VulnAware.com

CVE-2010-2364 (moobbs)

Wed, 01 Sep 2010 06:44:35 +0000

Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2010-2365 (moobbs2)

Wed, 01 Sep 2010 06:44:35 +0000

Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2010-3188 (bugtracker.net)

Wed, 01 Sep 2010 06:44:35 +0000

SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via a custom field to the search page.

CVE-2010-3193 (db2)

Wed, 01 Sep 2010 06:44:35 +0000

Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.

CVE-2010-2794 (spice-xpi)

Wed, 01 Sep 2010 06:44:34 +0000

The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.

CVE-2010-3000 (realplayer, realplayer_sp)

Wed, 01 Sep 2010 06:44:34 +0000

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.

CVE-2010-2945 (slim_simple_login_manager)

Wed, 01 Sep 2010 06:44:34 +0000

The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.

CVE-2010-3035 (ios_xr)

Wed, 01 Sep 2010 06:44:32 +0000

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.

CVE-2010-2363 (seil/x1_firmware, seil/x2_firmware, seil/b1_firmware)

Wed, 01 Sep 2010 06:44:32 +0000

The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the SEIL/X1, SEIL/X2, and SEIL/B1 routers with firmware 1.00 through 2.73, when strict mode is used, does not properly drop packets, which might allow remote attackers to bypass intended access restrictions via a spoofed IP address.

CVE-2010-2712 (hp-ux)

Wed, 01 Sep 2010 06:44:32 +0000

Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.