LiveActive security incident?Get immediate response
CVE archive

May 2010

Browse CVE records published in May 2010, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 377 matching CVEs · Page 2 of 8.

Unknown · CVSS Not scored

CVE-2010-2000: Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x t...

Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358.

Published May 20, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-2025: Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atl...

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.

Published May 26, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-2049: Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus...

Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published May 25, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-5099: The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4....

The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.

Published May 30, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4832: Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remo...

Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused.

Published May 14, 2014 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-3843: The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership...

The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.

Published May 28, 2021 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2100: The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strt...

The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

Published May 27, 2010 · Updated Aug 7, 2024