Security Vulnerabilities, CVEs, Published In September 2010 (Gain Privilege)
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Max CVSS
5.0
EPSS Score
0.49%
Published
2010-09-29
Updated
2010-09-30
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Max CVSS
5.0
EPSS Score
0.49%
Published
2010-09-29
Updated
2010-09-30
Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.21%
Published
2010-09-20
Updated
2010-09-21
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Max CVSS
5.0
EPSS Score
0.49%
Published
2010-09-29
Updated
2010-09-30
CVE-2010-2731
Public exploit
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability."
Max CVSS
6.8
EPSS Score
23.27%
Published
2010-09-15
Updated
2020-11-23
The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
Max CVSS
6.9
EPSS Score
0.04%
Published
2010-09-15
Updated
2019-02-26
Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.
Max CVSS
6.8
EPSS Score
0.65%
Published
2010-09-21
Updated
2017-09-19
7 vulnerabilities found