CVE-2010-0681
published 2010-02-22CVE-2010-0681: ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.17%
80.0th percentile
ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zeuscms | zeuscms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2010-3166 Mozilla Heap buffer overflow in nsTextFrameUtils::TransformText (MFSA 2010-53)
bugzilla·2010-09-03·CVSS 9.3
CVE-2010-3166 [CRITICAL] CVE-2010-3166 Mozilla Heap buffer overflow in nsTextFrameUtils::TransformText (MFSA 2010-53)
CVE-2010-3166 Mozilla Heap buffer overflow in nsTextFrameUtils::TransformText (MFSA 2010-53)
Security researcher wushi of team509 reported a heap buffer overflow in
code routines responsible for transforming text runs. A page could be
constructed with a bidirectional text run which upon reflow could result in
an incorrect length being calculated for the run of text. When this value
is subsequently used to allocate memory for the text too small a buffer may
be created potentially resulting in a buffer overflow and the execution of
attacker controlled memory.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-53.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0681 htt
Bugzilla
CVE-2010-2762 Mozilla SJOW creates scope chains ending in outer object (MFSA 2010-59)
bugzilla·2010-09-03·CVSS 6.8
CVE-2010-2762 [MEDIUM] CVE-2010-2762 Mozilla SJOW creates scope chains ending in outer object (MFSA 2010-59)
CVE-2010-2762 Mozilla SJOW creates scope chains ending in outer object (MFSA 2010-59)
Mozilla developer Blake Kaplan reported that the wrapper class
XPCSafeJSObjectWrapper (SJOW), a security wrapper that allows
content-defined objects to be safely accessed by privileged code, creates
scope chains ending in outer objects. Users of SJOWs which expect the scope
chain to end on an inner object may be handed a chrome privileged object
which could be leveraged to run arbitrary JavaScript with chrome
privileges.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-59.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0681 https://rhn.redhat.com/errata/RHSA-2010-0681.html
Bugzilla
CVE-2010-2769 Mozilla Copy-and-paste or drag-and-drop into designMode document allows XSS (MFSA 2010-62)
bugzilla·2010-09-03·CVSS 4.3
CVE-2010-2769 [MEDIUM] CVE-2010-2769 Mozilla Copy-and-paste or drag-and-drop into designMode document allows XSS (MFSA 2010-62)
CVE-2010-2769 Mozilla Copy-and-paste or drag-and-drop into designMode document allows XSS (MFSA 2010-62)
Security researcher Paul Stone reported that when an HTML selection
containing JavaScript is copy-and-pasted or dropped onto a document with
designMode enabled the JavaScript will be executed within the context of
the site where the code was dropped. A malicious site could leverage this
issue in an XSS attack by persuading a user into taking such an action and
in the process running malicious JavaScript within the context of another
site.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-62.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0681 https://rhn.redhat.
Bugzilla
CVE-2010-2764 Mozilla Information leak via XMLHttpRequest statusText (MFSA 2010-63)
bugzilla·2010-09-03·CVSS 4.3
CVE-2010-2764 [MEDIUM] CVE-2010-2764 Mozilla Information leak via XMLHttpRequest statusText (MFSA 2010-63)
CVE-2010-2764 Mozilla Information leak via XMLHttpRequest statusText (MFSA 2010-63)
Matt Haggard reported that the statusText property of an XMLHttpRequest
object is readable by the requestor even when the request is made across
origins. This status information reveals the presence of a web server and
could be used to gather information about servers on internal private
networks.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2010/mfsa2010-63.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0681 https://rhn.redhat.com/errata/RHSA-2010-0681.html
2010-02-22
Published