Export limit exceeded: 25160 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25160 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4760 | 1 Otrs | 1 Otrs | 2025-04-11 | N/A |
| Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket. | ||||
| CVE-2010-4766 | 1 Otrs | 1 Otrs | 2025-04-11 | N/A |
| The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client. | ||||
| CVE-2010-4767 | 1 Otrs | 1 Otrs | 2025-04-11 | N/A |
| Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox. | ||||
| CVE-2010-4775 | 2 Drupal, Nicholas Thompson | 2 Drupal, Relevant Content | 2025-04-11 | N/A |
| The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships. | ||||
| CVE-2010-4777 | 1 Perl | 1 Perl | 2025-04-11 | N/A |
| The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash. | ||||
| CVE-2010-4781 | 1 Enanocms | 1 Enano Cms | 2025-04-11 | N/A |
| index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message. | ||||
| CVE-2010-4788 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | N/A |
| IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) does not perform certain locking of linked-list access, which allows remote authenticated users to cause a denial of service (daemon crash) via a paged search. | ||||
| CVE-2010-4802 | 1 Mojolicious | 1 Mojolicious | 2025-04-11 | N/A |
| Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors. | ||||
| CVE-2010-4803 | 1 Mojolicious | 1 Mojolicious | 2025-04-11 | N/A |
| Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors. | ||||
| CVE-2010-4804 | 1 Google | 1 Android | 2025-04-11 | N/A |
| The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. | ||||
| CVE-2010-4818 | 2 Redhat, X.org | 2 Enterprise Linux, X.org | 2025-04-11 | N/A |
| The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c. | ||||
| CVE-2010-4819 | 2 Redhat, X | 2 Enterprise Linux, X.org-xserver | 2025-04-11 | N/A |
| The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw." | ||||
| CVE-2010-4822 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | N/A |
| core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters. | ||||
| CVE-2010-4900 | 1 Webmanager-pro | 1 Cms Webmanager-pro | 2025-04-11 | N/A |
| Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | ||||
| CVE-2010-5292 | 1 Amberdms | 1 Amberdms Billing System | 2025-04-11 | N/A |
| Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/services_usage.php cron job. | ||||
| CVE-2011-0003 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | N/A |
| MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
| CVE-2011-0015 | 1 Tor | 1 Tor | 2025-04-11 | N/A |
| Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor. | ||||
| CVE-2011-0017 | 1 Exim | 1 Exim | 2025-04-11 | N/A |
| The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. | ||||
| CVE-2011-0018 | 1 Openvas | 1 Openvas Manager | 2025-04-11 | N/A |
| The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA). | ||||
| CVE-2011-0019 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Directory Server | 2025-04-11 | N/A |
| slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. | ||||