CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10501 CVE-2010-3120 119 DoS Overflow Mem. Corr. 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
10502 CVE-2010-3119 119 DoS Overflow Mem. Corr. 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
10503 CVE-2010-3117 DoS 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors.
10504 CVE-2010-3116 399 DoS Exec Code 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.
10505 CVE-2010-3115 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.
10506 CVE-2010-3114 399 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors related to (1) DeleteSelectionCommand.cpp, (2) InsertLineBreakCommand.cpp, or (3) InsertParagraphSeparatorCommand.cpp in WebCore/editing/.
10507 CVE-2010-3113 119 DoS Overflow Mem. Corr. 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController.
10508 CVE-2010-3112 119 DoS Overflow Mem. Corr. 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
10509 CVE-2010-3111 2010-08-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897.
10510 CVE-2010-3109 119 Exec Code Overflow 2010-08-23 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter.
10511 CVE-2010-3108 119 Exec Code Overflow 2010-08-23 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names.
10512 CVE-2010-3106 20 DoS Exec Code Mem. Corr. 2010-08-23 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.
10513 CVE-2010-3105 119 Exec Code Overflow 2010-08-23 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
10514 CVE-2010-3104 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
10515 CVE-2010-3103 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in FTPGetter Team FTPGetter 3.51.0.05, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
10516 CVE-2010-3102 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in SiteDesigner Technologies, Inc. 3D-FTP Client 9.0 build 2, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
10517 CVE-2010-3101 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
10518 CVE-2010-3100 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in Porta+ FTP Client 4.1, and possibly other versions, allows remote FTP servers to overwrite arbitrary files via a directory traversal sequences in a filename.
10519 CVE-2010-3099 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.
10520 CVE-2010-3098 22 Dir. Trav. 2010-08-20 2010-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 and possibly earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename.
10521 CVE-2010-3097 22 Dir. Trav. 2010-08-20 2010-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in WinFrigate Frigate 3 FTP client 3.36 and earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename.
10522 CVE-2010-3096 22 Dir. Trav. 2010-08-20 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via "..\" (dot dot backslash) sequences in a filename.
10523 CVE-2010-3085 94 Exec Code 2010-10-12 2010-10-13
10.0
None Remote Low Not required Complete Complete Complete
The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues.
10524 CVE-2010-3044 119 DoS Exec Code Overflow 2011-02-02 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043.
10525 CVE-2010-3043 119 DoS Exec Code Overflow 2011-02-02 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044.
10526 CVE-2010-3042 119 DoS Exec Code Overflow 2011-02-02 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044.
10527 CVE-2010-3041 119 DoS Exec Code Overflow 2011-02-02 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3042, CVE-2010-3043, and CVE-2010-3044.
10528 CVE-2010-3040 119 Exec Code Overflow 2010-11-09 2010-11-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164.
10529 CVE-2010-3038 255 2010-11-22 2010-12-10
10.0
None Remote Low Not required Complete Complete Complete
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.
10530 CVE-2010-3036 119 Exec Code Overflow 2010-10-29 2010-11-06
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.
10531 CVE-2010-3033 264 Bypass 2010-09-10 2010-09-13
9.0
None Remote Low Single system Complete Complete Complete
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843.
10532 CVE-2010-3032 189 DoS Exec Code Overflow 2010-08-17 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.
10533 CVE-2010-3031 119 DoS Exec Code Overflow 2010-08-17 2010-08-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other versions before ThinOS 6.5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the LPD service.
10534 CVE-2010-3019 119 DoS Exec Code Overflow 2010-08-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations.
10535 CVE-2010-3009 +Priv +Info 2010-09-15 2010-09-16
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors.
10536 CVE-2010-3002 Bypass 2010-08-30 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors.
10537 CVE-2010-3001 2010-08-30 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."
10538 CVE-2010-3000 189 Exec Code Overflow 2010-08-30 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
10539 CVE-2010-2999 189 DoS Exec Code Overflow Mem. Corr. 2010-12-14 2011-01-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed MLLT atom in an AAC file.
10540 CVE-2010-2998 20 Exec Code 2010-10-18 2010-10-19
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue.
10541 CVE-2010-2997 399 DoS Exec Code Mem. Corr. 2010-12-14 2011-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted StreamTitle tag in an ICY SHOUTcast stream, related to the SMIL file format.
10542 CVE-2010-2996 94 Exec Code 2010-08-30 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.
10543 CVE-2010-2995 189 DoS Exec Code Overflow 2010-08-13 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.
10544 CVE-2010-2994 119 Overflow 2010-08-13 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.
10545 CVE-2010-2991 94 DoS Exec Code Mem. Corr. 2010-08-11 2010-08-12
9.3
Admin Remote Medium Not required Complete Complete Complete
The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file.
10546 CVE-2010-2990 119 Exec Code Overflow 2010-08-11 2018-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.
10547 CVE-2010-2984 Bypass 2010-08-10 2010-08-10
10.0
None Remote Low Not required Complete Complete Complete
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305.
10548 CVE-2010-2978 310 Bypass 2010-08-10 2010-08-10
10.0
None Remote Low Not required Complete Complete Complete
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660.
10549 CVE-2010-2977 16 2010-08-10 2010-08-10
10.0
None Remote Low Not required Complete Complete Complete
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611.
10550 CVE-2010-2976 255 2010-08-10 2010-08-10
10.0
Admin Remote Low Not required Complete Complete Complete
The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.