Session fixation

lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service stack memory exhaustion and broker crash via a large persistent message...

CVE-2010-3781

The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433...

Code injection

The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allow...

CVE-2010-3490

Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. dot dot in the usersnum parameter to admin/config.php, as...

CVE-2010-3482

Multiple SQL injection vulnerabilities in cmswrite.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 title and 2 menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication...

CVE-2010-3482

Multiple SQL injection vulnerabilities in cmswrite.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 title and 2 menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication...

CVE-2010-2080

Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-2080

Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-3009

Unspecified vulnerability in HP System Management Homepage SMH for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors...

CVE-2010-3009

HP System Management Homepage (SMH) for Linux 6.0/6.1 contains an unspecified vulnerability that could allow remote authenticated users to disclose sensitive information and potentially gain root privileges via unknown vectors. HP’s security bulletin HPSBMA02566/SSRT100045 rev.1 notes only 6.0/6....

Crlf injection

CRLF injection vulnerability in load.php in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the...

PT-2010-1071 · Quagga +1 · Quagga +1

Name of the Vulnerable Software and Affected Versions: Quagga versions prior to 0.99.17 Quagga versions 0.98.3 and 0.98.6 Description: The issue concerns multiple vulnerabilities in the Quagga package, which can lead to a disruption of confidentiality, integrity, and availability of protected...

Code injection

IBM DB2 9.7 before FP2, when AUTOREVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service loss of privileges to a view owner by defining a dependent view...

CVE-2010-1645

CVE-2010-1645 affects Cacti prior to 0.8.7f, where remote authenticated administrators can execute arbitrary commands via shell metacharacters in the FQDN field of a Device or the Vertical Label field of a Graph Template. The issue arises from shell metacharacter handling in these input fields, e...

CVE-2010-2757

CVE-2010-2757 describes a vulnerability in Bugzilla where the sudo feature fails to send impersonation notifications, enabling remote authenticated users to impersonate other users without discovery. The description lists affected Bugzilla releases across multiple branches (2.22rc1–3.2.7, 3.3.1–3...

Mandriva Update for pidgin MDVSA-2010:148 (pidgin)

Check for the Version of pidgin OpenVAS Vulnerability Test Mandriva Update for pidgin MDVSA-2010:148 pidgin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

DEBIAN-CVE-2010-2785

The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ backslash characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452...

Design/Logic Flaw

The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ backslash characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452...

CVE-2010-2785

The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ backslash characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452...

CVE-2010-0833

The pamlsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass...