CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11501 CVE-2010-0948 89 2 Exec Code Sql 2010-03-10 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
11502 CVE-2010-0933 22 Dir. Trav. 2010-03-05 2012-06-15
6.8
None Remote Low Single system None Complete None
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.
11503 CVE-2010-0923 362 Bypass 2010-03-03 2010-03-04
6.9
None Local Medium Not required Complete Complete Complete
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.
11504 CVE-2010-0921 352 XSS CSRF 2010-03-03 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
11505 CVE-2010-0916 2010-07-13 2012-10-22
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in Oracle OpenSolaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rdist.
11506 CVE-2010-0902 2010-07-13 2012-10-22
6.0
None Remote Medium Single system Partial Partial Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
11507 CVE-2010-0885 2010-04-13 2013-02-08
6.8
None Remote Low Single system Complete None None
Unspecified vulnerability in the Sun Java System Communications Express component in Oracle Sun Product Suite 6 2005Q4 (6.2) and and 6.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Address Book.
11508 CVE-2010-0866 2010-04-13 2012-10-22
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the JavaVM component in Oracle Database 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
11509 CVE-2010-0859 2010-04-13 2012-10-22
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 ATG RUP6 allows remote attackers to affect confidentiality and integrity via unknown vectors.
11510 CVE-2010-0832 59 1 2010-07-12 2017-08-16
6.9
Admin Local Medium Not required Complete Complete Complete
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
11511 CVE-2010-0827 189 DoS Exec Code Overflow 2010-05-07 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
11512 CVE-2010-0812 264 Bypass 2010-04-14 2018-10-30
6.4
None Remote Low Not required Partial Partial None
Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
11513 CVE-2010-0785 352 CSRF 2010-11-09 2017-08-16
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
11514 CVE-2010-0760 22 Dir. Trav. 2010-02-26 2010-03-01
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11515 CVE-2010-0757 2 Exec Code 2010-02-26 2017-08-16
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/.
11516 CVE-2010-0746 22 +Priv Dir. Trav. 2014-01-13 2014-01-14
6.2
None Local High Not required Complete Complete Complete
Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. (dot dot) sequences in the label for a pluggable storage device.
11517 CVE-2010-0739 189 Exec Code Overflow 2010-04-16 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
11518 CVE-2010-0734 264 DoS 2010-03-19 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
11519 CVE-2010-0732 362 Bypass 2010-03-19 2010-06-05
6.2
None Local High Not required Complete Complete Complete
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
11520 CVE-2010-0729 264 +Priv 2010-03-16 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call.
11521 CVE-2010-0715 2010-02-26 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string.
11522 CVE-2010-0713 352 Exec Code CSRF 2010-02-26 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/.
11523 CVE-2010-0712 89 Exec Code Sql 2010-02-26 2017-08-16
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.
11524 CVE-2010-0711 352 1 CSRF 2010-02-25 2013-07-20
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the delete action in the ma2 parameter or (2) create administrators via the update action in the ma2 parameter.
11525 CVE-2010-0709 352 2 CSRF 2010-02-25 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php.
11526 CVE-2010-0707 352 1 CSRF 2010-02-25 2017-08-16
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these details are obtained from third party information.
11527 CVE-2010-0683 Exec Code 2010-02-25 2010-02-26
6.0
None Remote Medium Single system Partial Partial Partial
Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative credentials.
11528 CVE-2010-0678 94 2 Exec Code File Inclusion 2010-02-22 2010-02-23
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter.
11529 CVE-2010-0668 2010-02-26 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.
11530 CVE-2010-0661 264 Bypass 2010-02-18 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.
11531 CVE-2010-0638 352 CSRF 2010-02-15 2010-02-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11532 CVE-2010-0637 352 CSRF 2010-02-12 2012-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests that (1) delete an event or (2) ban an IP address from posting via unknown vectors. NOTE: some of these details are obtained from third party information.
11533 CVE-2010-0625 119 DoS Exec Code Overflow 2010-04-05 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command.
11534 CVE-2010-0624 119 DoS Exec Code Overflow Mem. Corr. 2010-03-15 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
11535 CVE-2010-0562 119 DoS Exec Code Overflow 2010-02-08 2011-04-27
6.8
None Remote Medium Not required Partial Partial Partial
The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.
11536 CVE-2010-0553 119 DoS Exec Code Overflow 2010-02-04 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long NMEA data sentence.
11537 CVE-2010-0543 119 DoS Exec Code Overflow Mem. Corr. 2010-06-17 2010-06-17
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding.
11538 CVE-2010-0542 264 DoS Exec Code Mem. Corr. 2010-06-21 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.
11539 CVE-2010-0540 352 CSRF 2010-06-17 2017-09-18
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.
11540 CVE-2010-0539 189 DoS Exec Code 2010-05-21 2010-05-24
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet.
11541 CVE-2010-0538 399 DoS Exec Code 2010-05-21 2010-05-24
6.8
None Remote Medium Not required Partial Partial Partial
Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package.
11542 CVE-2010-0535 264 Bypass 2010-03-30 2010-06-21
6.5
User Remote Low Single system Partial Partial Partial
Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
11543 CVE-2010-0532 362 +Priv 2010-03-31 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
11544 CVE-2010-0520 119 DoS Exec Code Overflow 2010-03-30 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression.
11545 CVE-2010-0519 189 DoS Exec Code Overflow 2010-03-30 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.
11546 CVE-2010-0518 119 DoS Exec Code Overflow Mem. Corr. 2010-03-30 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.
11547 CVE-2010-0517 119 DoS Exec Code Overflow 2010-03-30 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation.
11548 CVE-2010-0516 119 DoS Exec Code Overflow Mem. Corr. 2010-03-30 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk.
11549 CVE-2010-0515 119 DoS Exec Code Overflow Mem. Corr. 2010-03-30 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.
11550 CVE-2010-0514 119 DoS Exec Code Overflow 2010-03-30 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.