Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors….
CVE Identifier: CVE-2010-0104
Vulnerability Type(s):
Severity: Unknown Severity
Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors….
CVE Identifier: CVE-2010-0104
Vulnerability Type(s):
Severity: Unknown Severity
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument….
CVE Identifier: CVE-2010-0397
Vulnerability Type(s):
Severity: Medium
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file’s permissions….
CVE Identifier: CVE-2010-0727
Vulnerability Type(s):
Severity: Medium
A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call….
CVE Identifier: CVE-2010-0729
Vulnerability Type(s):
Severity: Medium
Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header….
CVE Identifier: CVE-2010-0793
Vulnerability Type(s):
Severity: High
Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts…
CVE Identifier: CVE-2010-0976
Vulnerability Type(s):
Severity: High
PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb….
CVE Identifier: CVE-2010-0977
Vulnerability Type(s):
Severity: Medium
KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb….
CVE Identifier: CVE-2010-0978
Vulnerability Type(s):
Severity: Medium
Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter….
CVE Identifier: CVE-2010-0979
Vulnerability Type(s):
Severity: Medium
