Directory traversal vulnerability in content.php in Saskia’s Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter….
CVE Identifier: CVE-2010-0957
Vulnerability Type(s):
Severity: Medium
Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter…
CVE Identifier: CVE-2010-0958
Vulnerability Type(s):
Severity: Medium
The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits….
CVE Identifier: CVE-2010-0791
Vulnerability Type(s):
Severity: Low
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing ….
CVE Identifier: CVE-2010-0926
Vulnerability Type(s):
Severity: Low
The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request….
CVE Identifier: CVE-2010-0418
Vulnerability Type(s):
Severity: Unknown Severity
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client….
CVE Identifier: CVE-2010-0728
Vulnerability Type(s):
Severity: High
sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name….
CVE Identifier: CVE-2010-0790
Vulnerability Type(s):
Severity: Low
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777….
CVE Identifier: CVE-2010-0103
Vulnerability Type(s):
Severity: High
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter….
CVE Identifier: CVE-2010-0936
Vulnerability Type(s):
Severity: Medium
Multiple unspecified vulnerabilities in Visualization Library before 2009.08.812 have unknown impact and attack vectors….
CVE Identifier: CVE-2010-0937
Vulnerability Type(s):
Severity: Unknown Severity
