CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6501 CVE-2011-0702 59 2011-02-14 2020-02-27
3.3
None Local Medium Not required None Partial Partial
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
6502 CVE-2011-0700 79 XSS 2011-03-14 2017-11-21
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box.
6503 CVE-2011-0543 264 Bypass 2011-09-02 2014-02-12
3.3
None Local Medium Not required None Partial Partial
Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.
6504 CVE-2011-0542 264 2011-09-02 2011-09-05
3.3
None Local Medium Not required None Partial Partial
fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.
6505 CVE-2011-0541 59 2011-09-02 2014-02-12
3.3
None Local Medium Not required None Partial Partial
fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.
6506 CVE-2011-0442 310 +Info 2011-03-16 2018-10-09
3.5
None Remote Medium ??? Partial None None
The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network.
6507 CVE-2011-0345 22 Dir. Trav. 2011-03-08 2018-10-10
3.3
None Local Network Low Not required Partial None None
Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.
6508 CVE-2011-0311 119 DoS Overflow 2011-09-02 2017-08-17
3.5
None Remote Medium ??? None None Partial
The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.
6509 CVE-2011-0012 59 2011-04-18 2011-04-18
3.3
None Local Medium Not required None Partial Partial
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.
6510 CVE-2011-0007 59 2011-01-11 2017-08-17
3.3
None Local Medium Not required None Partial Partial
pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent.
6511 CVE-2010-5105 59 2014-04-27 2015-11-05
3.3
None Local Medium Not required None Partial Partial
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.
6512 CVE-2010-5100 79 XSS 2012-05-21 2017-08-29
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
6513 CVE-2010-5098 79 XSS 2012-05-21 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
6514 CVE-2010-4819 20 DoS 2012-09-05 2012-09-13
3.6
None Local Low Not required Partial None Partial
The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."
6515 CVE-2010-4817 59 2019-11-13 2019-11-25
3.6
None Local Low Not required None Partial Partial
pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.
6516 CVE-2010-4813 79 XSS 2011-07-08 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.
6517 CVE-2010-4807 362 DoS Overflow 2011-05-26 2011-07-13
3.5
None Remote Medium ??? None None Partial
Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception.
6518 CVE-2010-4762 79 XSS 2011-03-18 2011-03-22
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface.
6519 CVE-2010-4760 200 +Info 2011-03-18 2011-03-22
3.5
None Remote Medium ??? Partial None None
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.
6520 CVE-2010-4648 2012-06-21 2012-06-26
3.3
None Local Network Low Not required Partial None None
The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames.
6521 CVE-2010-4644 399 DoS 2011-01-07 2017-08-17
3.5
None Remote Medium ??? None None Partial
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
6522 CVE-2010-4624 264 Bypass 2010-12-30 2017-08-17
3.5
None Remote Medium ??? None Partial None
MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.
6523 CVE-2010-4547 264 Bypass 2010-12-16 2010-12-17
3.5
None Remote Medium ??? None Partial None
IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain.
6524 CVE-2010-4460 2011-01-19 2017-08-17
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon.
6525 CVE-2010-4450 2011-02-17 2018-10-30
3.7
None Local High Not required Partial Partial Partial
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.
6526 CVE-2010-4432 2011-01-19 2017-08-17
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle Transportation Manager component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure.
6527 CVE-2010-4429 2011-01-19 2017-08-17
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-3505.
6528 CVE-2010-4427 2011-01-19 2017-08-17
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server.
6529 CVE-2010-4425 2011-01-19 2017-08-17
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2, 10.1.3.4.0, and 10.1.3.4.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Server.
6530 CVE-2010-4420 2011-01-19 2017-08-17
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows local users to affect confidentiality and integrity via unknown vectors.
6531 CVE-2010-4355 79 XSS 2010-12-01 2017-08-17
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the select_single parameter.
6532 CVE-2010-4337 59 2011-01-14 2012-06-19
3.3
None Local Medium Not required None Partial Partial
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
6533 CVE-2010-4322 79 XSS 2011-01-07 2018-10-10
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.
6534 CVE-2010-4275 79 1 XSS 2010-12-22 2017-08-17
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php.
6535 CVE-2010-4173 59 2010-11-22 2010-11-30
3.3
None Local Medium Not required None Partial Partial
The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.
6536 CVE-2010-4020 310 +Priv 2010-12-02 2020-01-21
3.5
None Remote Medium ??? None Partial None
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
6537 CVE-2010-3797 79 XSS 2010-11-16 2010-12-10
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
6538 CVE-2010-3779 264 Bypass 2010-10-06 2011-02-12
3.5
None Remote Medium ??? None Partial None
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
6539 CVE-2010-3737 399 DoS 2010-10-05 2017-09-19
3.5
None Remote Medium ??? None None Partial
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server.
6540 CVE-2010-3732 20 DoS 2010-10-05 2017-09-19
3.5
None Remote Medium ??? None None Partial
The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.
6541 CVE-2010-3691 59 2010-10-07 2019-12-30
3.3
None Local Medium Not required None Partial Partial
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
6542 CVE-2010-3665 79 XSS 2019-11-04 2019-11-05
3.5
None Remote Medium ??? None Partial None
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
6543 CVE-2010-3660 79 XSS 2019-11-01 2019-11-05
3.5
None Remote Medium ??? None Partial None
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.
6544 CVE-2010-3659 79 XSS 2017-10-20 2017-11-07
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.
6545 CVE-2010-3586 2011-01-19 2017-08-17
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.
6546 CVE-2010-3581 2010-10-14 2010-11-11
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the BPEL Console component in Oracle Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0 allows remote authenticated users to affect integrity via unknown vectors.
6547 CVE-2010-3576 2010-10-14 2010-11-11
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver.
6548 CVE-2010-3512 2010-10-14 2010-11-11
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, related to DAV (WebDAV).
6549 CVE-2010-3508 2010-10-14 2010-11-11
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Zones.
6550 CVE-2010-3506 2010-10-14 2010-11-11
3.0
None Local Medium ??? Partial Partial None
Unspecified vulnerability in the Oracle Explorer (Sun Explorer) component in Oracle Sun Products Suite 6.4 allows local users to affect confidentiality and integrity via unknown vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.