CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2010-2263 200 2 +Info 2010-06-15 2021-11-10
5.0
None Remote Low Not required Partial None None
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
152 CVE-2010-2262 20 DoS 2010-06-10 2017-08-17
5.0
None Remote Low Not required None None Partial
Galileo Students Team Weborf before 0.12.1 allows remote attackers to cause a denial of service (crash) via a crafted Range header.
153 CVE-2010-2261 94 Exec Code 2010-06-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
154 CVE-2010-2260 79 2 XSS 2010-06-09 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design Bandwidth Meter, 0.72 and possibly 1.2, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) view_by_name.php or (2) view_by_ip.php in admin/. NOTE: some sources report that the affected product is ShaPlus Bandwidth Meter, but this is incorrect.
155 CVE-2010-2259 22 2 Dir. Trav. 2010-06-09 2010-06-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
156 CVE-2010-2258 79 1 XSS 2010-06-09 2017-11-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in signupconfirm.php in phpBannerExchange 1.2 Arabic allows remote attackers to inject arbitrary web script or HTML via the bannerurl parameter.
157 CVE-2010-2257 89 2 Exec Code Sql 2010-06-09 2010-06-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index_ie.php in Pay Per Minute Video Chat Script 2.0 and 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
158 CVE-2010-2256 79 2 XSS 2010-06-09 2010-06-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/memberviewdetails.php and the (2) model parameter to videos.php.
159 CVE-2010-2255 89 1 Exec Code Sql 2010-06-09 2010-06-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information.
160 CVE-2010-2254 89 2 Exec Code Sql 2010-06-09 2010-06-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
161 CVE-2010-2249 401 DoS 2010-06-30 2020-08-14
4.3
None Remote Medium Not required None None Partial
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
162 CVE-2010-2231 352 CSRF 2010-06-28 2020-12-01
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.
163 CVE-2010-2230 79 XSS 2010-06-28 2020-12-01
4.0
None Remote Low ??? None Partial None
The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.
164 CVE-2010-2229 79 XSS 2010-06-28 2020-12-01
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
165 CVE-2010-2228 79 XSS 2010-06-28 2020-12-01
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.
166 CVE-2010-2225 399 Exec Code +Info 2010-06-24 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.
167 CVE-2010-2224 264 +Info 2010-06-24 2013-01-15
2.1
None Local Low Not required Partial None None
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
168 CVE-2010-2223 264 +Info 2010-06-24 2010-06-25
2.1
None Local Low Not required Partial None None
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
169 CVE-2010-2212 119 DoS Exec Code Overflow Mem. Corr. 2010-06-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211.
170 CVE-2010-2211 119 DoS Exec Code Overflow Mem. Corr. 2010-06-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212.
171 CVE-2010-2210 119 DoS Exec Code Overflow Mem. Corr. 2010-06-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212.
172 CVE-2010-2209 119 DoS Exec Code Overflow Mem. Corr. 2010-06-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.
173 CVE-2010-2208 94 Exec Code 2010-06-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors.
174 CVE-2010-2207 119 DoS Exec Code Overflow Mem. Corr. 2010-06-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.
175 CVE-2010-2206 189 Exec Code Overflow Bypass 2010-06-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.
176 CVE-2010-2205 94 Exec Code 2010-06-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors.
177 CVE-2010-2204 DoS Exec Code 2010-06-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
178 CVE-2010-2203 119 DoS Exec Code Overflow Mem. Corr. 2010-06-30 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
179 CVE-2010-2202 119 DoS Exec Code Overflow Mem. Corr. 2010-06-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.
180 CVE-2010-2201 399 Exec Code Mem. Corr. 2010-06-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168.
181 CVE-2010-2199 264 Bypass 2010-06-08 2017-08-17
7.2
None Local Low Not required Complete Complete Complete
lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
182 CVE-2010-2198 264 +Priv Bypass 2010-06-08 2010-06-09
7.2
None Local Low Not required Complete Complete Complete
lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
183 CVE-2010-2197 264 2010-06-08 2017-08-17
5.8
None Remote Medium Not required None Partial Partial
rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.
184 CVE-2010-2193 20 Exec Code 2010-06-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors.
185 CVE-2010-2192 59 2010-06-18 2010-06-22
1.9
None Local Medium Not required None Partial None
The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.
186 CVE-2010-2191 119 Overflow Mem. Corr. +Info 2010-06-08 2017-08-17
6.4
None Remote Low Not required Partial Partial None
The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature.
187 CVE-2010-2190 200 +Info 2010-06-08 2017-08-17
5.0
None Remote Low Not required Partial None None
The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
188 CVE-2010-2189 119 DoS Exec Code Overflow Mem. Corr. 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
189 CVE-2010-2188 119 DoS Exec Code Overflow Mem. Corr. 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.
190 CVE-2010-2187 119 DoS Exec Code Overflow Mem. Corr. 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.
191 CVE-2010-2186 94 DoS Exec Code 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
192 CVE-2010-2185 119 Exec Code Overflow 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.
193 CVE-2010-2184 119 DoS Exec Code Overflow Mem. Corr. 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.
194 CVE-2010-2183 189 Exec Code Overflow 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.
195 CVE-2010-2182 119 DoS Exec Code Overflow Mem. Corr. 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
196 CVE-2010-2181 189 Exec Code Overflow 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.
197 CVE-2010-2180 119 DoS Exec Code Overflow Mem. Corr. 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
198 CVE-2010-2179 79 XSS 2010-06-15 2018-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.
199 CVE-2010-2178 119 DoS Exec Code Overflow Mem. Corr. 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
200 CVE-2010-2177 119 DoS Exec Code Overflow Mem. Corr. 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
Total number of vulnerabilities : 492   Page : 1 2 3 4 (This Page)5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.