CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2010-0996 Exec Code 2010-04-20 2018-10-10
6.0
None Remote Medium ??? Partial Partial Partial
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required.
252 CVE-2010-0994 119 Exec Code Overflow 2010-04-15 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library 2009.08.812 allow user-assisted remote attackers to execute arbitrary code via a crafted DAT file, related to the (1) vl::loadDAT and (2) vl::isDAT functions.
253 CVE-2010-0993 Exec Code 2010-04-09 2018-10-10
6.0
None Remote Medium ??? Partial Partial Partial
Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
254 CVE-2010-0992 352 CSRF 2010-04-09 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that (1) upload image files, (2) delete image files, or (3) create blocks.
255 CVE-2010-0991 119 Exec Code Overflow 2010-04-22 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h.
256 CVE-2010-0897 2010-04-13 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Sun Java System Directory Server component in Oracle Sun Product Suite 5.2, 6.0, 6.1, 6.2, 6.3, and 6.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Directory Service Markup Language.
257 CVE-2010-0896 2010-04-13 2017-08-17
7.1
None Remote Medium Not required Complete None None
Unspecified vulnerability in the Sun Convergence component in Oracle Sun Product Suite 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Address Book and Mail Filter.
258 CVE-2010-0895 2010-04-13 2017-08-17
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite OpenSolaris snv_119 allows local users to affect integrity and availability via unknown vectors related to IP Filter.
259 CVE-2010-0894 2010-04-13 2017-08-17
5.8
None Remote Medium Not required Partial Partial None
Unspecified vulnerability in the Sun Java System Access Manager component in Oracle Sun Product Suite 7.1, 7 2005Q4, and OpenSSO Enterprise 8.0 allows remote attackers to affect confidentiality and integrity via unknown vectors.
260 CVE-2010-0893 2010-04-13 2017-08-17
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in the Sun Convergence component in Oracle Sun Product Suite 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Mail.
261 CVE-2010-0891 2010-04-13 2017-09-19
5.8
None Remote Medium Not required Partial Partial None
Unspecified vulnerability in the Sun Management Center component in Oracle Sun Product Suite 3.6.1 and 4.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Solaris Container Manager.
262 CVE-2010-0890 2010-04-13 2017-09-19
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_01 through snv_98 allows local users to affect availability via unknown vectors related to the Kernel.
263 CVE-2010-0889 2010-04-13 2017-08-17
4.9
None Local Low Not required Complete None None
Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite OpenSolaris snv_68 through snv_128 allows local users to affect confidentiality via unknown vectors related to the Kernel.
264 CVE-2010-0888 2010-04-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Sun Ray Server Software component in Oracle Sun Product Suite 4.0, 4.1, and 4.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Device Services.
265 CVE-2010-0887 2010-04-20 2016-08-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
266 CVE-2010-0886 2010-04-20 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
267 CVE-2010-0885 2010-04-13 2013-02-08
6.8
None Remote Low ??? Complete None None
Unspecified vulnerability in the Sun Java System Communications Express component in Oracle Sun Product Suite 6 2005Q4 (6.2) and and 6.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Address Book.
268 CVE-2010-0884 2010-04-13 2017-08-17
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Business Suite, a different vulnerability than CVE-2010-0883.
269 CVE-2010-0883 2010-04-13 2017-08-17
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Business Suite, a different vulnerability than CVE-2010-0884.
270 CVE-2010-0882 2010-04-13 2017-09-19
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_134 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Trusted Extensions.
271 CVE-2010-0881 2010-04-14 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the User Interface Components in Oracle Collaboration Suite 10.1.2.4 allows remote attackers to affect integrity via unknown vectors.
272 CVE-2010-0880 2010-04-13 2017-08-17
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote attackers to affect confidentiality and integrity via unknown vectors.
273 CVE-2010-0879 2010-04-13 2017-08-17
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote authenticated users to affect confidentiality via unknown vectors.
274 CVE-2010-0878 2010-04-13 2017-08-17
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote authenticated users to affect integrity via unknown vectors.
275 CVE-2010-0877 2010-04-13 2017-08-17
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote attackers to affect integrity via unknown vectors.
276 CVE-2010-0876 2010-04-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Life Sciences - Oracle Clinical Remote Data Capture Option component in Oracle Industry Product Suite 4.5.3 and 4.6 allows remote attackers to affect integrity, related to RDC Onsite.
277 CVE-2010-0875 2010-04-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Life Sciences - Oracle Thesaurus Management System component in Oracle Industry Product Suite 4.5.2, 4.6, and 4.6.1 allows remote attackers to affect integrity, related to TMS Browser.
278 CVE-2010-0874 2010-04-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Communications - Oracle Communications Unified Inventory Management component in Oracle Industry Product Suite 7.1 allows remote attackers to affect integrity via unknown vectors.
279 CVE-2010-0872 2010-04-13 2012-10-23
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3 allows remote attackers to affect availability via unknown vectors.
280 CVE-2010-0871 2010-04-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.
281 CVE-2010-0870 2010-04-13 2012-10-23
3.6
None Remote High ??? Partial Partial None
Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH.
282 CVE-2010-0869 2010-04-13 2012-10-23
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in the Oracle Transportation Management component in Oracle E-Business Suite 5.5.05.07, 5.5.06.00, and 6.0.03 allows remote attackers to affect confidentiality via unknown vectors.
283 CVE-2010-0868 2010-04-13 2012-10-23
5.8
None Remote Medium Not required Partial Partial None
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.
284 CVE-2010-0867 2010-04-13 2012-10-23
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the JavaVM component in Oracle Database 10.2.0.4, 11.1.0.7, and 11.2.0.1.0 allows remote authenticated users to affect integrity via unknown vectors.
285 CVE-2010-0866 2010-04-13 2012-10-23
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in the JavaVM component in Oracle Database 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
286 CVE-2010-0865 2010-04-13 2012-10-23
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle E-Business Suite 6.1.1.0 allows remote attackers to affect confidentiality via unknown vectors.
287 CVE-2010-0864 2010-04-13 2017-08-17
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Retail - Oracle Retail Place In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help.
288 CVE-2010-0863 2010-04-13 2017-08-17
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help.
289 CVE-2010-0862 2010-04-13 2017-08-17
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Retail - Oracle Retail Markdown Optimization component in Oracle Industry Product Suite 13.1 allows remote attackers to affect integrity via unknown vectors related to Online Help.
290 CVE-2010-0861 2010-04-13 2012-10-23
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Oracle HRMS (Self Service) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality via unknown vectors.
291 CVE-2010-0860 2010-04-13 2012-10-23
7.1
None Remote High ??? Complete Complete Complete
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to the Create User privilege.
292 CVE-2010-0859 2010-04-13 2012-10-23
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 ATG RUP6 allows remote attackers to affect confidentiality and integrity via unknown vectors.
293 CVE-2010-0858 2010-04-13 2012-10-23
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors.
294 CVE-2010-0857 2010-04-13 2012-10-23
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle Workflow Cartridge component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors.
295 CVE-2010-0856 2010-04-13 2012-10-23
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.2 allows remote attackers to affect availability via unknown vectors.
296 CVE-2010-0855 2010-04-13 2016-11-19
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0086.
297 CVE-2010-0854 2010-04-13 2012-10-23
2.1
None Remote High ??? None Partial None
Unspecified vulnerability in the Audit component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to "SELECT, INSERT or DELETE on tables subject to auditing."
298 CVE-2010-0853 2010-04-13 2012-10-23
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8, 9.2.0.8, and DV; and Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
299 CVE-2010-0852 2010-04-13 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
300 CVE-2010-0851 2010-04-13 2012-10-23
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality via unknown vectors.
Total number of vulnerabilities : 501   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.