CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-2518 264 +Priv 2010-06-30 2010-07-01
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), allows remote attackers to gain privileges via unknown vectors. NOTE: some of these details are obtained from third party information.
2 CVE-2010-2517 2010-06-30 2010-07-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.
3 CVE-2010-2516 89 Exec Code Sql 2010-06-29 2010-06-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
4 CVE-2010-2515 89 1 Exec Code Sql 2010-06-28 2010-06-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information.
5 CVE-2010-2514 79 1 XSS 2010-06-28 2010-06-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php.
6 CVE-2010-2513 89 2 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
7 CVE-2010-2512 89 1 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
8 CVE-2010-2511 89 1 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter.
9 CVE-2010-2510 89 1 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter.
10 CVE-2010-2509 79 1 XSS 2010-06-28 2010-06-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.
11 CVE-2010-2508 89 1 Exec Code Sql 2010-06-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter.
12 CVE-2010-2507 22 2 Dir. Trav. 2010-06-28 2010-06-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
13 CVE-2010-2506 79 XSS 2010-06-28 2010-06-29
2.9
None Local Network Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter.
14 CVE-2010-2505 20 1 DoS 2010-06-28 2010-06-29
5.0
None Remote Low Not required None None Partial
Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request.
15 CVE-2010-2504 +Info 2010-06-28 2010-06-29
6.0
None Remote Medium Single system Partial Partial Partial
Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.
16 CVE-2010-2503 79 XSS 2010-06-28 2010-06-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user input," aka SPL-31085.
17 CVE-2010-2502 22 Dir. Trav. 2010-06-28 2010-06-29
7.5
None Remote Medium Single system Complete Partial Partial
Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067.
18 CVE-2010-2470 264 2010-06-28 2010-06-29
1.9
None Local Medium Not required Partial None None
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180.
19 CVE-2010-2469 255 2010-06-25 2010-06-28
5.0
None Remote Low Not required Partial None None
The Linear eMerge 50 and 5000 uses a default password of eMerge for the IEIeMerge account, which makes it easier for remote attackers to obtain Video Recorder data by establishing a session to the device.
20 CVE-2010-2468 310 2010-06-25 2012-11-05
10.0
Admin Remote Low Not required Complete Complete Complete
The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password.
21 CVE-2010-2467 255 2010-06-25 2012-11-05
5.0
None Remote Low Not required Partial None None
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests.
22 CVE-2010-2466 264 +Info 2010-06-25 2012-11-05
5.0
None Remote Low Not required Partial None None
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames.
23 CVE-2010-2465 264 2010-06-25 2010-07-13
5.0
None Remote Low Not required Partial None None
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests.
24 CVE-2010-2464 79 2 XSS 2010-06-25 2010-06-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php.
25 CVE-2010-2463 79 XSS 2010-06-25 2010-06-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action.
26 CVE-2010-2462 89 2 Exec Code Sql 2010-06-25 2010-06-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP allows remote attackers to execute arbitrary SQL commands via the id parameter in a cancel action.
27 CVE-2010-2461 89 2 Exec Code Sql 2010-06-25 2010-06-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter.
28 CVE-2010-2460 89 1 Exec Code Sql 2010-06-25 2010-06-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter.
29 CVE-2010-2459 89 2 Exec Code Sql 2010-06-25 2010-07-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter.
30 CVE-2010-2458 79 2 XSS 2010-06-25 2010-06-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter.
31 CVE-2010-2457 79 1 XSS 2010-06-25 2010-07-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in K-Search allows remote attackers to inject arbitrary web script or HTML via the term parameter.
32 CVE-2010-2456 22 2 Dir. Trav. File Inclusion 2010-06-25 2011-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate.
33 CVE-2010-2455 264 2010-06-25 2012-11-05
4.3
None Remote Medium Not required None Partial None
Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.
34 CVE-2010-2454 264 2010-06-25 2012-11-05
4.3
None Remote Medium Not required None Partial None
Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.
35 CVE-2010-2452 22 Dir. Trav. 2010-06-29 2012-11-05
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors.
36 CVE-2010-2451 134 2010-06-29 2012-11-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors.
37 CVE-2010-2444 DoS 2010-06-25 2010-06-28
4.3
None Remote Medium Not required None None Partial
parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file.
38 CVE-2010-2443 DoS 2010-06-24 2013-05-14
5.0
None Remote Low Not required None None Partial
The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.
39 CVE-2010-2442 264 2010-06-24 2010-06-25
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."
40 CVE-2010-2441 264 2010-06-24 2014-02-20
4.3
None Remote Medium Not required Partial None None
WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295.
41 CVE-2010-2440 119 1 Exec Code Overflow 2010-06-24 2010-06-25
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in st-wizard.exe in Subtitle Translation Wizard 3.0 allows user-assisted remote attackers to execute arbitrary code via a crafted SRT file with a long line after a time range. NOTE: some of these details are obtained from third party information.
42 CVE-2010-2439 119 2 Exec Code Overflow 2010-06-24 2010-06-25
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file).
43 CVE-2010-2438 89 1 Exec Code Sql 2010-06-24 2010-06-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php.
44 CVE-2010-2437 79 XSS 2010-06-24 2010-06-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php.
45 CVE-2010-2436 89 Exec Code Sql 2010-06-24 2010-06-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
46 CVE-2010-2435 20 DoS 2010-06-24 2010-06-25
5.0
None Remote Low Not required None None Partial
Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers.
47 CVE-2010-2434 119 Exec Code Overflow 2010-06-25 2010-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion.
48 CVE-2010-2433 79 XSS 2010-06-24 2010-06-24
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/.
49 CVE-2010-2432 399 DoS 2010-06-22 2013-05-14
5.0
None Remote Low Not required None None Partial
The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.
50 CVE-2010-2431 59 2010-06-22 2013-05-14
2.6
None Local High Not required None Partial Partial
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.
Total number of vulnerabilities : 492   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.