259571
|
- |
|
hypermail-project
|
hypermail
|
Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing mess…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4339
|
2011-01-18 14:00 |
2011-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259572
|
- |
|
ecava
|
integraxor
|
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.
|
CWE-22
Path Traversal
|
CVE-2010-4598
|
2011-01-14 15:48 |
2010-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259573
|
- |
|
cstr
|
festival
|
festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gai…
|
NVD-CWE-Other
|
CVE-2010-3996
|
2011-01-14 15:47 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259574
|
- |
|
squid-cache
|
squid
|
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a …
|
NVD-CWE-Other
|
CVE-2010-3072
|
2011-01-14 15:46 |
2010-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259575
|
- |
|
squid-cache
|
squid
|
Per: http://cwe.mitre.org/data/definitions/476.html
'CWE-476: NULL Pointer Dereference'
|
NVD-CWE-Other
|
CVE-2010-3072
|
2011-01-14 15:46 |
2010-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259576
|
- |
|
arg0
|
encfs
|
SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users …
|
CWE-310
Cryptographic Issues
|
CVE-2010-3073
|
2011-01-14 15:46 |
2010-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259577
|
- |
|
arg0
|
encfs
|
SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a wate…
|
CWE-310
Cryptographic Issues
|
CVE-2010-3074
|
2011-01-14 15:46 |
2010-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259578
|
- |
|
linux-ipv6
|
umip
|
The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-2522
|
2011-01-14 15:45 |
2010-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259579
|
- |
|
linux-ipv6
|
umip
|
Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allow remote attackers to have an unspecified impact via a crafted (1) ND_OPT_PREFIX_INFORMATION or (2) ND_OPT_HOME_AGENT_INFO packet.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-2523
|
2011-01-14 15:45 |
2010-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259580
|
- |
|
opera
|
opera_browser
|
Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact …
|
NVD-CWE-Other
|
CVE-2010-4587
|
2011-01-12 15:54 |
2010-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|