Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1514 | 1 Tomatocms | 1 Tomatocms | 2010-06-18 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2010-1376 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-18 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL. | |||||
| CVE-2010-2319 | 1 Idevspot | 1 Textads | 2010-06-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2010-1374 | 2 Aol, Apple | 3 Aim, Mac Os X, Mac Os X Server | 2010-06-17 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation. | |||||
| CVE-2010-1373 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content." | |||||
| CVE-2010-0546 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 3.3 LOW | N/A |
| Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. | |||||
| CVE-2010-0545 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 4.4 MEDIUM | N/A |
| The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations. | |||||
| CVE-2010-0543 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 6.8 MEDIUM | N/A |
| ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding. | |||||
| CVE-2010-2269 | 1 Accoria | 1 Rock Web Server | 2010-06-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. | |||||
| CVE-2010-2309 | 1 Evological | 1 Evocam | 2010-06-17 | 7.5 HIGH | N/A |
| Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2010-2274 | 1 Dojotoolkit | 1 Dojo | 2010-06-17 | 4.3 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html. | |||||
| CVE-2010-2280 | 1 Ibm | 1 Lotus Connections | 2010-06-17 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH. | |||||
| CVE-2010-2312 | 1 Hauntmax | 1 Haunted House Directory Listing Cms | 2010-06-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in HauntmAx Haunted House Directory Listing CMS allows remote attackers to execute arbitrary SQL commands via the state parameter in a listings action. | |||||
| CVE-2010-2282 | 1 Tomatocms | 1 Tomatocms | 2010-06-17 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. | |||||
| CVE-2010-2270 | 1 Accoria | 1 Rock Web Server | 2010-06-17 | 7.5 HIGH | N/A |
| Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | |||||
| CVE-2010-2277 | 1 Ibm | 1 Lotus Connections | 2010-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component. | |||||
| CVE-2010-2276 | 1 Dojotoolkit | 1 Dojo | 2010-06-16 | 10.0 HIGH | N/A |
| The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component. | |||||
| CVE-2010-2275 | 1 Dojotoolkit | 1 Dojo | 2010-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html. | |||||
| CVE-2010-2278 | 1 Ibm | 1 Lotus Connections | 2010-06-16 | 4.0 MEDIUM | N/A |
| The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. | |||||
| CVE-2010-2281 | 1 Tomatocms | 1 Tomatocms | 2010-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) bannerid parameter in conjunction with a /admin/ad/banner/list PATH_INFO; and allow remote authenticated users, with certain privileges, to inject arbitrary web script or HTML via the (3) title or (4) answers parameter in conjunction with a /admin/poll/add PATH_INFO, or the (5) name parameter in conjunction with a /admin/category/add PATH_INFO. | |||||