Lista CVE - 2010 / Dicembre
Visualizzazione 1 - 100 di 359 CVE per Dicembre 2010 (Pagina 1 di 4)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2008-7268 | 2010-12-01 | The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php. |
| CVE-2008-7269 | 2010-12-01 | Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter... |
| CVE-2009-5019 | 2010-12-01 | Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb. |
| CVE-2010-4355 | 2010-12-01 | Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the... |
| CVE-2010-4358 | 2010-12-01 | Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGIGUY (MCG) Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) website,... |
| CVE-2010-4362 | 2010-12-01 | Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to... |
| CVE-2010-4363 | 2010-12-01 | Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) email... |
| CVE-2010-4364 | 2010-12-01 | DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does not include the htmLawed library, which allows remote attackers to bypass the protection mechanism for CVE-2010-4355 and conduct cross-site scripting... |
| CVE-2010-4366 | 2010-12-01 | Multiple cross-site scripting (XSS) vulnerabilities in forum_new_topic.php in Chameleon Social Networking allow remote attackers to inject arbitrary web script or HTML via the (1) thread_title and (2) thread_description parameters in... |
| CVE-2010-4356 | 2010-12-01 | SQL injection vulnerability in news_default.asp in Site2Nite Big Truck Broker allows remote attackers to execute arbitrary SQL commands via the txtSiteId parameter. |
| CVE-2010-4357 | 2010-12-01 | SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter. |
| CVE-2010-4359 | 2010-12-01 | SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. |
| CVE-2010-4360 | 2010-12-01 | Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE:... |
| CVE-2010-4361 | 2010-12-01 | Cross-site scripting (XSS) vulnerability in url-gateway.php in Jurpopage 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is... |
| CVE-2010-4365 | 2010-12-01 | SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php. |
| CVE-2010-1323 | 2010-12-02 | MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible... |
| CVE-2010-1324 | 2010-12-02 | MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or... |
| CVE-2010-2586 | 2010-12-02 | Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1)... |
| CVE-2010-3266 | 2010-12-02 | Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id... |
| CVE-2010-3267 | 2010-12-02 | Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx,... |
| CVE-2010-4020 | 2010-12-02 | MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and... |
| CVE-2010-4021 | 2010-12-02 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated... |
| CVE-2010-4329 | 2010-12-02 | Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject... |
| CVE-2010-4367 | 2010-12-02 | awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV... |
| CVE-2010-4369 | 2010-12-02 | Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory. |
| CVE-2010-4370 | 2010-12-02 | Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow. |
| CVE-2010-4371 | 2010-12-02 | Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box. |
| CVE-2010-4372 | 2010-12-02 | Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a... |
| CVE-2010-4373 | 2010-12-02 | The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file. |
| CVE-2010-4374 | 2010-12-02 | The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted... |
| CVE-2009-5020 | 2010-12-02 | Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
| CVE-2010-4368 | 2010-12-02 | awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a... |
| CVE-2010-4278 | 2010-12-02 | operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php. |
| CVE-2010-4279 | 2010-12-02 | The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php... |
| CVE-2010-4280 | 2010-12-02 | Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or... |
| CVE-2010-4281 | 2010-12-02 | Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC... |
| CVE-2010-4282 | 2010-12-02 | Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id... |
| CVE-2010-4283 | 2010-12-02 | PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter. |
| CVE-2010-4313 | 2010-12-02 | Unrestricted file upload vulnerability in fileman_file_upload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a direct... |
| CVE-2010-3613 | 2010-12-03 | named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the... |
| CVE-2010-3614 | 2010-12-03 | named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a... |
| CVE-2010-3615 | 2010-12-03 | named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard... |
| CVE-2010-4254 | 2010-12-03 | Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute... |
| CVE-2010-4398 | 2010-12-03 | Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2,... |
| CVE-2010-4400 | 2010-12-04 | SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter. |
| CVE-2010-4401 | 2010-12-04 | languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. |
| CVE-2010-4402 | 2010-12-04 | Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1)... |
| CVE-2010-4403 | 2010-12-04 | The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation... |
| CVE-2010-4406 | 2010-12-04 | Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files via a ..// (dot dot slash... |
| CVE-2010-4407 | 2010-12-04 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3)... |
| CVE-2010-4399 | 2010-12-04 | Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE... |
| CVE-2010-4404 | 2010-12-04 | SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4405 | 2010-12-04 | Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-2639 | 2010-12-06 | IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class,... |
| CVE-2010-2761 | 2010-12-06 | The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows... |
| CVE-2010-3066 | 2010-12-06 | The io_submit_one function in fs/aio.c in the Linux kernel before 2.6.23 allows local users to cause a denial of service (NULL pointer dereference) via a crafted io_submit system call with... |
| CVE-2010-3449 | 2010-12-06 | Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum... |
| CVE-2010-4408 | 2010-12-06 | Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user... |
| CVE-2010-4409 | 2010-12-06 | Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. |
| CVE-2010-4410 | 2010-12-06 | CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct... |
| CVE-2010-4411 | 2010-12-06 | Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of... |
| CVE-2010-3904 | 2010-12-06 | The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows... |
| CVE-2010-4180 | 2010-12-06 | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the... |
| CVE-2010-4252 | 2010-12-06 | OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the... |
| CVE-2010-4294 | 2010-12-06 | The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052... |
| CVE-2010-4295 | 2010-12-06 | Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2... |
| CVE-2010-4296 | 2010-12-06 | vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before... |
| CVE-2010-4297 | 2010-12-06 | The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2... |
| CVE-2008-7270 | 2010-12-06 | OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher... |
| CVE-2010-4478 | 2010-12-06 | OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of... |
| CVE-2010-4257 | 2010-12-07 | SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field. |
| CVE-2010-4259 | 2010-12-07 | Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF... |
| CVE-2010-4260 | 2010-12-07 | Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted... |
| CVE-2010-4261 | 2010-12-07 | Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly... |
| CVE-2010-4330 | 2010-12-07 | Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter... |
| CVE-2010-4479 | 2010-12-07 | Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF... |
| CVE-2010-4246 | 2010-12-07 | Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2)... |
| CVE-2010-4412 | 2010-12-07 | Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to... |
| CVE-2010-4482 | 2010-12-07 | Unspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors. |
| CVE-2010-4483 | 2010-12-07 | Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive... |
| CVE-2010-4484 | 2010-12-07 | Google Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors. |
| CVE-2010-4485 | 2010-12-07 | Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via... |
| CVE-2010-4486 | 2010-12-07 | Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling. |
| CVE-2010-4487 | 2010-12-07 | Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file." |
| CVE-2010-4488 | 2010-12-07 | Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
| CVE-2010-4489 | 2010-12-07 | libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this... |
| CVE-2010-4490 | 2010-12-07 | Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error. |
| CVE-2010-4491 | 2010-12-07 | Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension. |
| CVE-2010-4492 | 2010-12-07 | Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations. |
| CVE-2010-4493 | 2010-12-07 | Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events. |
| CVE-2010-4494 | 2010-12-07 | Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly... |
| CVE-2010-4150 | 2010-12-07 | Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory... |
| CVE-2010-4170 | 2010-12-07 | The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to... |
| CVE-2010-4171 | 2010-12-07 | The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service... |
| CVE-2010-4176 | 2010-12-07 | plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from... |
| CVE-2010-4179 | 2010-12-07 | The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for... |
| CVE-2010-4480 | 2010-12-08 | error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]". |
| CVE-2010-4500 | 2010-12-08 | Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3)... |
| CVE-2010-3372 | 2010-12-08 | Untrusted search path vulnerability in NorduGrid Advanced Resource Connector (ARC) before 0.8.3 allows local users to gain privileges via vectors related to the LD_LIBRARY_PATH environment variable. NOTE: some of these... |
| CVE-2010-4108 | 2010-12-08 | HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors. |