|
309081
|
- |
|
rene_tegel
|
visual_synapse
|
Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
|
CWE-22
Path Traversal
|
CVE-2010-3743
|
2024-11-21 10:19 |
2010-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309082
|
- |
|
freeradius
|
freeradius
|
The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requ…
|
CWE-399
Resource Management Errors
|
CVE-2010-3697
|
2024-11-21 10:19 |
2010-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309083
|
- |
|
freeradius
|
freeradius
|
The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause …
|
CWE-399
Resource Management Errors
|
CVE-2010-3696
|
2024-11-21 10:19 |
2010-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309084
|
- |
|
apereo
|
phpcas
|
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directo…
|
CWE-22
Path Traversal
|
CVE-2010-3692
|
2024-11-21 10:19 |
2010-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309085
|
- |
|
apereo
|
phpcas
|
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
|
CWE-59
Link Following
|
CVE-2010-3691
|
2024-11-21 10:19 |
2010-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309086
|
- |
|
apereo
|
phpcas
|
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting …
|
CWE-79
Cross-site Scripting
|
CVE-2010-3690
|
2024-11-21 10:19 |
2010-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309087
|
- |
|
alvaro_herrera
|
pl\/php
|
The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-3781
|
2024-11-21 10:19 |
2010-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309088
|
- |
|
dovecot
|
dovecot
|
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
|
NVD-CWE-Other
|
CVE-2010-3780
|
2024-11-21 10:19 |
2010-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309089
|
- |
|
dovecot
|
dovecot
|
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass inten…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-3779
|
2024-11-21 10:19 |
2010-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309090
|
- |
|
dovecot
|
dovecot
|
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a direc…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-3707
|
2024-11-21 10:19 |
2010-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
