CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2010-1989 Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive... | N/A | NONE | — | 0 |
| CVE-2010-1990 Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attacker... | N/A | NONE | — | 0 |
| CVE-2010-1991 Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers... | N/A | NONE | — | 0 |
| CVE-2010-1992 Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive... | N/A | NONE | — | 0 |
| CVE-2010-1993 Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document wi... | N/A | NONE | — | 0 |
| CVE-2010-2037 Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified oth... | N/A | NONE | — | 0 |
| CVE-2010-1994 SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO. | N/A | NONE | — | 0 |
| CVE-2010-1995 Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML v... | N/A | NONE | — | 0 |
| CVE-2010-1996 Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with certain creation privileges, to inject arbitrary web script or HTML vi... | N/A | NONE | — | 0 |
| CVE-2010-1997 Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pe... | N/A | NONE | — | 0 |
| CVE-2010-2078 DataTrack System 3.5 allows remote attackers to list the root directory via a (1) /%u0085/ or (2) /%u00A0/ URI. | N/A | NONE | — | 0 |
| CVE-2010-1998 Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbit... | N/A | NONE | — | 0 |
| CVE-2010-1999 Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via direc... | N/A | NONE | — | 0 |
| CVE-2010-2000 Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privile... | N/A | NONE | — | 0 |
| CVE-2010-2001 Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. | N/A | NONE | — | 0 |
| CVE-2010-2002 Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, t... | N/A | NONE | — | 0 |
| CVE-2010-2003 Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter. | N/A | NONE | — | 0 |
| CVE-2010-2004 Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Opti... | N/A | NONE | — | 0 |
| CVE-2010-2005 Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/incl... | N/A | NONE | — | 0 |
| CVE-2010-2006 Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in ... | N/A | NONE | — | 0 |
| CVE-2010-0538 Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a... | N/A | NONE | — | 0 |
| CVE-2010-2007 Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use (1)... | N/A | NONE | — | 0 |
| CVE-2010-1436 gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (ke... | N/A | NONE | — | 0 |
| CVE-2010-1446 arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and other versions before 2.6.33, when running on PowerPC, does not properly perform a security check for access to a kernel page, wh... | N/A | NONE | — | 0 |
| CVE-2010-1626 MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than... | N/A | NONE | — | 0 |
| CVE-2010-2009 Stack-based buffer overflow in the media library in BS.Global BS.Player 2.51 build 1022, 2.41 build 1003, and possibly other versions allows user-assisted remote attackers to execute arbitrary code vi... | N/A | NONE | — | 0 |
| CVE-2010-0539 Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary co... | N/A | NONE | — | 0 |
| CVE-2007-1383 Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destro... | 9.8 | CRITICAL | — | 0 |
| CVE-2007-1384 Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename. | N/A | NONE | — | 0 |
| CVE-2007-1385 chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value. | N/A | NONE | — | 0 |
| CVE-2007-0999 Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006. | N/A | NONE | — | 0 |
| CVE-2007-1345 Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass ... | N/A | NONE | — | 0 |
| CVE-2007-1388 The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt wit... | N/A | NONE | — | 0 |
| CVE-2007-1273 Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_D... | N/A | NONE | — | 0 |
| CVE-2007-1365 Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: thi... | N/A | NONE | — | 0 |
| CVE-2007-1389 dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication and perform certain privileged actions via a direct request for (1) validlien.php3 (2) supprlien.php3 (3) supprub.php3 (4) validl... | N/A | NONE | — | 0 |
| CVE-2007-1390 Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajout... | N/A | NONE | — | 0 |
| CVE-2007-1391 PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter... | N/A | NONE | — | 0 |
| CVE-2007-1392 Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter. | N/A | NONE | — | 0 |
| CVE-2007-1393 PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | N/A | NONE | — | 0 |
| CVE-2007-1394 Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and inc... | N/A | NONE | — | 0 |
| CVE-2007-1395 Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (... | N/A | NONE | — | 0 |
| CVE-2007-1396 The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SES... | N/A | NONE | — | 0 |
| CVE-2007-1397 Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings. | N/A | NONE | — | 0 |
| CVE-2007-1398 The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (... | N/A | NONE | — | 0 |
| CVE-2007-1400 Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal... | N/A | NONE | — | 0 |
| CVE-2007-1401 Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict funct... | N/A | NONE | — | 0 |
| CVE-2007-1402 The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank argu... | N/A | NONE | — | 0 |
| CVE-2007-1403 Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly ... | N/A | NONE | — | 0 |
| CVE-2007-1404 tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might ... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.