CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2010-3115 2010-08-24 2020-08-04
5.0
None Remote Low Not required None Partial None
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.
52 CVE-2010-3114 2010-08-24 2020-08-04
10.0
None Remote Low Not required Complete Complete Complete
The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors related to (1) DeleteSelectionCommand.cpp, (2) InsertLineBreakCommand.cpp, or (3) InsertParagraphSeparatorCommand.cpp in WebCore/editing/.
53 CVE-2010-3113 119 DoS Overflow Mem. Corr. 2010-08-24 2020-08-04
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController.
54 CVE-2010-3112 119 DoS Overflow Mem. Corr. 2010-08-24 2020-08-03
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
55 CVE-2010-3111 2010-08-24 2020-07-28
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897.
56 CVE-2010-3109 119 Exec Code Overflow 2010-08-23 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter.
57 CVE-2010-3108 119 Exec Code Overflow 2010-08-23 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names.
58 CVE-2010-3107 264 DoS 2010-08-23 2017-09-19
7.1
None Remote Medium Not required None None Complete
A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module.
59 CVE-2010-3106 20 DoS Exec Code Mem. Corr. 2010-08-23 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.
60 CVE-2010-3105 119 Exec Code Overflow 2010-08-23 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
61 CVE-2010-3104 22 Dir. Trav. 2010-08-21 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
62 CVE-2010-3103 22 Dir. Trav. 2010-08-21 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in FTPGetter Team FTPGetter 3.51.0.05, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
63 CVE-2010-3102 22 Dir. Trav. 2010-08-21 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in SiteDesigner Technologies, Inc. 3D-FTP Client 9.0 build 2, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
64 CVE-2010-3101 22 Dir. Trav. 2010-08-21 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
65 CVE-2010-3100 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in Porta+ FTP Client 4.1, and possibly other versions, allows remote FTP servers to overwrite arbitrary files via a directory traversal sequences in a filename.
66 CVE-2010-3099 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.
67 CVE-2010-3098 22 Dir. Trav. 2010-08-20 2010-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 and possibly earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename.
68 CVE-2010-3097 22 Dir. Trav. 2010-08-20 2010-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in WinFrigate Frigate 3 FTP client 3.36 and earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename.
69 CVE-2010-3096 22 Dir. Trav. 2010-08-20 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via "..\" (dot dot backslash) sequences in a filename.
70 CVE-2010-3065 264 2010-08-20 2010-12-10
5.0
None Remote Low Not required None Partial None
The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.
71 CVE-2010-3064 119 DoS Exec Code Overflow 2010-08-20 2010-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.
72 CVE-2010-3063 119 Overflow 2010-08-20 2010-12-07
5.0
None Remote Low Not required None Partial None
The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.
73 CVE-2010-3062 200 Overflow +Info 2010-08-20 2010-12-07
5.0
None Remote Low Not required Partial None None
mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.
74 CVE-2010-3061 DoS 2010-08-20 2010-08-23
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly trigger loss of data, via unknown vectors.
75 CVE-2010-3060 DoS 2010-08-20 2010-08-23
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors.
76 CVE-2010-3059 119 Overflow 2010-08-20 2010-08-23
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command.
77 CVE-2010-3058 399 DoS Exec Code 2010-08-20 2010-08-24
7.5
None Remote Low Not required Partial Partial Partial
The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors.
78 CVE-2010-3056 79 XSS 2010-08-24 2011-01-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.
79 CVE-2010-3055 264 Exec Code 2010-08-24 2011-01-28
7.5
None Remote Low Not required Partial Partial Partial
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
80 CVE-2010-3054 DoS 2010-08-19 2012-12-19
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.
81 CVE-2010-3053 20 DoS 2010-08-19 2021-01-26
4.3
None Remote Medium Not required None None Partial
bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.
82 CVE-2010-3035 20 DoS 2010-08-30 2017-08-17
5.0
None Remote Low Not required None None Partial
Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.
83 CVE-2010-3032 189 DoS Exec Code Overflow 2010-08-17 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.
84 CVE-2010-3031 119 DoS Exec Code Overflow 2010-08-17 2010-08-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other versions before ThinOS 6.5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the LPD service.
85 CVE-2010-3030 352 CSRF 2010-08-17 2010-08-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
86 CVE-2010-3029 89 1 Exec Code Sql 2010-08-16 2010-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in statistics.php in PHPKick 0.8 allows remote attackers to execute arbitrary SQL commands via the gameday parameter in an overview action.
87 CVE-2010-3028 264 2010-08-16 2017-08-17
3.6
None Local Low Not required Partial Partial None
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.
88 CVE-2010-3027 89 2 Exec Code Sql 2010-08-16 2010-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0.9 allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a game_player action.
89 CVE-2010-3026 352 2 CSRF 2010-08-16 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges.
90 CVE-2010-3025 79 1 XSS 2010-08-16 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit; and the (2) content parameter to application/modules/admin/controllers/pages.php, as reachable by admin/posts/edit.
91 CVE-2010-3024 352 2 CSRF 2010-08-16 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.
92 CVE-2010-3023 79 1 XSS 2010-08-16 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml.
93 CVE-2010-3022 79 XSS 2010-08-16 2017-08-17
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL.
94 CVE-2010-3021 399 DoS 2010-08-16 2017-09-19
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and application hang) via an animated PNG image.
95 CVE-2010-3020 264 2010-08-16 2017-09-19
5.0
None Remote Low Not required None Partial None
The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content.
96 CVE-2010-3019 119 DoS Exec Code Overflow 2010-08-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations.
97 CVE-2010-3015 189 DoS Overflow 2010-08-20 2018-10-10
4.7
None Local Medium Not required None None Complete
Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation.
98 CVE-2010-3014 200 +Info 2010-08-20 2018-10-10
1.2
None Local High Not required Partial None None
The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read.
99 CVE-2010-3013 89 Exec Code Sql 2010-08-16 2010-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577.
100 CVE-2010-3002 Bypass 2010-08-30 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors.
Total number of vulnerabilities : 381   Page : 1 2 (This Page)3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.