CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3551 CVE-2010-4337 59 2011-01-14 2012-06-18
3.3
None Local Medium Not required None Partial Partial
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
3552 CVE-2010-4322 79 XSS 2011-01-07 2018-10-10
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.
3553 CVE-2010-4275 79 1 XSS 2010-12-21 2017-08-16
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php.
3554 CVE-2010-4173 59 2010-11-22 2010-11-30
3.3
None Local Medium Not required None Partial Partial
The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.
3555 CVE-2010-4020 310 +Priv 2010-12-02 2018-10-10
3.5
None Remote Medium Single system None Partial None
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
3556 CVE-2010-3797 79 XSS 2010-11-16 2010-12-10
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3557 CVE-2010-3779 264 Bypass 2010-10-06 2011-02-12
3.5
None Remote Medium Single system None Partial None
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
3558 CVE-2010-3737 399 DoS 2010-10-05 2017-09-18
3.5
None Remote Medium Single system None None Partial
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server.
3559 CVE-2010-3732 20 DoS 2010-10-05 2017-09-18
3.5
None Remote Medium Single system None None Partial
The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.
3560 CVE-2010-3691 59 2010-10-07 2011-03-01
3.3
None Local Medium Not required None Partial Partial
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
3561 CVE-2010-3659 79 XSS 2017-10-20 2017-11-07
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.
3562 CVE-2010-3586 2011-01-19 2017-08-16
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.
3563 CVE-2010-3581 2010-10-14 2010-11-11
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the BPEL Console component in Oracle Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0 allows remote authenticated users to affect integrity via unknown vectors.
3564 CVE-2010-3576 2010-10-14 2010-11-11
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver.
3565 CVE-2010-3512 2010-10-13 2010-11-11
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, related to DAV (WebDAV).
3566 CVE-2010-3508 2010-10-13 2010-11-11
3.2
None Local Low Single system Partial Partial None
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Zones.
3567 CVE-2010-3506 2010-10-13 2010-11-11
3.0
None Local Medium Single system Partial Partial None
Unspecified vulnerability in the Oracle Explorer (Sun Explorer) component in Oracle Sun Products Suite 6.4 allows local users to affect confidentiality and integrity via unknown vectors.
3568 CVE-2010-3505 2011-01-19 2017-08-16
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Folders, Files & Attachments, a different vulnerability than CVE-2010-4429.
3569 CVE-2010-3316 2011-01-24 2019-01-03
3.3
None Local Medium Not required Partial Partial None
The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
3570 CVE-2010-3303 79 XSS 2010-10-05 2013-08-26
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php.
3571 CVE-2010-3266 79 1 XSS 2010-12-02 2018-10-10
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information.
3572 CVE-2010-3196 264 DoS 2010-08-31 2017-09-18
3.5
None Remote Medium Single system None None Partial
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.
3573 CVE-2010-3093 264 Bypass 2010-09-21 2010-09-22
3.5
None Remote Medium Single system None Partial None
The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.
3574 CVE-2010-3089 79 XSS 2010-09-15 2014-02-20
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.
3575 CVE-2010-3028 264 2010-08-16 2017-08-16
3.6
None Local Low Not required Partial Partial None
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.
3576 CVE-2010-2955 189 +Info 2010-09-08 2012-03-19
3.3
None Local Network Low Not required Partial None None
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.
3577 CVE-2010-2802 79 XSS 2010-09-07 2011-01-04
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments.
3578 CVE-2010-2794 59 2010-08-30 2010-09-08
3.3
None Local Medium Not required None Partial Partial
The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.
3579 CVE-2010-2792 362 +Info 2010-08-30 2011-01-11
3.3
None Local Medium Not required Partial Partial None
Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket.
3580 CVE-2010-2698 79 1 XSS 2010-07-12 2017-08-16
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
3581 CVE-2010-2697 79 1 XSS 2010-07-12 2017-08-16
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information.
3582 CVE-2010-2535 79 XSS 2010-10-05 2010-10-05
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.
3583 CVE-2010-2474 20 +Priv 2010-08-10 2010-08-10
3.5
None Remote Medium Single system Partial None None
JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service.
3584 CVE-2010-2448 DoS 2010-07-12 2010-07-12
3.5
None Remote Medium Single system None None Partial
znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.
3585 CVE-2010-2404 2010-10-13 2010-11-11
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors related to Account.
3586 CVE-2010-2393 2010-07-13 2012-10-22
3.8
None Local High Single system None None Complete
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC.
3587 CVE-2010-2391 2010-10-13 2010-11-11
3.6
None Remote High Single system Partial Partial None
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
3588 CVE-2010-2384 2010-07-13 2012-10-22
3.2
None Local Low Single system Partial Partial None
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console.
3589 CVE-2010-2383 2010-07-13 2012-10-22
3.2
None Local Low Single system Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality and integrity, related to NFS.
3590 CVE-2010-2382 2010-07-13 2012-10-22
3.2
None Local Low Single system Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors.
3591 CVE-2010-2381 2010-07-13 2016-11-23
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0081.
3592 CVE-2010-2378 2010-07-13 2012-10-22
3.0
None Local Medium Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft and JDEdwards Suite CRM 9.0 Bundle #28 and CRM 9.1 Bundle #4 allows local users to affect confidentiality and integrity via unknown vectors.
3593 CVE-2010-2376 2010-07-13 2012-10-22
3.2
None Local Low Single system Partial Partial None
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console.
3594 CVE-2010-2374 2010-07-13 2012-10-22
3.0
None Local Medium Single system Partial Partial None
Unspecified vulnerability in Solaris Studio 12 update 1 allows local users to affect confidentiality and integrity via unknown vectors.
3595 CVE-2010-2291 264 Bypass 2010-06-15 2017-08-16
3.3
None Local Network Low Not required None Partial None
Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information.
3596 CVE-2010-2286 399 DoS 2010-06-15 2017-09-18
3.3
None Local Network Low Not required None None Partial
The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
3597 CVE-2010-2285 DoS 2010-06-15 2017-09-18
3.3
None Local Network Low Not required None None Partial
The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
3598 CVE-2010-2283 DoS 2010-06-15 2017-09-18
3.3
None Local Network Low Not required None None Partial
The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
3599 CVE-2010-2113 352 CSRF 2010-05-28 2017-08-16
3.5
None Remote Medium Single system None Partial None
Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4) mqsetup.php.
3600 CVE-2010-2080 79 XSS 2010-09-20 2017-08-16
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 4066   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 (This Page)73 74 75 76 77 78 79 80 81 82
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.