CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11301 CVE-2010-2850 22 1 Dir. Trav. 2010-07-24 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.
11302 CVE-2010-2841 DoS 2010-09-10 2010-09-13
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938.
11303 CVE-2010-2810 119 DoS Exec Code Overflow 2010-08-20 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.
11304 CVE-2010-2809 94 Exec Code 2010-08-19 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
11305 CVE-2010-2808 119 DoS Exec Code Overflow Mem. Corr. 2010-08-19 2011-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.
11306 CVE-2010-2807 189 DoS Exec Code 2010-08-19 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
11307 CVE-2010-2806 399 DoS Exec Code Overflow 2010-08-19 2011-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.
11308 CVE-2010-2805 20 DoS Exec Code 2010-08-19 2012-12-18
6.8
None Remote Medium Not required Partial Partial Partial
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
11309 CVE-2010-2799 119 Exec Code Overflow 2010-09-14 2010-09-15
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.
11310 CVE-2010-2793 362 +Priv 2010-12-08 2013-01-16
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function.
11311 CVE-2010-2789 94 Exec Code File Inclusion 2011-04-26 2011-07-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors.
11312 CVE-2010-2786 22 Dir. Trav. 2010-08-02 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request.
11313 CVE-2010-2785 Exec Code 2010-08-02 2010-09-09
6.5
None Remote Low Single system Partial Partial Partial
The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
11314 CVE-2010-2784 264 DoS +Priv 2010-08-24 2010-08-25
6.6
None Local Medium Single system Complete Complete Complete
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.
11315 CVE-2010-2772 255 +Priv 2010-07-22 2017-08-16
6.9
Admin Local Medium Not required Complete Complete Complete
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.
11316 CVE-2010-2762 264 Exec Code 2010-09-09 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.
11317 CVE-2010-2757 310 2010-08-16 2010-09-08
6.5
None Remote Low Single system Partial Partial Partial
The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.
11318 CVE-2010-2731 287 Bypass 2010-09-15 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability."
11319 CVE-2010-2713 Exec Code +Info 2010-08-05 2010-09-09
6.8
None Remote Medium Not required Partial Partial Partial
The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.
11320 CVE-2010-2712 +Priv 2010-08-30 2017-09-18
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.
11321 CVE-2010-2711 2010-08-25 2017-08-16
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors.
11322 CVE-2010-2708 DoS 2010-08-09 2010-08-09
6.1
None Local Network Low Not required None None Complete
Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors.
11323 CVE-2010-2706 DoS 2010-08-09 2010-08-09
6.1
None Local Network Low Not required None None Complete
Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors.
11324 CVE-2010-2705 +Info 2010-08-09 2010-08-09
6.1
None Local Network Low Not required Complete None None
Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via unknown vectors.
11325 CVE-2010-2695 22 Dir. Trav. 2010-07-12 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands.
11326 CVE-2010-2680 22 2 Dir. Trav. 2010-07-12 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.
11327 CVE-2010-2668 287 Bypass 2010-07-08 2018-10-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors.
11328 CVE-2010-2667 Exec Code 2010-07-22 2018-10-10
6.0
None Remote Medium Single system Partial Partial Partial
Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance.
11329 CVE-2010-2653 362 DoS 2010-10-05 2012-03-19
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by closing a Hypervisor Virtual Console device, related to the hvc_open and hvc_remove functions.
11330 CVE-2010-2635 89 Exec Code Sql 2010-11-09 2017-08-16
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages."
11331 CVE-2010-2627 22 Dir. Trav. 2010-07-02 2010-07-06
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.
11332 CVE-2010-2618 94 3 Exec Code File Inclusion 2010-07-02 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected.
11333 CVE-2010-2602 119 DoS Exec Code Overflow 2010-12-17 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Enterprise Server 5.0.0 through 5.0.2, 4.1.6, and 4.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF document.
11334 CVE-2010-2594 352 CSRF 2010-07-02 2010-07-02
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.
11335 CVE-2010-2576 94 Exec Code 2010-08-16 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407.
11336 CVE-2010-2575 119 DoS Exec Code Overflow 2010-08-30 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.
11337 CVE-2010-2555 264 DoS +Priv Mem. Corr. 2010-08-11 2018-10-30
6.8
Admin Local Low Single system Complete Complete Complete
The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
11338 CVE-2010-2554 264 +Priv 2010-08-11 2018-10-30
6.8
Admin Local Low Single system Complete Complete Complete
The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
11339 CVE-2010-2541 119 DoS Exec Code Overflow 2010-08-19 2012-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
11340 CVE-2010-2537 264 2010-09-30 2012-03-19
6.3
None Local Medium Not required None Complete Complete
The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor.
11341 CVE-2010-2527 119 DoS Exec Code Overflow 2010-08-19 2012-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
11342 CVE-2010-2519 119 DoS Exec Code Overflow 2010-08-19 2012-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.
11343 CVE-2010-2515 89 1 Exec Code Sql 2010-06-28 2010-06-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information.
11344 CVE-2010-2507 22 2 Dir. Trav. 2010-06-28 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
11345 CVE-2010-2504 +Info 2010-06-28 2010-06-29
6.0
None Remote Medium Single system Partial Partial Partial
Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.
11346 CVE-2010-2500 189 DoS Exec Code Overflow 2010-08-19 2012-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
11347 CVE-2010-2499 119 DoS Exec Code Overflow 2010-08-19 2012-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.
11348 CVE-2010-2498 399 DoS Exec Code Mem. Corr. 2010-08-19 2012-12-18
6.8
None Remote Medium Not required Partial Partial Partial
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.
11349 CVE-2010-2497 189 DoS Exec Code 2010-08-19 2012-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
11350 CVE-2010-2456 22 2 Dir. Trav. File Inclusion 2010-06-25 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.