# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
55101 |
CVE-2010-2717 |
79 |
|
XSS |
2010-07-13 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in manager/login.php in CruxSoftware CruxCMS 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the txtusername parameter. |
55102 |
CVE-2010-2715 |
79 |
1
|
XSS |
2010-07-13 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter. |
55103 |
CVE-2010-2713 |
|
|
Exec Code +Info |
2010-08-05 |
2010-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. |
55104 |
CVE-2010-2712 |
|
|
+Priv |
2010-08-30 |
2017-09-18 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors. |
55105 |
CVE-2010-2711 |
|
|
|
2010-08-25 |
2017-08-16 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors. |
55106 |
CVE-2010-2708 |
|
|
DoS |
2010-08-09 |
2019-10-09 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors. |
55107 |
CVE-2010-2706 |
|
|
DoS |
2010-08-09 |
2019-10-09 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors. |
55108 |
CVE-2010-2705 |
|
|
+Info |
2010-08-09 |
2019-10-09 |
6.1 |
None |
Local Network |
Low |
Not required |
Complete |
None |
None |
Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via unknown vectors. |
55109 |
CVE-2010-2700 |
79 |
1
|
XSS |
2010-07-12 |
2010-07-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to inject arbitrary web script or HTML via the search parameter. |
55110 |
CVE-2010-2698 |
79 |
1
|
XSS |
2010-07-12 |
2017-08-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
55111 |
CVE-2010-2697 |
79 |
1
|
XSS |
2010-07-12 |
2017-08-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information. |
55112 |
CVE-2010-2695 |
22 |
|
Dir. Trav. |
2010-07-12 |
2018-10-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands. |
55113 |
CVE-2010-2692 |
79 |
1
|
XSS |
2010-07-12 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment. |
55114 |
CVE-2010-2680 |
22 |
2
|
Dir. Trav. |
2010-07-12 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. |
55115 |
CVE-2010-2677 |
94 |
2
|
Exec Code File Inclusion |
2010-07-08 |
2017-08-16 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information. |
55116 |
CVE-2010-2676 |
22 |
2
|
Dir. Trav. |
2010-07-08 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters. |
55117 |
CVE-2010-2675 |
79 |
2
|
XSS |
2010-07-08 |
2010-07-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action. |
55118 |
CVE-2010-2671 |
79 |
|
XSS |
2010-07-08 |
2010-07-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter. |
55119 |
CVE-2010-2669 |
79 |
|
XSS |
2010-07-08 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
55120 |
CVE-2010-2668 |
287 |
|
Bypass |
2010-07-08 |
2018-10-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors. |
55121 |
CVE-2010-2667 |
|
|
Exec Code |
2010-07-22 |
2018-10-10 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance. |
55122 |
CVE-2010-2665 |
79 |
|
XSS |
2010-07-08 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site." |
55123 |
CVE-2010-2664 |
|
|
DoS |
2010-07-08 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning. |
55124 |
CVE-2010-2663 |
|
|
DoS |
2010-07-08 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element. |
55125 |
CVE-2010-2662 |
264 |
|
Bypass |
2010-07-08 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click." |
55126 |
CVE-2010-2661 |
264 |
|
+Info |
2010-07-08 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. |
55127 |
CVE-2010-2660 |
264 |
|
|
2010-07-08 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. |
55128 |
CVE-2010-2659 |
200 |
|
+Info |
2010-07-08 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site. |
55129 |
CVE-2010-2658 |
20 |
|
|
2010-07-08 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site. |
55130 |
CVE-2010-2656 |
264 |
1
|
|
2010-07-08 |
2010-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz. |
55131 |
CVE-2010-2655 |
22 |
1
|
Dir. Trav. |
2010-07-08 |
2010-07-20 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter. |
55132 |
CVE-2010-2654 |
79 |
1
|
XSS |
2010-07-08 |
2010-07-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php. |
55133 |
CVE-2010-2653 |
362 |
|
DoS |
2010-10-05 |
2012-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by closing a Hypervisor Virtual Console device, related to the hvc_open and hvc_remove functions. |
55134 |
CVE-2010-2652 |
|
|
DoS |
2010-07-06 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors. |
55135 |
CVE-2010-2649 |
|
|
DoS |
2010-07-06 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image. |
55136 |
CVE-2010-2645 |
119 |
|
DoS Overflow |
2010-07-06 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors. |
55137 |
CVE-2010-2644 |
264 |
|
|
2010-12-22 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface. |
55138 |
CVE-2010-2639 |
200 |
|
+Info |
2010-12-06 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues." |
55139 |
CVE-2010-2638 |
399 |
|
DoS |
2010-11-15 |
2017-08-16 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value. |
55140 |
CVE-2010-2637 |
310 |
|
+Info |
2010-11-12 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. |
55141 |
CVE-2010-2636 |
79 |
|
XSS |
2010-11-09 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. |
55142 |
CVE-2010-2635 |
89 |
|
Exec Code Sql |
2010-11-09 |
2017-08-16 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages." |
55143 |
CVE-2010-2634 |
|
|
DoS |
2010-08-10 |
2018-10-10 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
RSA enVision before 3.7 SP1 allows remote authenticated users to cause a denial of service via unspecified vectors. |
55144 |
CVE-2010-2631 |
20 |
|
DoS |
2010-07-06 |
2013-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. |
55145 |
CVE-2010-2630 |
20 |
|
DoS |
2010-07-06 |
2013-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. |
55146 |
CVE-2010-2627 |
22 |
|
Dir. Trav. |
2010-07-02 |
2010-07-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL. |
55147 |
CVE-2010-2621 |
20 |
|
DoS |
2010-07-02 |
2013-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. |
55148 |
CVE-2010-2619 |
|
|
DoS |
2010-07-02 |
2010-07-06 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags." |
55149 |
CVE-2010-2618 |
94 |
3
|
Exec Code File Inclusion |
2010-07-02 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected. |
55150 |
CVE-2010-2617 |
79 |
1
|
XSS |
2010-07-02 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter. |