Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1064 | 1 Aspindir | 1 Erolife Ajxgaleri Vt | 2017-08-17 | 5.0 MEDIUM | N/A |
| Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb. | |||||
| CVE-2010-0984 | 1 Acidcat | 1 Acidcat Cms | 2017-08-17 | 5.0 MEDIUM | N/A |
| Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb. | |||||
| CVE-2010-0978 | 1 Kmsoft | 1 Guestbook | 2017-08-17 | 5.0 MEDIUM | N/A |
| KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. | |||||
| CVE-2010-0976 | 1 Acidcat | 1 Acidcat Cms | 2017-08-17 | 7.5 HIGH | N/A |
| Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory." | |||||
| CVE-2010-0965 | 1 Jevci.net | 1 Jevci Siparis Formu Scripti | 2017-08-17 | 5.0 MEDIUM | N/A |
| Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb. | |||||
| CVE-2010-0939 | 1 Visialis | 1 Abb Forum | 2017-08-17 | 5.0 MEDIUM | N/A |
| Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb. | |||||
| CVE-2010-0825 | 1 Gnu | 1 Emacs | 2017-08-17 | 4.4 MEDIUM | N/A |
| lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks. | |||||
| CVE-2010-0774 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2010-0765 | 1 Fipsasp | 1 Fipsforum | 2017-08-17 | 5.0 MEDIUM | N/A |
| fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for _database/forumFips.mdb. | |||||
| CVE-2010-0752 | 2 Drupal, Earl Dunovant | 2 Drupal, Week | 2017-08-17 | 5.0 MEDIUM | N/A |
| The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors. | |||||
| CVE-2010-0674 | 1 2enetworx | 1 Statcountex | 2017-08-17 | 5.0 MEDIUM | N/A |
| StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb. | |||||
| CVE-2010-0665 | 1 Xs4all | 1 Jag | 2017-08-17 | 5.0 MEDIUM | N/A |
| JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql. | |||||
| CVE-2010-0593 | 1 Cisco | 5 Pvc2300, Rvs4000, Wvc200 and 2 more | 2017-08-17 | 9.0 HIGH | N/A |
| The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726. | |||||
| CVE-2010-0571 | 1 Cisco | 1 Digital Media Manager | 2017-08-17 | 8.5 HIGH | N/A |
| Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x allows remote authenticated users to gain privileges via unknown vectors, and consequently execute arbitrary code via a crafted web application, aka Bug ID CSCtc46008. | |||||
| CVE-2010-0443 | 1 Hp | 2 Openvms, Openvms Rms | 2017-08-17 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Record Management Services (RMS) before VMS83A_RMS-V1100 for HP OpenVMS on the Alpha platform allows local users to gain privileges via unknown vectors. | |||||
| CVE-2010-0301 | 1 Maildrop | 1 Maildrop | 2017-08-17 | 6.9 MEDIUM | N/A |
| main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file. | |||||
| CVE-2010-0271 | 1 Sun | 1 Opensolaris | 2017-08-17 | 4.6 MEDIUM | N/A |
| hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspecified attempts to write to the auditing log, which makes it easier for physically proximate attackers to avoid detection of changes to the set of connected hardware devices supporting the Hardware Abstraction Layer (HAL) specification. | |||||
| CVE-2010-0185 | 1 Adobe | 1 Coldfusion | 2017-08-17 | 5.0 MEDIUM | N/A |
| The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL. | |||||
| CVE-2010-0011 | 1 Uzbl | 1 Uzbl | 2017-08-17 | 7.5 HIGH | N/A |
| The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code. | |||||
| CVE-2009-5019 | 1 Webwiz | 1 Web Wiz Newspad | 2017-08-17 | 5.0 MEDIUM | N/A |
| Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb. | |||||