 | CVE-2010-4043 | Opera | Permissions, Privileges, and Access Controls vulnerability in Opera Browser Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document. | 4.3 |
2010-10-21 | CVE-2010-4037 | Multiple Security vulnerability in Google Chrome prior to 7.0.517.41 Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors. | 4.3 | |
2010-10-21 | CVE-2010-3291 | HP | Cross-Site Scripting vulnerability in HP Assetcenter and Assetmanager Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x through AC_5.03, and AssetManager 5.1x through AM_5.12 and 5.2x through AM_5.22, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-10-21 | CVE-2010-3177 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. | 4.3 |
2010-10-21 | CVE-2010-3170 | Mozilla | Cryptographic Issues vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | 4.3 |
2010-10-20 | CVE-2010-0782 | IBM | Unspecified vulnerability in IBM Websphere MQ IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate. | 4.3 |
2010-10-19 | CVE-2010-3495 | Zope | Race Condition vulnerability in Zope Zodb Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492. | 4.3 |
2010-10-19 | CVE-2010-3494 | G Rodola | Race Condition vulnerability in G.Rodola Pyftpdlib Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492. | 4.3 |
2010-10-19 | CVE-2010-3493 | Python | Race Condition vulnerability in Python 3.1/3.2 Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. | 4.3 |
2010-10-19 | CVE-2009-5011 | G Rodola | Race Condition vulnerability in G.Rodola Pyftpdlib Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494. | 4.3 |
2010-10-19 | CVE-2009-5010 | G Rodola | Race Condition vulnerability in G.Rodola Pyftpdlib Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494. | 4.3 |
2010-10-18 | CVE-2010-3981 | SAP | Cross-Site Scripting vulnerability in SAP Businessobjects 3.2 Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page. | 4.3 |
2010-10-18 | CVE-2010-3841 | Twiki | Cross-Site Scripting vulnerability in Twiki Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script. | 4.3 |
2010-10-19 | CVE-2009-5013 | G Rodola | Resource Management Errors vulnerability in G.Rodola Pyftpdlib Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer. | 4.0 |
2010-10-19 | CVE-2009-5012 | G Rodola | Permissions, Privileges, and Access Controls vulnerability in G.Rodola Pyftpdlib ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session. | 4.0 |
2010-10-19 | CVE-2008-7264 | G Rodola | Improper Input Validation vulnerability in G.Rodola Pyftpdlib The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt. | 4.0 |
2010-10-19 | CVE-2007-6740 | G Rodola | Permissions, Privileges, and Access Controls vulnerability in G.Rodola Pyftpdlib 0.1 The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command. | 4.0 |
2010-10-18 | CVE-2010-3980 | SAP | Unspecified vulnerability in SAP Businessobjects 3.2 Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI. | 4.0 |
2010-10-18 | CVE-2009-5006 | Apache Redhat | The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange. | 4.0 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-10-19 | CVE-2010-3560 | SUN | Remote Networking vulnerability in SUN JDK and JRE Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. | 2.6 |