The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do.
Max CVSS
6.5
EPSS Score
0.33%
Published
2010-05-28
Updated
2020-01-10

CVE-2010-2115

Public exploit
SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.
Max CVSS
5.0
EPSS Score
48.05%
Published
2010-05-28
Updated
2010-06-01
Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean.
Max CVSS
2.6
EPSS Score
0.15%
Published
2010-05-28
Updated
2010-06-01
Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4) mqsetup.php.
Max CVSS
3.5
EPSS Score
0.15%
Published
2010-05-28
Updated
2017-08-17
Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
8.8
EPSS Score
0.23%
Published
2010-05-28
Updated
2010-06-01
Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a new_admin action.
Max CVSS
4.3
EPSS Score
0.15%
Published
2010-05-28
Updated
2017-08-17
Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors.
Max CVSS
7.5
EPSS Score
0.17%
Published
2010-05-28
Updated
2020-08-06
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality.
Max CVSS
7.5
EPSS Score
0.31%
Published
2010-05-28
Updated
2020-08-06
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors.
Max CVSS
7.5
EPSS Score
0.31%
Published
2010-05-28
Updated
2020-08-06
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality.
Max CVSS
10.0
EPSS Score
0.17%
Published
2010-05-28
Updated
2020-08-06
Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers.
Max CVSS
4.3
EPSS Score
0.23%
Published
2010-05-28
Updated
2020-08-06
Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.17%
Published
2010-05-28
Updated
2020-08-06
Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.
Max CVSS
4.3
EPSS Score
0.53%
Published
2010-05-27
Updated
2018-10-10
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.40%
Published
2010-05-27
Updated
2018-10-10
Buffer overflow in Webby Webserver 1.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
Max CVSS
10.0
EPSS Score
70.30%
Published
2010-05-27
Updated
2018-10-10
The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
Max CVSS
5.0
EPSS Score
0.71%
Published
2010-05-27
Updated
2016-08-23
The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
Max CVSS
5.0
EPSS Score
0.64%
Published
2010-05-27
Updated
2016-08-23
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.
Max CVSS
7.5
EPSS Score
1.64%
Published
2010-05-27
Updated
2010-05-28
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
Max CVSS
7.5
EPSS Score
0.17%
Published
2010-05-27
Updated
2012-12-13
The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
Max CVSS
5.0
EPSS Score
0.55%
Published
2010-05-27
Updated
2016-08-23
Directory traversal vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.
Max CVSS
7.5
EPSS Score
0.53%
Published
2010-05-27
Updated
2010-05-28
SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2010-05-27
Updated
2010-05-28
Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.
Max CVSS
6.8
EPSS Score
1.36%
Published
2010-05-27
Updated
2011-01-26
Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs.
Max CVSS
5.0
EPSS Score
0.31%
Published
2010-05-27
Updated
2010-12-07
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.
Max CVSS
7.5
EPSS Score
0.22%
Published
2010-05-27
Updated
2012-02-16
418 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!