CVE-2010-4528

directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a short p2pv2 packet in a DirectConnect aka direct connection session...

PT-2011-1631 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliances ASA 5500 series devices versions prior to 8.23 Description: The issue allows remote authenticated users to cause a denial of service, resulting in a device crash, by sending a high volume of IPsec traffic...

CVE-2010-4603

IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service loop or have...

CVE-2010-4275

Multiple cross-site scripting XSS vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 name or 2 descr parameter in an a updateusergroup or a b storenas action to admin.php...

CVE-2009-5033

IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a " " argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data via a sync operation, related to storage of the data of multiple users within the same thread...

OpenSSL 1.0.0 < 1.0.0c Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.0c. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0c advisory. - OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allo...

Sql injection

Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via 1 the idgroup parameter in an operation/agentes/veragente action to ajax.php or 2 the groupid parameter in an operation/agentes/estadoagente action to index.ph...

CVE-2010-4020

MIT Kerberos 5 aka krb5 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a 1 AD-SIGNEDPATH or 2 AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte...

Command injection

goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing UVC System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface PRI Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces BRI Gateway, and...

CVE-2010-3869

Red Hat Certificate System RHCS 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN...

Design/Logic Flaw

UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup...

CVE-2010-4011

Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issu...

FreeBSD Ports: mailman

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2010-4232

The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // slash slash at the beginning of a URI, as demonstrated by the //system.html URI...

NiX : A Linux Brute Forcer Download

NiX Brute Forcer is a tool that uses brute force in parallel to log into a system without having authentication credentials beforehand. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of NiX is to support a variety of services that allow remote...

CVE-2010-2892

gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery CSRF attack...

CVE-2010-3838

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service server crash via a query that uses the 1 GREATEST or 2 LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the...

MySQL: Mysqld DoS (crash) by processing joins involving a table with a unique SET column (MySQL BZ#54575)

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service mysqld daemon crash via a join query that uses a table with a unique SET column...

MySQL: crash with user variables, assignments, joins... (MySQL Bug #55564)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...

MySQL: crash with LONGBLOB and union or update with subquery (MySQL Bug#54461)

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service server crash via a query that uses the 1 GREATEST or 2 LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the...