CVE-2010-4730

Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a...

Directory traversal

Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a...

Design/Logic Flaw

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.1 Bundle 4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to MDSYS...

CVE-2010-4441

Technical details for CVE-2010-4441 are not publicly available in the provided documents; no affected product/version or root cause is specified here. Monitor for updates from official advisories.

CVE-2010-4419

Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle 31 and 9.1 Bundle 6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Order Capture...

MySQL: pre-evaluating LIKE arguments in view prepare mode causes crash (MySQL Bug#54568)

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service assertion failure and server crash via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers...

MySQL: crash with LONGBLOB and union or update with subquery (MySQL Bug#54461)

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service server crash via a query that uses the 1 GREATEST or 2 LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the...

MySQL: Mysqld DoS (crash) by processing joins involving a table with a unique SET column (MySQL BZ#54575)

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service mysqld daemon crash via a join query that uses a table with a unique SET column...

MySQL: crash with user variables, assignments, joins... (MySQL Bug #55564)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...

MySQL: Use of unassigned memory (valgrind errors / crash) by providing certain values to BINLOG statement (MySQL BZ#54393)

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service mysqld daemon crash via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind...

MySQL: mysqld DoS (assertion failure) while reading the file back into a table (MySQL bug #52512)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service mysqld daemon crash via a crafted request...

Code injection

Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service server crash via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable...

CVE-2010-3838

CVE-2010-3838 affects MySQL up to 5.0.92, 5.1 up to 5.1.51, and 5.5 up to 5.5.6. It enables remote authenticated users to crash the server via a query using GREATEST or LEAST with mixed numeric and LONGBLOB arguments, when results are processed through an intermediate temporary table. Root cause ...

Sql injection

SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2010-3679

CVE-2010-3679 affects Oracle MySQL 5.1 prior to 5.1.49. The vulnerability allows remote authenticated users to cause a denial of service (mysqld crash) by passing certain arguments to the BINLOG command, which triggers memory access of uninitialized data (demonstrated by valgrind). Connected advi...

CVE-2010-4534

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...

DEBIAN-CVE-2010-4644

Multiple memory leaks in revhunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service memory consumption and daemon crash via the -g option to the blame command...

Design/Logic Flaw

Cisco IOS before 15.01XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031...

DEBIAN-CVE-2010-4528

directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a short p2pv2 packet in a DirectConnect aka direct connection session...