CVE List - 2010 / May
Showing 201 - 300 of 402 CVEs for May 2010 (Page 3 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2010-1558 | 2010-05-14 | Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital Sending Software before 4.18.3 allows local users to bypass intended restrictions on the MFP "Send to e-mail" feature, and obtain sensitive information,... |
| CVE-2010-1621 | 2010-05-14 | The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN... |
| CVE-2010-1624 | 2010-05-14 | The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and... |
| CVE-2010-0601 | 2010-05-14 | The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug... |
| CVE-2010-0602 | 2010-05-14 | The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug... |
| CVE-2010-0603 | 2010-05-14 | The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via a malformed session attribute, aka... |
| CVE-2010-0604 | 2010-05-14 | Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via unknown SIP... |
| CVE-2010-1556 | 2010-05-14 | Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 Update 1, and 6.0 allows remote attackers to obtain sensitive information and modify data via unknown vectors. |
| CVE-2010-1557 | 2010-05-14 | Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-1561 | 2010-05-14 | The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via... |
| CVE-2010-1562 | 2010-05-14 | The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via... |
| CVE-2010-1563 | 2010-05-14 | The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via... |
| CVE-2010-1565 | 2010-05-14 | Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service... |
| CVE-2010-1567 | 2010-05-14 | The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug... |
| CVE-2010-1940 | 2010-05-14 | Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site,... |
| CVE-2010-1568 | 2010-05-14 | The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to obtain cleartext... |
| CVE-2010-0998 | 2010-05-17 | Multiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the... |
| CVE-2010-0999 | 2010-05-17 | Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in... |
| CVE-2010-1000 | 2010-05-17 | Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element... |
| CVE-2010-1511 | 2010-05-17 | KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a... |
| CVE-2010-1512 | 2010-05-17 | Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. |
| CVE-2010-0774 | 2010-05-17 | The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle... |
| CVE-2010-0775 | 2010-05-17 | Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and... |
| CVE-2010-0776 | 2010-05-17 | The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to... |
| CVE-2010-0777 | 2010-05-17 | The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect... |
| CVE-2010-0403 | 2010-05-18 | Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter. |
| CVE-2010-0404 | 2010-05-18 | Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/. |
| CVE-2010-1584 | 2010-05-18 | Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block... |
| CVE-2010-1942 | 2010-05-18 | Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager,... |
| CVE-2010-1941 | 2010-05-18 | Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and earlier, allows remote attackers to cause a... |
| CVE-2010-1943 | 2010-05-18 | Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client... |
| CVE-2010-1944 | 2010-05-18 | Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to... |
| CVE-2010-1945 | 2010-05-18 | Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to... |
| CVE-2010-1946 | 2010-05-18 | Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to... |
| CVE-2010-1947 | 2010-05-18 | Directory traversal vulnerability in scr/soustab.php in openMairie Openregistrecil 1.02, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype]... |
| CVE-2010-1948 | 2010-05-18 | Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype]... |
| CVE-2010-1949 | 2010-05-18 | SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some... |
| CVE-2010-1951 | 2010-05-18 | Multiple directory traversal vulnerabilities in 60cycleCMS allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the DOCUMENT_ROOT parameter to (1) news.php, (2) submitComment.php, and... |
| CVE-2010-1952 | 2010-05-18 | Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller... |
| CVE-2010-1953 | 2010-05-18 | Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to... |
| CVE-2010-1954 | 2010-05-18 | Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller... |
| CVE-2010-1955 | 2010-05-18 | Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to... |
| CVE-2010-1956 | 2010-05-18 | Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter... |
| CVE-2010-1957 | 2010-05-18 | Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
| CVE-2010-1950 | 2010-05-18 | SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter... |
| CVE-2010-1169 | 2010-05-19 | PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict... |
| CVE-2010-1170 | 2010-05-19 | The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2... |
| CVE-2010-1321 | 2010-05-19 | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not... |
| CVE-2010-1447 | 2010-05-19 | The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before... |
| CVE-2010-1454 | 2010-05-19 | com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows... |
| CVE-2010-1975 | 2010-05-19 | PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations,... |
| CVE-2010-1976 | 2010-05-19 | Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via... |
| CVE-2010-1977 | 2010-05-19 | Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
| CVE-2010-1978 | 2010-05-19 | PHP remote file inclusion vulnerability in default_theme.php in FreePHPBlogSoftware 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpincdir parameter. NOTE:... |
| CVE-2010-1979 | 2010-05-19 | Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to... |
| CVE-2010-1980 | 2010-05-19 | Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in... |
| CVE-2010-1981 | 2010-05-19 | Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
| CVE-2010-1982 | 2010-05-19 | Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. |
| CVE-2010-1983 | 2010-05-19 | Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to... |
| CVE-2010-1984 | 2010-05-19 | Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web... |
| CVE-2010-1628 | 2010-05-19 | Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack... |
| CVE-2010-1629 | 2010-05-19 | Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address. |
| CVE-2010-1627 | 2010-05-19 | feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings... |
| CVE-2010-1630 | 2010-05-19 | Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement." |
| CVE-2010-1985 | 2010-05-19 | Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown... |
| CVE-2010-0745 | 2010-05-20 | Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message. |
| CVE-2010-1039 | 2010-05-20 | Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11,... |
| CVE-2010-1986 | 2010-05-20 | Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements... |
| CVE-2010-1987 | 2010-05-20 | Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings... |
| CVE-2010-1988 | 2010-05-20 | Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code... |
| CVE-2010-1989 | 2010-05-20 | Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause... |
| CVE-2010-1990 | 2010-05-20 | Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote... |
| CVE-2010-1991 | 2010-05-20 | Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to... |
| CVE-2010-1992 | 2010-05-20 | Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of... |
| CVE-2010-1993 | 2010-05-20 | Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via... |
| CVE-2010-1994 | 2010-05-20 | SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO. |
| CVE-2010-1995 | 2010-05-20 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the (1)... |
| CVE-2010-1996 | 2010-05-20 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with certain creation privileges, to inject arbitrary web script or HTML via the (1) content... |
| CVE-2010-1997 | 2010-05-20 | Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter. |
| CVE-2010-1998 | 2010-05-20 | Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script... |
| CVE-2010-1999 | 2010-05-20 | Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype]... |
| CVE-2010-2003 | 2010-05-20 | Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter. |
| CVE-2010-2000 | 2010-05-20 | Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web... |
| CVE-2010-2001 | 2010-05-20 | Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. |
| CVE-2010-2002 | 2010-05-20 | Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web... |
| CVE-2010-2004 | 2010-05-20 | Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section... |
| CVE-2010-2005 | 2010-05-20 | Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2)... |
| CVE-2010-2006 | 2010-05-20 | Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the... |
| CVE-2010-2007 | 2010-05-20 | Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use (1) op/op.EditUserData.php, (2) op/op.UsrMgr.php,... |
| CVE-2010-1436 | 2010-05-21 | gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial... |
| CVE-2010-1446 | 2010-05-21 | arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and other versions before 2.6.33, when running on PowerPC, does not properly perform a security check for access to a kernel page,... |
| CVE-2010-1626 | 2010-05-21 | MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a... |
| CVE-2010-2009 | 2010-05-21 | Stack-based buffer overflow in the media library in BS.Global BS.Player 2.51 build 1022, 2.41 build 1003, and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a... |
| CVE-2010-0538 | 2010-05-21 | Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers... |
| CVE-2010-0539 | 2010-05-21 | Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows... |
| CVE-2010-1546 | 2010-05-21 | Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges,... |
| CVE-2010-1547 | 2010-05-21 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests... |
| CVE-2010-1548 | 2010-05-21 | The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges,... |
| CVE-2010-2010 | 2010-05-21 | Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a... |
| CVE-2010-2011 | 2010-05-21 | Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by... |