CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6551 CVE-2010-3505 2011-01-19 2017-08-17
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Folders, Files & Attachments, a different vulnerability than CVE-2010-4429.
6552 CVE-2010-3440 494 2019-11-12 2019-11-14
3.3
None Local Medium Not required None Partial Partial
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.
6553 CVE-2010-3316 2011-01-24 2019-01-03
3.3
None Local Medium Not required Partial Partial None
The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
6554 CVE-2010-3303 79 XSS 2010-10-05 2013-08-27
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php.
6555 CVE-2010-3266 79 1 XSS 2010-12-02 2018-10-10
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information.
6556 CVE-2010-3196 264 DoS 2010-08-31 2017-09-19
3.5
None Remote Medium ??? None None Partial
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.
6557 CVE-2010-3095 59 2019-11-12 2019-11-15
3.3
None Local Medium Not required None Partial Partial
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313.
6558 CVE-2010-3093 264 Bypass 2010-09-21 2010-09-22
3.5
None Remote Medium ??? None Partial None
The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.
6559 CVE-2010-3089 79 XSS 2010-09-15 2014-02-21
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.
6560 CVE-2010-3028 264 2010-08-16 2017-08-17
3.6
None Local Low Not required Partial Partial None
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.
6561 CVE-2010-2802 79 XSS 2010-09-07 2011-01-04
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments.
6562 CVE-2010-2794 59 2010-08-30 2010-09-08
3.3
None Local Medium Not required None Partial Partial
The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.
6563 CVE-2010-2792 362 +Info 2010-08-30 2011-01-11
3.3
None Local Medium Not required Partial Partial None
Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket.
6564 CVE-2010-2698 79 1 XSS 2010-07-12 2017-08-17
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
6565 CVE-2010-2697 79 1 XSS 2010-07-12 2017-08-17
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information.
6566 CVE-2010-2535 79 XSS 2010-10-05 2010-10-05
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.
6567 CVE-2010-2474 20 +Priv 2010-08-10 2010-08-10
3.5
None Remote Medium ??? Partial None None
JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service.
6568 CVE-2010-2473 20 2019-11-07 2019-11-13
3.5
None Remote Medium ??? None Partial None
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
6569 CVE-2010-2472 79 XSS 2019-11-07 2019-11-13
3.5
None Remote Medium ??? None Partial None
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.
6570 CVE-2010-2448 DoS 2010-07-12 2010-07-12
3.5
None Remote Medium ??? None None Partial
znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.
6571 CVE-2010-2404 2010-10-14 2010-11-11
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors related to Account.
6572 CVE-2010-2393 2010-07-13 2012-10-23
3.8
None Local High ??? None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC.
6573 CVE-2010-2391 2010-10-14 2010-11-11
3.6
None Remote High ??? Partial Partial None
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
6574 CVE-2010-2384 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console.
6575 CVE-2010-2383 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality and integrity, related to NFS.
6576 CVE-2010-2382 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors.
6577 CVE-2010-2381 2010-07-13 2016-11-23
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0081.
6578 CVE-2010-2378 2010-07-13 2012-10-23
3.0
None Local Medium ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft and JDEdwards Suite CRM 9.0 Bundle #28 and CRM 9.1 Bundle #4 allows local users to affect confidentiality and integrity via unknown vectors.
6579 CVE-2010-2376 2010-07-13 2012-10-23
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console.
6580 CVE-2010-2374 2010-07-13 2012-10-23
3.0
None Local Medium ??? Partial Partial None
Unspecified vulnerability in Solaris Studio 12 update 1 allows local users to affect confidentiality and integrity via unknown vectors.
6581 CVE-2010-2291 264 Bypass 2010-06-15 2017-08-17
3.3
None Local Network Low Not required None Partial None
Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information.
6582 CVE-2010-2286 399 DoS 2010-06-15 2017-09-19
3.3
None Local Network Low Not required None None Partial
The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
6583 CVE-2010-2285 DoS 2010-06-15 2017-09-19
3.3
None Local Network Low Not required None None Partial
The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
6584 CVE-2010-2283 DoS 2010-06-15 2017-09-19
3.3
None Local Network Low Not required None None Partial
The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
6585 CVE-2010-2113 352 CSRF 2010-05-28 2017-08-17
3.5
None Remote Medium ??? None Partial None
Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4) mqsetup.php.
6586 CVE-2010-2080 79 XSS 2010-09-20 2017-08-17
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
6587 CVE-2010-2072 310 DoS +Info 2010-06-16 2017-08-17
3.6
None Local Low Not required Partial None Partial
Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information.
6588 CVE-2010-2064 59 +Priv 2019-10-29 2019-11-05
3.6
None Local Low Not required Partial Partial None
rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.
6589 CVE-2010-2056 59 2010-07-22 2010-07-22
3.3
None Local Medium Not required None Partial Partial
GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
6590 CVE-2010-2053 59 2010-06-07 2017-08-17
3.3
None Local Medium Not required None Partial Partial
emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file.
6591 CVE-2010-2048 79 XSS 2010-05-25 2017-08-17
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
6592 CVE-2010-2022 264 2010-05-28 2010-06-01
3.3
None Local Medium Not required Partial Partial None
jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations.
6593 CVE-2010-2008 77 DoS 2010-07-13 2020-11-09
3.5
None Remote Medium ??? None None Partial
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
6594 CVE-2010-1967 2010-07-15 2019-10-09
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors.
6595 CVE-2010-1810 2010-09-09 2017-08-17
3.5
None Remote Medium ??? None Partial None
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
6596 CVE-2010-1626 264 2010-05-21 2019-12-17
3.6
None Local Low Not required None Partial Partial
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
6597 CVE-2010-1548 264 2010-05-21 2017-08-17
3.5
None Remote Medium ??? Partial None None
The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node's title.
6598 CVE-2010-1481 79 XSS 2010-05-12 2018-10-10
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.
6599 CVE-2010-1439 264 2010-06-07 2017-09-19
3.6
None Local Low Not required Partial Partial None
yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.
6600 CVE-2010-1382 79 XSS 2010-06-17 2010-06-18
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.