Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
Max CVSS
5.0
EPSS Score
0.43%
Published
2010-01-29
Updated
2015-08-24
Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
Max CVSS
5.0
EPSS Score
0.33%
Published
2010-01-29
Updated
2017-08-17
Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.
Max CVSS
6.5
EPSS Score
30.38%
Published
2010-01-28
Updated
2017-09-19
SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.
Max CVSS
6.5
EPSS Score
0.07%
Published
2010-01-28
Updated
2017-08-17
Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information.
Max CVSS
3.5
EPSS Score
0.12%
Published
2010-01-28
Updated
2018-10-10
SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2010-01-28
Updated
2017-08-17
Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to index.php and the (2) note parameter to blog.php.
Max CVSS
7.5
EPSS Score
0.09%
Published
2010-01-28
Updated
2017-08-17
SQL injection vulnerability in home.php in magic-portal 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2010-01-28
Updated
2017-08-17
SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2010-01-28
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter.
Max CVSS
4.3
EPSS Score
0.20%
Published
2010-01-28
Updated
2017-08-17
SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publique! 2.3 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
Max CVSS
7.5
EPSS Score
0.10%
Published
2010-01-28
Updated
2018-10-10
Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to "phase 2."
Max CVSS
9.3
EPSS Score
35.23%
Published
2010-01-26
Updated
2018-10-10
Multiple stack-based buffer overflows in Embarcadero Technologies InterBase SMP 2009 9.0.3.437 allow remote attackers to execute arbitrary code via unknown vectors involving crafted packets. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
1.02%
Published
2010-01-26
Updated
2011-01-12
Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
2.87%
Published
2010-01-26
Updated
2011-01-12
The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token.
Max CVSS
5.0
EPSS Score
0.28%
Published
2010-01-25
Updated
2010-01-31
Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.
Max CVSS
7.5
EPSS Score
91.30%
Published
2010-01-25
Updated
2017-08-17
Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.
Max CVSS
7.5
EPSS Score
94.82%
Published
2010-01-25
Updated
2017-08-17
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
Max CVSS
4.3
EPSS Score
0.25%
Published
2010-01-25
Updated
2010-01-31
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query.
Max CVSS
5.0
EPSS Score
0.27%
Published
2010-01-25
Updated
2010-01-26
Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2010-01-25
Updated
2011-04-27
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations.
Max CVSS
5.0
EPSS Score
0.24%
Published
2010-01-25
Updated
2010-02-05
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
Max CVSS
7.6
EPSS Score
3.99%
Published
2010-01-22
Updated
2017-09-19
SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a show_stats action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.10%
Published
2010-01-22
Updated
2010-01-25
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
Max CVSS
5.0
EPSS Score
0.23%
Published
2010-01-22
Updated
2010-01-25
Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item.
Max CVSS
9.3
EPSS Score
13.94%
Published
2010-01-21
Updated
2017-09-19
319 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!