LiveActive security incident?Get immediate response
CVE archive

May 2010

Browse CVE records published in May 2010, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 377 matching CVEs · Page 3 of 8.

Unknown · CVSS Not scored

CVE-2010-2103: Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration...

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.

Published May 27, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2101: The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions...

The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

Published May 27, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-1940: Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a dif...

Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published May 14, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2089: The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte...

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.

Published May 27, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-1944: Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals...

Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation.class.php, (2) courrierautorisation.class.php, (3) droit.class.php, (4) profil.class.php, (5) temp_defunt_sansemplacement.class.php, (6) utils.class.php, (7) cimetiere.class.php, (8) defunt.class.php, (9) emplacement.class.php, (10) tab_emplacement.class.php, (11) temp_emplacement.class.php, (12) voie.class.php, (13) collectivite.class.php, (14) defunttransfert.class.php, (15) entreprise.class.php, (16) temp_autorisation.class.php, (17) travaux.class.php, (18) zone.class.php, (19) courrier.class.php, (20) dossier.class.php, (21) plans.class.php, (22) temp_defunt.class.php, and (23) utilisateur.class.php in obj/.

Published May 18, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2091: Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does...

Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.

Published May 27, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2092: SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arb...

SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.

Published May 27, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2094: Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependen...

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.

Published May 27, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2097: The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13...

The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

Published May 27, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2032: Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Pr...

Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_realm or (2) digest_username parameters. NOTE: some of these details are obtained from third party information.

Published May 24, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-1988: Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer...

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571.

Published May 20, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2090: The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Commun...

The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small.

Published May 27, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-1990: Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations...

Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.

Published May 20, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-1934: Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals i...

Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php, (2) profil.class.php, (3) collectivite.class.php, (4) ressource.class.php, (5) droit.class.php, (6) utilisateur.class.php, and (7) planning.class.php in obj/.

Published May 12, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-1915: The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers...

The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory.

Published May 12, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-1942: Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 throu...

Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force invalid requests to be processed via unknown vectors related to unspecified invalid requests and settings on the load balancing device.

Published May 18, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-1926: Directory traversal vulnerability in scr/soustab.php in openMairie openCourrier 2.02 and 2.03 beta, when re...

Directory traversal vulnerability in scr/soustab.php in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. NOTE: some of these details are obtained from third party information.

Published May 12, 2010 · Updated Aug 7, 2024