CVE-2010-4507
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2010-4507
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Clear iSpot和ClearSpot多个跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ISpot 2.0.0.0 R1679,ClearSpot 2.0.0.0 R1512和R1786版本中存在多个跨站请求伪造漏洞。远程攻击者可以利用这些漏洞劫持管理员认证来获得以下请求:(1)借助对webmain.cgi文件的act_cmd_result操作中的cmd参数执行任意命令的请求;(2)借助对ebmain.cgi文件的enable_remote_access act_network_set操作启动远程管理的请求;(3)借助向webmain.cgi文件的ENABLE_TELNET act_set_
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2010-4507
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2010-4507
Please Login to view more intelligence information
- https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txtx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2010-4507
Same Patch Batch · n/a · 2010-12-30 · 38 CVEs total
| CVE-2010-4158 | Linux kernel sk_run_filter函数信息泄露漏洞 | |
| CVE-2010-4637 | Finalcut feedlist/handler_image.php文件跨站脚本攻击漏洞 | |
| CVE-2010-4638 | JQuarks函数SQL注入漏洞 | |
| CVE-2010-4639 | Intendance MySource Matrix index.php文件SQL注入漏洞 | |
| CVE-2010-4640 | XWiki Watch 多个跨站脚本攻击漏洞 | |
| CVE-2010-4641 | XWiki Enterprise SQL注入漏洞 | |
| CVE-2010-4642 | XWiki跨站脚本攻击漏洞 | |
| CVE-2010-3848 | Linux kernel econet_sendmsg函数栈缓冲区错误漏洞 | |
| CVE-2010-3849 | Linux kernel econet_sendmsg函数资源管理错误漏洞 | |
| CVE-2010-3850 | Linux kernel ec_dev_ioctl函数权限许可和访问控制问题漏洞 | |
| CVE-2010-4636 | Site2Nite Business e-Listings detail.asp文件SQL注入漏洞 | |
| CVE-2010-4161 | Red Hat Enterprise Linux net/ipv4/udp.c文件资源管理错误漏洞 | |
| CVE-2010-4258 | Linux kernel kernel/exit.c文件权限许可和访问控制问题漏洞 | |
| CVE-2010-4276 | LiveZilla "livezilla"跨站脚本攻击漏洞 | |
| CVE-2010-4321 | Novell iPrint Client ienipp.ocx ActiveX控件栈缓冲区溢出漏洞 | |
| CVE-2010-4342 | Linux kernel aun_incoming函数资源管理错误漏洞 | |
| CVE-2010-4352 | D-BUS 资源管理错误漏洞 | |
| CVE-2010-4622 | IBM Tivoli Access Manager路径遍历漏洞 | |
| CVE-2010-4623 | IBM Tivoli Access Manager WebSEAL资源管理错误漏洞 | |
| CVE-2010-4627 | MyBB usercp2.php文件跨站请求伪造漏洞 |
Showing top 20 of 38 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8258
Squirrel sqstdstring.cpp validate_format stack-based overflo - CVE-2026-8252
Open5GS SMF smf_nsmf_handle_create_data_in_hsmf null pointer - CVE-2026-8251
Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qo - CVE-2026-8250
Open5GS SMF n4-build.c smf_n4_build_qos_flow_to_modify_list - CVE-2026-8249
Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qo
V. Comments for CVE-2010-4507
No comments yet