Unknown · CVSS Not scored
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
Published Sep 9, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple untrusted search path vulnerabilities in CelFrame Office 2008 Standard Edition allow local users to gain privileges via a Trojan horse (1) java_msci.dll or (2) msci_java.dll file in the current working directory, as demonstrated by a directory that contains a .doc, .xls, or .odg file. NOTE: some of these details are obtained from third party information.
Published Sep 6, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Published Sep 29, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in Dupehunter 9.0.0.3911 allows local users to gain privileges via a Trojan horse Fwpuclnt.dll file in the current working directory, as demonstrated by a directory that contains a .dhjb file. NOTE: some of these details are obtained from third party information.
Published Sep 6, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472.
Published Sep 23, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in SmartSniff 1.71 allows local users to gain privileges via a Trojan horse wpcap.dll file in the current working directory, as demonstrated by a directory that contains a .cfg or .ssp file. NOTE: some of these details are obtained from third party information.
Published Sep 7, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple untrusted search path vulnerabilities in Phoenix Project Manager 2.1.0.8 allow local users to gain privileges via a Trojan horse (1) wbtrv32.dll or (2) w3btrv7.dll file in the current working directory, as demonstrated by a directory that contains a .ppx file. NOTE: some of these details are obtained from third party information.
Published Sep 6, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple untrusted search path vulnerabilities in MicroStation 7.1 allow local users to gain privileges via a Trojan horse (1) mptools.dll, (2) baseman.dll, (3) wintab32.dll, or (4) wintab.dll file in the current working directory, as demonstrated by a directory that contains a .hln or .rdl file. NOTE: some of these details are obtained from third party information.
Published Sep 7, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service via unknown vectors.
Published Sep 24, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033.
Published Sep 10, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Sep 16, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in Roxio MyDVD 9 allows local users to gain privileges via a Trojan horse HomeUtils9.dll file in the current working directory, as demonstrated by a directory that contains a .dmsd or .dmsm file. NOTE: some of these details are obtained from third party information.
Published Sep 6, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file.
Published Sep 13, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file.
Published Sep 8, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 allows local users to gain privileges via a Trojan horse Assist.Dll file in the current working directory, as demonstrated by a directory that contains a .ses file. NOTE: some of these details are obtained from third party information.
Published Sep 7, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file.
Published Sep 7, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party information.
Published Sep 27, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.
Published Sep 23, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Published Sep 29, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007.
Published Sep 13, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Sep 24, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters.
Published Sep 17, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple untrusted search path vulnerabilities in Adobe Device Central CS4 2.0.0 0476 allow local users to gain privileges via a Trojan horse (1) ibfs32.dll or (2) amt_cdb.dll file in the current working directory, as demonstrated by a directory that contains a .adcp file. NOTE: some of these details are obtained from third party information.
Published Sep 7, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in LINGO 11.0.1.6 and 12.0.2.20 allows local users to gain privileges via a Trojan horse myuser.dll file in the current working directory, as demonstrated by a directory that contains a .ltf file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Sep 6, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2843 and CVE-2010-3033.
Published Sep 10, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.
Published Sep 13, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information.
Published Sep 6, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.
Published Sep 29, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Published Sep 29, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in Cool iPhone Ringtone Maker 2.2.3 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party information.
Published Sep 6, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in Agrin All DVD Ripper 4.0 allows local users to gain privileges via a Trojan horse wnaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .ifo file. NOTE: some of these details are obtained from third party information.
Published Sep 7, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in Sothink SWF Decompiler 6.0 Build 610 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .flv file. NOTE: some of these details are obtained from third party information.
Published Sep 7, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in PhotoImpact X3 13.00.0000.0 allows local users to gain privileges via a Trojan horse bwsconst.dll file in the current working directory, as demonstrated by a directory that contains a .ufp or .ufo file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Sep 6, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
Published Sep 16, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.
Published Sep 22, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603.
Published Sep 23, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in Babylon 8.1.0 r16 allows local users to gain privileges via a Trojan horse BESExtension.dll file in the current working directory, as demonstrated by a directory that contains a .bgl file. NOTE: some of these details are obtained from third party information.
Published Sep 6, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory.
Published Sep 6, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple untrusted search path vulnerabilities in TuneUp Utilities 2009 8.0.3310 and 2010 9.0.4600 allow local users to gain privileges via a Trojan horse (1) wscapi.dll or (2) vclib32.dll file in the current working directory, as demonstrated by a directory that contains a .tvs file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Sep 6, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local users to gain privileges via a Trojan horse vnclang.dll file in the current working directory, as demonstrated by a directory that contains a .vnc file. NOTE: some of these details are obtained from third party information.
Published Sep 7, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Published Sep 24, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action.
Published Sep 16, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in SnowFox Total Video Converter 2.5.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: some of these details are obtained from third party information.
Published Sep 7, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.
Published Sep 24, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.
Published Sep 15, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in WinImage 8.50 allows local users to gain privileges via a Trojan horse wnaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .imz file. NOTE: some of these details are obtained from third party information.
Published Sep 7, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote Management card with firmware before 4.06 allows remote attackers to cause a denial of service via unknown vectors.
Published Sep 10, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple untrusted search path vulnerabilities in Maxthon Browser 1.6.7.35 and 2.5.15 allow local users to gain privileges via a Trojan horse (1) RSRC32.dll or (2) dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .html file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Sep 7, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via a Trojan horse (1) eclipse_1114.dll or (2) emser645mi.dll file in the current working directory, as demonstrated by a directory that contains a .odm, .odt, .otp, .stc, .stw, .sxg, or .sxw file. NOTE: some of these details are obtained from third party information.
Published Sep 6, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
Published Sep 17, 2012 · Updated Sep 16, 2024