CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2010-1211 DoS Exec Code Mem. Corr. 2010-07-30 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
252 CVE-2010-1210 20 XSS 2010-07-30 2017-09-19
4.3
None Remote Medium Not required None Partial None
intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text.
253 CVE-2010-1209 399 Exec Code 2010-07-30 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback.
254 CVE-2010-1208 399 Exec Code 2010-07-30 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.
255 CVE-2010-1207 264 +Info 2010-07-30 2017-09-19
4.3
None Remote Medium Not required Partial None None
Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion.
256 CVE-2010-0916 2010-07-13 2012-10-23
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in Oracle OpenSolaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rdist.
257 CVE-2010-0915 2010-07-13 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle Advanced Product Catalog component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
258 CVE-2010-0914 2010-07-13 2012-10-23
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Mail, Calendar, Address Book, and Instant Messaging.
259 CVE-2010-0913 2010-07-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.
260 CVE-2010-0912 2010-07-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.
261 CVE-2010-0911 2010-07-13 2012-10-23
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the Listener component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect availability via unknown vectors.
262 CVE-2010-0910 2010-07-13 2012-10-23
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 and 11.2.1.4.1 allows remote attackers to affect availability via unknown vectors.
263 CVE-2010-0909 2010-07-13 2012-10-23
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect confidentiality via unknown vectors.
264 CVE-2010-0908 2010-07-13 2012-10-23
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
265 CVE-2010-0907 2010-07-13 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, and CVE-2010-0906.
266 CVE-2010-0906 2010-07-13 2012-10-23
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
267 CVE-2010-0905 2010-07-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote attackers to affect integrity via unknown vectors.
268 CVE-2010-0904 2010-07-13 2012-10-23
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors.
269 CVE-2010-0903 2010-07-13 2012-10-23
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the Net Foundation Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors.
270 CVE-2010-0902 2010-07-13 2012-10-23
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
271 CVE-2010-0901 2010-07-13 2012-10-23
2.1
None Remote High ??? Partial None None
Unspecified vulnerability in the Export component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Select Any Dictionary.
272 CVE-2010-0900 2010-07-13 2012-10-23
2.6
None Remote High Not required None None Partial
Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors.
273 CVE-2010-0899 2010-07-13 2012-10-23
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0907, and CVE-2010-0906.
274 CVE-2010-0898 2010-07-13 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
275 CVE-2010-0892 2010-07-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors.
276 CVE-2010-0873 2010-07-13 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
277 CVE-2010-0836 2010-07-13 2012-10-23
2.6
None Remote High Not required None Partial None
Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.
278 CVE-2010-0835 2010-07-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Wireless component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.
279 CVE-2010-0833 287 Bypass 2010-07-28 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.
280 CVE-2010-0832 59 1 2010-07-12 2017-08-17
6.9
None Local Medium Not required Complete Complete Complete
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
281 CVE-2010-0814 94 Exec Code 2010-07-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
282 CVE-2010-0266 94 Exec Code 2010-07-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
283 CVE-2010-0213 19 DoS 2010-07-28 2016-04-04
2.6
None Remote High Not required None None Partial
BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers.
284 CVE-2010-0212 264 DoS 2010-07-28 2018-10-10
5.0
None Remote Low Not required None None Partial
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.
285 CVE-2010-0211 264 DoS Exec Code 2010-07-28 2018-10-10
5.0
None Remote Low Not required None None Partial
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
286 CVE-2010-0083 2010-07-13 2012-10-23
7.6
None Remote High Not required Complete Complete Complete
Unspecified vulnerability in Oracle OpenSolaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
287 CVE-2010-0081 2010-07-13 2016-11-23
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2381.
288 CVE-2009-4974 22 1 Dir. Trav. 2010-07-28 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.
289 CVE-2009-4973 89 1 Exec Code Sql 2010-07-28 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.
290 CVE-2009-4972 79 XSS 2010-07-28 2010-07-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
291 CVE-2009-4971 89 Exec Code Sql 2010-07-28 2010-07-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
292 CVE-2009-4970 89 Exec Code Sql 2010-07-28 2010-07-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
293 CVE-2009-4969 89 Exec Code Sql 2010-07-28 2010-07-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
294 CVE-2009-4968 89 Exec Code Sql 2010-07-28 2010-07-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
295 CVE-2009-4967 89 Exec Code Sql 2010-07-28 2010-07-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
296 CVE-2009-4966 89 Exec Code Sql 2010-07-28 2010-07-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
297 CVE-2009-4965 89 Exec Code Sql 2010-07-28 2010-07-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
298 CVE-2009-4964 119 1 Exec Code Overflow 2010-07-28 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers to execute arbitrary code via a long string in a .M3U playlist file.
299 CVE-2009-4963 79 XSS 2010-07-28 2010-07-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
300 CVE-2009-4962 119 1 Exec Code Overflow 2010-07-28 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information.
Total number of vulnerabilities : 343   Page : 1 2 3 4 5 6 (This Page)7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.