| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
53901 |
CVE-2010-5161 |
362 |
|
Exec Code Bypass |
2012-08-25 |
2012-08-27 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. |
|
53902 |
CVE-2010-5160 |
362 |
|
Exec Code Bypass |
2012-08-25 |
2012-08-27 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. |
|
53903 |
CVE-2010-5159 |
362 |
|
Exec Code Bypass |
2012-08-25 |
2012-08-27 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. |
|
53904 |
CVE-2010-5158 |
362 |
|
Exec Code Bypass |
2012-08-25 |
2012-08-27 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Race condition in DefenseWall Personal Firewall 3.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. |
|
53905 |
CVE-2010-5157 |
362 |
|
Exec Code Bypass |
2012-08-25 |
2012-08-27 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. |
|
53906 |
CVE-2010-5156 |
362 |
|
Exec Code Bypass |
2012-08-25 |
2012-08-27 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. |
|
53907 |
CVE-2010-5155 |
362 |
|
Exec Code Bypass |
2012-08-25 |
2012-08-27 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Race condition in Blink Professional 4.6.1 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. |
|
53908 |
CVE-2010-5154 |
362 |
|
Exec Code Bypass |
2012-08-25 |
2012-08-27 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Race condition in BitDefender Total Security 2010 13.0.20.347 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. |
|
53909 |
CVE-2010-5153 |
362 |
|
Exec Code Bypass |
2012-08-25 |
2012-08-29 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. |
|
53910 |
CVE-2010-5152 |
362 |
|
Exec Code Bypass |
2012-08-25 |
2012-08-29 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. |
|
53911 |
CVE-2010-5151 |
362 |
|
Exec Code Bypass |
2012-08-25 |
2012-08-27 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. |
|
53912 |
CVE-2010-5150 |
362 |
|
Exec Code Bypass |
2012-08-25 |
2012-08-27 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. |
|
53913 |
CVE-2010-5149 |
|
|
DoS |
2012-08-23 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Websense Web Security and Web Filter before 6.3.3 Hotfix 27 and 7.x before 7.1.1 allow remote attackers to cause a denial of service (Blue Coat appliance integration outage) via a long URL. |
|
53914 |
CVE-2010-5148 |
|
|
|
2012-08-23 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session (SSL) cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. |
|
53915 |
CVE-2010-5147 |
|
|
DoS |
2012-08-23 |
2012-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Remote Filtering component in Websense Web Security and Web Filter before 6.3.3 Hotfix 18 and 7.x before 7.1.1 allows remote attackers to cause a denial of service (daemon exit) via a large volume of traffic. |
|
53916 |
CVE-2010-5146 |
264 |
|
Bypass |
2012-08-23 |
2017-08-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Remote Filtering component in Websense Web Security and Web Filter before 7.1 Hotfix 66 allows local users to bypass filtering by (1) renaming the WDC.exe file or (2) deleting driver files. |
|
53917 |
CVE-2010-5145 |
119 |
|
DoS Overflow |
2012-08-23 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 136 and 7.x before 7.1.1 on Windows allows remote attackers to cause a denial of service (filtering outage) via a crafted sequence of characters in a URI. |
|
53918 |
CVE-2010-5144 |
264 |
|
Bypass |
2012-08-23 |
2012-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header. |
|
53919 |
CVE-2010-5143 |
264 |
|
|
2012-08-22 |
2012-08-22 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
|
McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module. |
|
53920 |
CVE-2010-5142 |
264 |
|
|
2012-08-08 |
2012-08-13 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI. |
|
53921 |
CVE-2010-5140 |
119 |
|
DoS Overflow |
2012-08-06 |
2012-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees. |
|
53922 |
CVE-2010-5138 |
|
|
DoS |
2012-08-06 |
2012-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes. |
|
53923 |
CVE-2010-5137 |
|
|
DoS |
2012-08-06 |
2012-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode. |
|
53924 |
CVE-2010-5111 |
119 |
|
DoS Exec Code Overflow |
2014-06-16 |
2014-06-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted reply in the (1) TLS_readline or (2) SSL_readline function, related to the EchoPingHttps Smokeping probe. |
|
53925 |
CVE-2010-5110 |
20 |
|
DoS |
2014-08-29 |
2014-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. |
|
53926 |
CVE-2010-5107 |
|
|
DoS |
2013-03-07 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. |
|
53927 |
CVE-2010-5106 |
264 |
|
Bypass |
2012-09-14 |
2012-09-17 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role. |
|
53928 |
CVE-2010-5105 |
59 |
|
|
2014-04-27 |
2015-11-05 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103. |
|
53929 |
CVE-2010-5104 |
200 |
|
+Info |
2012-05-21 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query. |
|
53930 |
CVE-2010-5103 |
89 |
|
Exec Code Sql |
2012-05-21 |
2017-08-28 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors. |
|
53931 |
CVE-2010-5102 |
22 |
|
Dir. Trav. |
2012-05-21 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors. |
|
53932 |
CVE-2010-5101 |
22 |
|
Dir. Trav. File Inclusion |
2012-05-21 |
2017-08-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality." |
|
53933 |
CVE-2010-5100 |
79 |
|
XSS |
2012-05-21 |
2017-08-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
53934 |
CVE-2010-5099 |
20 |
1
|
Bypass File Inclusion |
2012-05-30 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php. |
|
53935 |
CVE-2010-5098 |
79 |
|
XSS |
2012-05-21 |
2017-08-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
53936 |
CVE-2010-5097 |
79 |
|
XSS |
2012-05-21 |
2017-08-28 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
53937 |
CVE-2010-5095 |
79 |
|
XSS |
2012-08-26 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination. |
|
53938 |
CVE-2010-5094 |
264 |
|
|
2012-08-26 |
2012-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing." |
|
53939 |
CVE-2010-5093 |
264 |
|
|
2012-08-26 |
2012-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user. |
|
53940 |
CVE-2010-5092 |
255 |
|
+Info |
2012-08-26 |
2012-08-27 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database. |
|
53941 |
CVE-2010-5091 |
94 |
|
Exec Code |
2012-08-26 |
2012-08-27 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file. |
|
53942 |
CVE-2010-5090 |
264 |
|
|
2012-08-26 |
2012-08-27 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security. |
|
53943 |
CVE-2010-5089 |
264 |
|
+Info |
2012-08-26 |
2012-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information. |
|
53944 |
CVE-2010-5088 |
352 |
|
CSRF |
2012-08-26 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087. |
|
53945 |
CVE-2010-5087 |
264 |
|
Bypass CSRF |
2012-08-26 |
2012-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controller. |
|
53946 |
CVE-2010-5086 |
22 |
1
|
Dir. Trav. |
2012-03-19 |
2012-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the style parameter. |
|
53947 |
CVE-2010-5085 |
352 |
|
CSRF |
2012-02-14 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/update_user in Hulihan Amethyst 0.1.5, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration. |
|
53948 |
CVE-2010-5084 |
352 |
|
CSRF |
2012-02-14 |
2012-02-15 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php. |
|
53949 |
CVE-2010-5080 |
255 |
|
|
2012-08-26 |
2012-08-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage." |
|
53950 |
CVE-2010-5079 |
310 |
|
Bypass CSRF |
2012-09-17 |
2012-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. |
