LiveActive security incident?Get immediate response
CVE archive

January 2010

Browse CVE records published in January 2010, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 432 matching CVEs · Page 2 of 9.

Unknown · CVSS Not scored

CVE-2010-0273: Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to ex...

Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Published Jan 8, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-0360: Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in...

Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.

Published Jan 20, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-4166: Multiple SQL injection vulnerabilities in Joomla!

Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.

Published Jan 18, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-4714: Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute a...

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent.

Published Jan 31, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-0014: System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC...

System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.

Published Jan 14, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-0349: Cross-site scripting (XSS) vulnerability in C3 Corp.

Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be reproduced by the vendor, but a patch was provided anyway. The original researcher is reliable.

Published Jan 15, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-5320: Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to...

Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php.

Published Jan 3, 2015 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-0184: The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (T...

The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors.

Published Jan 14, 2010 · Updated Sep 16, 2024