Логотип exploitDog
source:"ubuntu"
Консоль
Логотип exploitDog

exploitDog

source:"ubuntu"

Количество 63 646

Количество 63 646

ubuntu логотип

CVE-2010-3696

больше 15 лет назад

The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2010-3695

почти 15 лет назад

Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2010-3694

больше 15 лет назад

Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2010-3693

почти 15 лет назад

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2010-3692

больше 15 лет назад

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.

CVSS2: 6.4
EPSS: Низкий
ubuntu логотип

CVE-2010-3691

больше 15 лет назад

PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.

CVSS2: 3.3
EPSS: Низкий
ubuntu логотип

CVE-2010-3690

больше 15 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2010-3689

около 15 лет назад

soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS2: 6.9
EPSS: Низкий
ubuntu логотип

CVE-2010-3686

больше 15 лет назад

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2010-3685

больше 15 лет назад

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2010-3683

около 15 лет назад

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.

CVSS2: 4
EPSS: Низкий
ubuntu логотип

CVE-2010-3682

около 15 лет назад

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

CVSS2: 4
EPSS: Низкий
ubuntu логотип

CVE-2010-3681

около 15 лет назад

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.

CVSS2: 4
EPSS: Низкий
ubuntu логотип

CVE-2010-3680

около 15 лет назад

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.

CVSS2: 4
EPSS: Низкий
ubuntu логотип

CVE-2010-3679

около 15 лет назад

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.

CVSS2: 4
EPSS: Низкий
ubuntu логотип

CVE-2010-3678

около 15 лет назад

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

CVSS2: 4
EPSS: Низкий
ubuntu логотип

CVE-2010-3677

около 15 лет назад

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.

CVSS2: 4
EPSS: Низкий
ubuntu логотип

CVE-2010-3676

около 15 лет назад

storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.

CVSS2: 4
EPSS: Низкий
ubuntu логотип

CVE-2010-3674

больше 6 лет назад

TYPO3 before 4.4.1 allows XSS in the frontend search box.

CVSS3: 6.1
EPSS: Низкий
ubuntu логотип

CVE-2010-3673

больше 6 лет назад

TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.

CVSS3: 5.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2010-3696

The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.

CVSS2: 4.3
1%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2010-3695

Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.

CVSS2: 4.3
1%
Низкий
почти 15 лет назад
ubuntu логотип
CVE-2010-3694

Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.

CVSS2: 6.8
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2010-3693

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.

CVSS2: 4.3
1%
Низкий
почти 15 лет назад
ubuntu логотип
CVE-2010-3692

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.

CVSS2: 6.4
1%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2010-3691

PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.

CVSS2: 3.3
0%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2010-3690

Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls.

CVSS2: 4.3
1%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2010-3689

soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS2: 6.9
0%
Низкий
около 15 лет назад
ubuntu логотип
CVE-2010-3686

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

CVSS2: 5
1%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2010-3685

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

CVSS2: 5
1%
Низкий
больше 15 лет назад
ubuntu логотип
CVE-2010-3683

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.

CVSS2: 4
8%
Низкий
около 15 лет назад
ubuntu логотип
CVE-2010-3682

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

CVSS2: 4
2%
Низкий
около 15 лет назад
ubuntu логотип
CVE-2010-3681

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.

CVSS2: 4
5%
Низкий
около 15 лет назад
ubuntu логотип
CVE-2010-3680

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.

CVSS2: 4
5%
Низкий
около 15 лет назад
ubuntu логотип
CVE-2010-3679

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.

CVSS2: 4
5%
Низкий
около 15 лет назад
ubuntu логотип
CVE-2010-3678

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

CVSS2: 4
6%
Низкий
около 15 лет назад
ubuntu логотип
CVE-2010-3677

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.

CVSS2: 4
1%
Низкий
около 15 лет назад
ubuntu логотип
CVE-2010-3676

storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.

CVSS2: 4
3%
Низкий
около 15 лет назад
ubuntu логотип
CVE-2010-3674

TYPO3 before 4.4.1 allows XSS in the frontend search box.

CVSS3: 6.1
1%
Низкий
больше 6 лет назад
ubuntu логотип
CVE-2010-3673

TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.

CVSS3: 5.3
0%
Низкий
больше 6 лет назад

Уязвимостей на страницу