CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2010(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-1588 255 +Info 2010-02-08 2017-08-16
1.9
None Local Medium Not required Partial None None
Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file.
2 CVE-2004-2766 200 +Info 2010-01-28 2010-01-31
4.3
None Remote Medium Not required Partial None None
Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.
3 CVE-2007-6738 +Info 2010-10-19 2010-10-20
5.0
None Remote Low Not required Partial None None
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
4 CVE-2008-7261 255 +Info 2010-09-20 2010-09-21
2.1
None Local Low Not required Partial None None
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file.
5 CVE-2008-7268 200 +Info 2010-12-01 2018-10-11
5.0
None Remote Low Not required Partial None None
The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php.
6 CVE-2009-2752 310 +Info 2010-02-05 2017-08-16
1.5
None Local Medium Single system Partial None None
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
7 CVE-2009-3035 255 Exec Code +Info 2010-02-02 2017-08-16
4.3
None Local Low Single system Partial Partial Partial
The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.
8 CVE-2009-3385 264 +Info 2010-03-22 2017-09-18
7.1
None Remote Medium Not required Complete None None
The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.
9 CVE-2009-3387 264 +Info 2010-02-03 2018-10-10
5.0
None Remote Low Not required Partial None None
Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances.
10 CVE-2009-3960 +Info 2010-02-15 2017-08-15
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
11 CVE-2009-3989 264 +Info 2010-02-03 2018-10-10
4.3
None Remote Medium Not required Partial None None
Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.
12 CVE-2009-4013 22 Dir. Trav. +Info 2010-02-02 2010-02-03
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.
13 CVE-2009-4511 200 Dir. Trav. +Info 2010-04-13 2018-10-10
4.0
None Remote Low Single system Partial None None
Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Video Communication Server (VCS) before X5.1 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to (1) helppage.php or (2) user/helppage.php.
14 CVE-2009-4609 200 +Info 2010-01-13 2011-08-08
5.0
None Remote Low Not required Partial None None
The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable.
15 CVE-2009-4629 200 +Info 2010-01-29 2010-02-02
5.0
None Remote Low Not required Partial None None
Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird.
16 CVE-2009-4630 200 +Info 2010-01-29 2010-01-31
5.0
None Remote Low Not required Partial None None
Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case."
17 CVE-2009-4704 +Info 2010-03-15 2010-03-16
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
18 CVE-2009-4772 +Info 2010-04-20 2017-08-16
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors.
19 CVE-2009-4812 200 +Info 2010-04-27 2010-04-27
5.0
None Remote Low Not required Partial None None
Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message.
20 CVE-2009-4844 200 +Info 2010-05-07 2018-10-10
5.0
None Remote Low Not required Partial None None
ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request.
21 CVE-2009-4845 310 +Info 2010-05-07 2018-10-10
5.0
None Remote Low Not required Partial None None
The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields.
22 CVE-2009-4943 200 +Info 2010-07-22 2018-10-10
5.0
None Remote Low Not required Partial None None
index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via (1) a view_adrates action with an invalid uid parameter, which reveals the installation path in an error message; or (2) an adminlogin action with a crafted uid parameter, which reveals the version number.
23 CVE-2009-4951 200 +Info 2010-07-22 2010-07-23
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
24 CVE-2009-4961 200 1 +Info 2010-07-28 2017-09-18
5.0
None Remote Low Not required Partial None None
Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function.
25 CVE-2009-5032 310 +Info 2010-12-16 2017-08-16
5.8
None Remote Medium Not required Partial Partial None
The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
26 CVE-2009-5033 200 +Info 2010-12-16 2017-08-16
4.0
None Remote Low Single system Partial None None
IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data via a sync operation, related to storage of the data of multiple users within the same thread.
27 CVE-2009-5035 200 +Info 2010-12-16 2010-12-17
4.3
None Remote Medium Not required Partial None None
The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages.
28 CVE-2010-0003 200 DoS +Info 2010-01-26 2018-11-16
5.4
None Local Medium Not required Partial None Complete
The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.
29 CVE-2010-0004 200 +Info 2010-01-29 2018-08-13
5.0
None Remote Low Not required Partial None None
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
30 CVE-2010-0009 200 +Info 2010-04-05 2018-10-10
4.3
None Remote Medium Not required Partial None None
Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
31 CVE-2010-0015 255 +Info 2010-01-14 2016-12-06
7.5
None Remote Low Not required Partial Partial Partial
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.
32 CVE-2010-0023 264 +Priv +Info 2010-02-10 2018-10-12
6.9
Admin Local Medium Not required Complete Complete Complete
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
33 CVE-2010-0025 200 +Info 2010-04-14 2018-10-30
5.0
None Remote Low Not required Partial None None
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
34 CVE-2010-0041 200 +Info 2010-03-15 2017-09-18
4.3
None Remote Medium Not required Partial None None
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.
35 CVE-2010-0042 200 +Info 2010-03-15 2017-09-18
4.3
None Remote Medium Not required Partial None None
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.
36 CVE-2010-0051 20 +Info 2010-03-15 2017-09-18
4.3
None Remote Medium Not required Partial None None
WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.
37 CVE-2010-0113 255 +Info 2010-11-15 2017-08-16
4.3
None Remote Medium Not required Partial None None
The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs.
38 CVE-2010-0119 200 +Info 2010-02-24 2018-10-10
2.1
None Local Low Not required Partial None None
Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing."
39 CVE-2010-0124 255 +Info 2010-03-15 2018-10-10
2.1
None Local Low Not required Partial None None
Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
40 CVE-2010-0185 264 +Info 2010-02-03 2017-08-16
5.0
None Remote Low Not required Partial None None
The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL.
41 CVE-2010-0218 264 +Info 2010-10-05 2016-04-04
5.0
None Remote Low Not required Partial None None
ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query.
42 CVE-2010-0323 +Info 2010-01-15 2010-01-18
7.8
None Remote Low Not required Complete None None
Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
43 CVE-2010-0325 +Info 2010-01-15 2010-01-18
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
44 CVE-2010-0336 +Info 2010-01-15 2011-04-29
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
45 CVE-2010-0383 200 +Info 2010-01-25 2010-02-05
5.0
None Remote Low Not required Partial None None
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations.
46 CVE-2010-0384 200 +Info 2010-01-25 2011-04-27
2.1
None Local Low Not required Partial None None
Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files.
47 CVE-2010-0385 200 +Info 2010-01-25 2010-01-26
5.0
None Remote Low Not required Partial None None
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query.
48 CVE-2010-0434 200 +Info 2010-03-05 2018-10-30
4.3
None Remote Medium Not required Partial None None
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
49 CVE-2010-0439 59 DoS +Info 2010-03-26 2018-10-10
6.9
None Local Medium Not required Complete Complete Complete
Chip Salzenberg Deliver allows local users to cause a denial of service, obtain sensitive information, and possibly change the ownership of arbitrary files via a symlink attack on an unspecified file.
50 CVE-2010-0446 +Info 2010-02-12 2010-02-26
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability on the HP DreamScreen 100 and 130 with firmware before 1.6.0.0, when using a web-connected configuration, allows remote attackers to obtain sensitive information via unknown vectors.
Total number of vulnerabilities : 282   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.