|
300121
|
5.9 |
MEDIUM
Network
|
owasp
|
enterprise_security_api_for_java
|
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
|
-
|
CVE-2010-3300
|
2024-11-21 10:18 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300122
|
3.3 |
LOW
Local
|
hp
redhat
fedoraproject
|
hp-ux_directory_server
redhat_directory_server
389_directory_server
directory_server
|
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2010-3282
|
2024-11-21 10:18 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300123
|
5.5 |
MEDIUM
Local
|
babiloo_project
debian
|
babiloo
debian_linux
|
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2010-3440
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300124
|
8.8 |
HIGH
Network
|
pixelpost
|
pixelpost
|
Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.
|
CWE-352
Origin Validation Error
|
CVE-2010-3305
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300125
|
6.5 |
MEDIUM
Network
|
rubyonrails
debian
|
rails
debian_linux
|
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2010-3299
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300126
|
5.5 |
MEDIUM
Local
|
mailscanner
|
mailscanner
|
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2010-3292
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300127
|
4.7 |
MEDIUM
Local
|
mailscanner
|
mailscanner
|
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-…
|
CWE-59
Link Following
|
CVE-2010-3095
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300128
|
6.5 |
MEDIUM
Network
|
cor-entertainment
debian
fedoraproject
|
alien-arena
debian_linux
fedora
|
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.
|
CWE-20
Improper Input Validation
|
CVE-2010-3439
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300129
|
9.8 |
CRITICAL
Network
|
libpoe-component-irc-perl_project
debian
fedoraproject
|
libpoe-component-irc-perl
debian_linux
fedora
|
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'pri…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2010-3438
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300130
|
4.8 |
MEDIUM
Local
|
gargoyle_project
debian
|
gargoyle
debian_linux
|
If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a dire…
|
CWE-20
Improper Input Validation
|
CVE-2010-3359
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
