CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11451 CVE-2010-3280 200 +Info 2010-09-23 2017-08-16
6.9
None Local Network Medium Not required Complete Partial Partial
The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.
11452 CVE-2010-3278 119 Overflow +Priv 2010-09-10 2010-09-13
6.9
None Local Medium Not required Complete Complete Complete
Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 allow local users to gain privileges via unspecified vectors. NOTE: this might overlap CVE-2010-3110.
11453 CVE-2010-3271 352 1 CSRF 2011-07-18 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.
11454 CVE-2010-3270 119 Exec Code Overflow 2011-02-02 2018-10-10
6.8
None Remote High Multiple systems Complete Complete Complete
Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed.
11455 CVE-2010-3267 89 1 Exec Code Sql 2010-12-02 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information.
11456 CVE-2010-3260 264 2011-04-26 2011-07-19
6.4
None Remote Low Not required Partial Partial None
oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaration in conjunction with an entity reference, related to an "XML injection" issue.
11457 CVE-2010-3213 352 1 CSRF 2010-09-07 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
11458 CVE-2010-3207 89 2 Exec Code Sql 2010-09-03 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the album_id parameter. NOTE: some of these details are obtained from third party information.
11459 CVE-2010-3182 +Priv 2010-10-21 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
11460 CVE-2010-3181 +Priv 2010-10-21 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.
11461 CVE-2010-3165 +Priv 2010-10-25 2010-10-27
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and earlier, OuiEditor 1.6.1.1 and earlier, UnEditor 1.10.1.2 and earlier, DeuxEditor 1.7.1.2 and earlier, SQLEditorXP 3.14.1.2 and earlier, SQLEditorTE 1.9.1.3 and earlier, SQLEditor8 3.8.1.2 and earlier, and SQLEditorClassic 1.8.1.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.
11462 CVE-2010-3164 +Priv 2010-10-25 2017-08-16
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and earlier and Grani 4.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.
11463 CVE-2010-3163 +Priv 2010-10-25 2010-10-27
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Fenrir Sleipnir before 2.9.5 and Grani before 4.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
11464 CVE-2010-3162 +Priv 2010-10-25 2010-10-28
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Apsaly before 3.74 allows local users to gain privileges via a Trojan horse executable file in the current working directory.
11465 CVE-2010-3161 +Priv 2010-10-25 2010-10-27
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in TeraPad before 1.00 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
11466 CVE-2010-3160 +Priv 2010-10-25 2010-10-27
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Archive Decoder 1.23 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.
11467 CVE-2010-3159 +Priv 2010-10-25 2017-11-22
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.
11468 CVE-2010-3158 +Priv 2010-10-19 2017-08-16
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse executable file in the current working directory.
11469 CVE-2010-3156 +Priv 2010-10-25 2010-10-28
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows local users to gain privileges via a Trojan horse executable file in the current working directory.
11470 CVE-2010-3087 119 DoS Exec Code Overflow Mem. Corr. 2010-09-28 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.
11471 CVE-2010-3064 119 DoS Exec Code Overflow 2010-08-20 2010-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.
11472 CVE-2010-3050 20 DoS 2017-09-25 2017-10-03
6.8
None Remote Low Single system None None Complete
Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).
11473 CVE-2010-3039 78 Exec Code 2010-11-09 2018-10-10
6.8
None Local Low Single system Complete Complete Complete
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.
11474 CVE-2010-3030 352 CSRF 2010-08-17 2010-08-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11475 CVE-2010-3024 352 2 CSRF 2010-08-16 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.
11476 CVE-2010-3005 +Priv 2010-09-08 2010-09-10
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors.
11477 CVE-2010-2973 264 1 Overflow +Priv 2010-08-05 2010-08-18
6.9
Admin Local Medium Not required Complete Complete Complete
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
11478 CVE-2010-2963 20 +Priv 2010-11-26 2012-03-19
6.2
None Local High Not required Complete Complete Complete
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.
11479 CVE-2010-2961 362 +Priv 2010-09-14 2010-09-15
6.9
None Local Medium Not required Complete Complete Complete
mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.
11480 CVE-2010-2956 +Priv 2010-09-10 2018-10-10
6.2
None Local High Not required Complete Complete Complete
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
11481 CVE-2010-2953 +Priv 2010-09-14 2010-09-14
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory.
11482 CVE-2010-2950 134 Exec Code +Info 2010-09-28 2011-05-03
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
11483 CVE-2010-2948 119 DoS Exec Code Overflow 2010-09-10 2018-01-05
6.5
None Remote Low Single system Partial Partial Partial
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.
11484 CVE-2010-2945 16 +Priv 2010-08-30 2010-08-31
6.9
None Local Medium Not required Complete Complete Complete
The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.
11485 CVE-2010-2920 22 2 Dir. Trav. 2010-07-30 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
11486 CVE-2010-2857 22 2 Dir. Trav. 2010-07-24 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.
11487 CVE-2010-2855 89 Exec Code Sql 2010-07-24 2010-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) YourEmail and (2) VerificationNumber parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11488 CVE-2010-2850 22 1 Dir. Trav. 2010-07-24 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.
11489 CVE-2010-2841 DoS 2010-09-10 2010-09-13
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938.
11490 CVE-2010-2810 119 DoS Exec Code Overflow 2010-08-20 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.
11491 CVE-2010-2809 94 Exec Code 2010-08-19 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
11492 CVE-2010-2808 119 DoS Exec Code Overflow Mem. Corr. 2010-08-19 2011-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.
11493 CVE-2010-2807 189 DoS Exec Code 2010-08-19 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
11494 CVE-2010-2806 399 DoS Exec Code Overflow 2010-08-19 2011-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.
11495 CVE-2010-2805 20 DoS Exec Code 2010-08-19 2012-12-18
6.8
None Remote Medium Not required Partial Partial Partial
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
11496 CVE-2010-2799 119 Exec Code Overflow 2010-09-14 2010-09-15
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.
11497 CVE-2010-2793 362 +Priv 2010-12-08 2013-01-16
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function.
11498 CVE-2010-2789 94 Exec Code File Inclusion 2011-04-26 2011-07-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors.
11499 CVE-2010-2786 22 Dir. Trav. 2010-08-02 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request.
11500 CVE-2010-2785 Exec Code 2010-08-02 2010-09-09
6.5
None Remote Low Single system Partial Partial Partial
The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.