CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5601 CVE-2010-2522 264 2010-07-13 2011-01-14
2.1
None Local Low Not required None Partial None
The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message.
5602 CVE-2010-2506 79 XSS 2010-06-28 2018-10-10
2.9
None Local Network Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter.
5603 CVE-2010-2496 287 2021-10-18 2021-10-21
2.1
None Local Low Not required Partial None None
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.
5604 CVE-2010-2431 59 2010-06-22 2013-05-15
2.6
None Local High Not required None Partial Partial
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.
5605 CVE-2010-2414 2010-10-14 2010-11-11
2.6
None Remote High Not required Partial None None
Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality via unknown vectors.
5606 CVE-2010-2403 2010-07-13 2012-10-23
2.1
None Remote High ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft and JDEdwards Suite Campus Solutions 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors.
5607 CVE-2010-2397 2010-07-13 2012-10-23
2.4
None Local High ??? Partial Partial None
Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI.
5608 CVE-2010-2322 22 Dir. Trav. 2010-06-18 2013-04-19
2.6
None Remote High Not required None Partial None
Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.
5609 CVE-2010-2242 264 Bypass 2010-08-19 2010-10-30
2.1
None Local Low Not required Partial None None
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
5610 CVE-2010-2241 264 +Info 2010-08-17 2018-10-30
2.1
None Local Low Not required Partial None None
The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts.
5611 CVE-2010-2226 200 +Info 2010-09-03 2020-08-06
2.1
None Local Low Not required Partial None None
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.
5612 CVE-2010-2224 264 +Info 2010-06-24 2013-01-15
2.1
None Local Low Not required Partial None None
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
5613 CVE-2010-2223 264 +Info 2010-06-24 2010-06-25
2.1
None Local Low Not required Partial None None
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
5614 CVE-2010-2158 79 XSS 2010-06-07 2010-06-08
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5615 CVE-2010-2157 +Info 2010-06-07 2021-04-07
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, and r12.5 SP1 on Windows allows local users to obtain sensitive information via unknown vectors.
5616 CVE-2010-2151 352 CSRF 2010-06-03 2010-06-04
2.6
None Remote High Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors.
5617 CVE-2010-2125 79 XSS 2010-06-01 2017-08-17
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute.
5618 CVE-2010-2123 79 XSS 2010-06-01 2017-08-17
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information.
5619 CVE-2010-2114 352 CSRF 2010-05-28 2010-06-01
2.6
None Remote High Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean.
5620 CVE-2010-2066 2010-09-08 2020-08-14
2.1
None Local Low Not required None Partial None
The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.
5621 CVE-2010-2058 264 2010-06-07 2017-08-17
2.1
None Local Low Not required Partial None None
setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password.
5622 CVE-2010-2038 79 1 XSS 2010-05-25 2018-10-10
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in include/tool/editing_files.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php. NOTE: some of these details are obtained from third party information.
5623 CVE-2010-2002 79 XSS 2010-05-20 2010-05-21
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list.
5624 CVE-2010-2001 79 XSS 2010-05-20 2010-05-21
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
5625 CVE-2010-2000 79 XSS 2010-05-20 2010-05-21
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358.
5626 CVE-2010-1998 79 XSS 2010-05-20 2017-08-17
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers.
5627 CVE-2010-1997 79 1 XSS 2010-05-20 2018-10-10
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter.
5628 CVE-2010-1996 79 XSS 2010-05-20 2017-08-17
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with certain creation privileges, to inject arbitrary web script or HTML via the (1) content parameter in conjunction with a /admin/poll/add PATH_INFO, the (2) meta parameter in conjunction with a /admin/category/add PATH_INFO, and the (3) keyword parameter in conjunction with a /admin/tag/add PATH_INFO.
5629 CVE-2010-1995 79 XSS 2010-05-20 2018-10-10
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the (1) title, (2) subTitle, and (3) author parameters in conjunction with a /admin/news/article/add PATH_INFO.
5630 CVE-2010-1984 79 XSS 2010-05-19 2017-08-17
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display.
5631 CVE-2010-1976 79 XSS 2010-05-19 2017-08-17
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display.
5632 CVE-2010-1958 79 XSS 2010-06-21 2017-08-17
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter).
5633 CVE-2010-1856 79 1 XSS 2010-05-07 2010-05-10
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action.
5634 CVE-2010-1796 200 +Info 2010-07-30 2017-09-19
2.6
None Remote High Not required Partial None None
The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.
5635 CVE-2010-1636 200 +Info 2010-06-08 2012-03-19
2.1
None Local Low Not required Partial None None
The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor.
5636 CVE-2010-1584 79 1 XSS 2010-05-19 2017-08-17
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description.
5637 CVE-2010-1539 79 XSS 2010-04-26 2017-08-17
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field.
5638 CVE-2010-1536 79 XSS 2010-04-26 2010-04-27
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors.
5639 CVE-2010-1530 79 XSS 2010-04-26 2010-04-27
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input.
5640 CVE-2010-1515 79 XSS 2010-06-15 2010-06-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO.
5641 CVE-2010-1488 399 DoS 2010-04-20 2012-03-19
2.1
None Local Low Not required None None Partial
The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation.
5642 CVE-2010-1487 255 +Info 2010-04-20 2017-09-19
2.1
None Local Low Not required Partial None None
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
5643 CVE-2010-1451 787 Overflow 2010-05-07 2020-08-14
2.1
None Local Low Not required None Partial None
The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent attackers to exploit stack-based buffer overflows via a crafted application.
5644 CVE-2010-1362 79 XSS 2010-04-13 2010-04-14
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page.
5645 CVE-2010-1358 79 XSS 2010-04-13 2010-04-14
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors.
5646 CVE-2010-1323 310 2010-12-02 2020-01-21
2.6
None Remote High Not required None Partial None
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.
5647 CVE-2010-1303 79 XSS 2010-04-08 2017-08-17
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.
5648 CVE-2010-1294 200 +Info 2010-05-13 2010-05-14
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors.
5649 CVE-2010-1157 200 +Info 2010-04-23 2019-03-25
2.6
None Remote High Not required Partial None None
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
5650 CVE-2010-1149 200 +Info 2010-04-12 2010-04-13
2.1
None Local Low Not required Partial None None
probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.