| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
3201 |
CVE-2010-1967 |
|
|
|
2010-07-15 |
2010-07-15 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors. |
|
3202 |
CVE-2010-1810 |
|
|
|
2010-09-09 |
2017-08-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. |
|
3203 |
CVE-2010-1626 |
264 |
|
|
2010-05-21 |
2018-01-04 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. |
|
3204 |
CVE-2010-1548 |
264 |
|
|
2010-05-21 |
2017-08-16 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node's title. |
|
3205 |
CVE-2010-1481 |
79 |
|
XSS |
2010-05-12 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute. |
|
3206 |
CVE-2010-1439 |
264 |
|
|
2010-06-07 |
2017-09-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file. |
|
3207 |
CVE-2010-1382 |
79 |
|
XSS |
2010-06-17 |
2010-06-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field. |
|
3208 |
CVE-2010-1381 |
16 |
|
|
2010-06-17 |
2010-06-18 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926. |
|
3209 |
CVE-2010-1183 |
59 |
|
|
2010-03-29 |
2018-10-10 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager. |
|
3210 |
CVE-2010-1172 |
264 |
|
DoS Bypass |
2010-08-20 |
2017-08-16 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services. |
|
3211 |
CVE-2010-1161 |
362 |
|
|
2010-04-16 |
2010-06-07 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. |
|
3212 |
CVE-2010-1108 |
79 |
|
XSS |
2010-03-25 |
2017-08-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors. |
|
3213 |
CVE-2010-1107 |
79 |
|
XSS |
2010-03-25 |
2017-08-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface." |
|
3214 |
CVE-2010-0997 |
79 |
|
XSS |
2010-04-20 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter. |
|
3215 |
CVE-2010-0926 |
22 |
|
Dir. Trav. |
2010-03-10 |
2010-09-09 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options. |
|
3216 |
CVE-2010-0909 |
|
|
|
2010-07-13 |
2012-10-22 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect confidentiality via unknown vectors. |
|
3217 |
CVE-2010-0895 |
|
|
|
2010-04-13 |
2017-08-16 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite OpenSolaris snv_119 allows local users to affect integrity and availability via unknown vectors related to IP Filter. |
|
3218 |
CVE-2010-0870 |
|
|
|
2010-04-13 |
2012-10-22 |
3.6 |
None |
Remote |
High |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH. |
|
3219 |
CVE-2010-0858 |
|
|
|
2010-04-13 |
2012-10-22 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors. |
|
3220 |
CVE-2010-0857 |
|
|
|
2010-04-13 |
2012-10-22 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Workflow Cartridge component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors. |
|
3221 |
CVE-2010-0828 |
79 |
|
XSS |
2010-04-05 |
2017-08-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI. |
|
3222 |
CVE-2010-0801 |
22 |
1
|
Dir. Trav. |
2010-03-02 |
2010-03-03 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to administrator/index.php. NOTE: some of these details are obtained from third party information. |
|
3223 |
CVE-2010-0789 |
59 |
|
|
2010-03-02 |
2017-08-16 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint. |
|
3224 |
CVE-2010-0733 |
189 |
|
DoS Overflow |
2010-03-19 |
2017-09-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. |
|
3225 |
CVE-2010-0716 |
79 |
|
XSS |
2010-02-26 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed. |
|
3226 |
CVE-2010-0697 |
79 |
|
XSS |
2010-02-23 |
2017-08-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file. |
|
3227 |
CVE-2010-0684 |
79 |
|
XSS |
2010-04-05 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action. |
|
3228 |
CVE-2010-0606 |
79 |
1
|
XSS |
2010-02-11 |
2010-11-03 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php. |
|
3229 |
CVE-2010-0546 |
59 |
|
|
2010-06-17 |
2010-06-17 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. |
|
3230 |
CVE-2010-0460 |
79 |
1
|
XSS |
2010-01-28 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information. |
|
3231 |
CVE-2010-0424 |
59 |
|
DoS |
2010-02-25 |
2018-01-05 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. |
|
3232 |
CVE-2010-0370 |
79 |
1
|
XSS |
2010-01-21 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title). |
|
3233 |
CVE-2010-0156 |
59 |
|
|
2010-03-03 |
2017-12-08 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file. |
|
3234 |
CVE-2010-0155 |
94 |
|
Http R.Spl. |
2010-09-14 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter. |
|
3235 |
CVE-2010-0118 |
59 |
|
|
2010-02-24 |
2018-10-10 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check. |
|
3236 |
CVE-2010-0109 |
119 |
|
DoS Overflow |
2018-02-19 |
2018-03-18 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request. |
|
3237 |
CVE-2010-0081 |
|
|
|
2010-07-13 |
2016-11-23 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2381. |
|
3238 |
CVE-2010-0014 |
287 |
|
Bypass |
2010-01-14 |
2010-01-15 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT. |
|
3239 |
CVE-2009-5082 |
59 |
|
|
2011-06-30 |
2011-07-12 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file. |
|
3240 |
CVE-2009-5081 |
59 |
|
|
2011-06-30 |
2013-12-12 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. |
|
3241 |
CVE-2009-5080 |
59 |
|
|
2011-06-30 |
2013-12-12 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. |
|
3242 |
CVE-2009-5079 |
59 |
|
|
2011-06-30 |
2013-12-12 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. |
|
3243 |
CVE-2009-5062 |
399 |
|
DoS |
2011-03-22 |
2011-03-24 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9. |
|
3244 |
CVE-2009-5060 |
|
|
DoS |
2011-03-22 |
2011-03-24 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX. |
|
3245 |
CVE-2009-5059 |
|
|
DoS |
2011-03-22 |
2011-03-24 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J. |
|
3246 |
CVE-2009-5058 |
|
|
DoS |
2011-03-22 |
2011-03-24 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is accessed through a connector, aka SPR RELS7LARKR. |
|
3247 |
CVE-2009-5055 |
264 |
|
Bypass |
2011-03-18 |
2011-03-22 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2. |
|
3248 |
CVE-2009-5044 |
59 |
|
|
2011-06-24 |
2016-03-30 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. |
|
3249 |
CVE-2009-5007 |
59 |
|
|
2010-10-14 |
2010-11-11 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. |
|
3250 |
CVE-2009-4963 |
79 |
|
XSS |
2010-07-28 |
2010-07-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
