|
300401
|
- |
|
mozilla
|
bugzilla
|
CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and cond…
|
CWE-94
Code Injection
|
CVE-2010-4572
|
2024-11-21 10:21 |
2011-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300402
|
- |
|
mozilla
|
bugzilla
|
Cross-site scripting (XSS) vulnerability in the duplicate-detection functionality in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the su…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4570
|
2024-11-21 10:21 |
2011-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300403
|
- |
|
mozilla
|
bugzilla
|
Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related …
|
CWE-79
Cross-site Scripting
|
CVE-2010-4569
|
2024-11-21 10:21 |
2011-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300404
|
- |
|
mozilla
|
bugzilla
|
Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-4568
|
2024-11-21 10:21 |
2011-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300405
|
- |
|
mozilla
|
bugzilla
|
Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2010-4567
|
2024-11-21 10:21 |
2011-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300406
|
- |
|
linux-pam
|
linux-pam
|
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by…
|
NVD-CWE-Other
|
CVE-2010-4708
|
2024-11-21 10:21 |
2011-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300407
|
- |
|
linux-pam
|
linux-pam
|
The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to caus…
|
CWE-399
Resource Management Errors
|
CVE-2010-4707
|
2024-11-21 10:21 |
2011-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300408
|
- |
|
linux-pam
|
linux-pam
|
The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might all…
|
NVD-CWE-Other
|
CVE-2010-4706
|
2024-11-21 10:21 |
2011-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300409
|
- |
|
ffmpeg
|
ffmpeg
|
Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to …
|
CWE-189
Numeric Errors
|
CVE-2010-4705
|
2024-11-21 10:21 |
2011-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300410
|
- |
|
ffmpeg
|
ffmpeg
|
libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor…
|
CWE-20
Improper Input Validation
|
CVE-2010-4704
|
2024-11-21 10:21 |
2011-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
