CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2010

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-7265 399 DoS 2010-11-09 2011-03-18
4.0
None Remote Low ??? None None Partial
The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
2 CVE-2008-7266 79 XSS 2010-11-26 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in RSA Adaptive Authentication 2.x and 5.7.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
3 CVE-2009-5014 310 Bypass 2010-11-06 2010-11-09
7.5
None Remote Low Not required Partial Partial Partial
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.
4 CVE-2009-5015 2010-11-06 2010-11-09
7.5
None Remote Low Not required Partial Partial Partial
The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.
5 CVE-2009-5016 189 Overflow Sql XSS Bypass 2010-11-12 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.
6 CVE-2009-5017 79 XSS Bypass 2010-11-12 2010-12-01
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210.
7 CVE-2010-0113 255 +Info 2010-11-15 2017-08-17
4.3
None Remote Medium Not required Partial None None
The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs.
8 CVE-2010-0783 79 XSS 2010-11-09 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9 CVE-2010-0784 79 XSS 2010-11-09 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10 CVE-2010-0785 352 CSRF 2010-11-09 2017-08-17
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
11 CVE-2010-0786 20 DoS 2010-11-09 2017-08-17
5.0
None Remote Low Not required None None Partial
The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data.
12 CVE-2010-1378 310 Bypass 2010-11-15 2010-11-22
7.5
None Remote Low Not required Partial Partial Partial
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.
13 CVE-2010-1523 119 Exec Code Overflow 2010-11-06 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
14 CVE-2010-1803 +Info 2010-11-15 2010-12-10
4.3
None Remote Medium Not required Partial None None
Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume.
15 CVE-2010-1828 20 DoS 2010-11-15 2010-12-10
5.0
None Remote Low Not required None None Partial
AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets.
16 CVE-2010-1829 22 Exec Code Dir. Trav. 2010-11-15 2010-12-10
6.0
None Remote Medium ??? Partial Partial Partial
Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.
17 CVE-2010-1830 2010-11-15 2010-12-10
5.0
None Remote Low Not required Partial None None
AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors.
18 CVE-2010-1831 119 Exec Code Overflow 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document.
19 CVE-2010-1832 119 Exec Code Overflow 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document.
20 CVE-2010-1833 119 DoS Exec Code Overflow Mem. Corr. 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document.
21 CVE-2010-1834 20 2010-11-15 2010-12-10
5.8
None Remote Medium Not required Partial Partial None
CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address.
22 CVE-2010-1836 119 DoS Exec Code Overflow 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
23 CVE-2010-1837 119 DoS Exec Code Overflow Mem. Corr. 2010-11-15 2011-01-12
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document.
24 CVE-2010-1838 287 Bypass 2010-11-15 2011-01-12
4.4
None Local Medium Not required Partial Partial Partial
Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name.
25 CVE-2010-1840 119 DoS Exec Code Overflow 2010-11-15 2010-12-10
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
26 CVE-2010-1841 20 DoS Exec Code Mem. Corr. 2010-11-15 2011-01-12
9.3
None Remote Medium Not required Complete Complete Complete
Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image.
27 CVE-2010-1842 119 DoS Exec Code Overflow 2010-11-15 2011-01-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation.
28 CVE-2010-1843 20 DoS 2010-11-16 2010-12-10
7.8
None Remote Low Not required None None Complete
Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet.
29 CVE-2010-1844 20 DoS 2010-11-16 2011-01-12
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image.
30 CVE-2010-1845 20 DoS Exec Code Mem. Corr. 2010-11-16 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image.
31 CVE-2010-1846 119 DoS Exec Code Overflow 2010-11-16 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image.
32 CVE-2010-1847 399 DoS 2010-11-16 2010-12-10
4.9
None Local Low Not required None None Complete
The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors.
33 CVE-2010-2477 79 XSS 2010-11-06 2010-12-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.
34 CVE-2010-2572 119 Exec Code Overflow 2010-11-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
35 CVE-2010-2573 189 Exec Code 2010-11-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
36 CVE-2010-2583 119 Exec Code Overflow 2010-11-03 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
37 CVE-2010-2635 89 Exec Code Sql 2010-11-09 2017-08-17
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages."
38 CVE-2010-2636 79 XSS 2010-11-09 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
39 CVE-2010-2637 310 +Info 2010-11-12 2017-08-17
4.3
None Remote Medium Not required Partial None None
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.
40 CVE-2010-2638 399 DoS 2010-11-15 2017-08-17
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value.
41 CVE-2010-2732 20 2010-11-10 2018-10-12
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
42 CVE-2010-2733 79 XSS 2010-11-10 2018-10-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
43 CVE-2010-2734 79 XSS 2010-11-10 2018-10-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
44 CVE-2010-2892 20 1 Exec Code CSRF 2010-11-15 2018-10-10
8.5
None Remote Medium ??? Complete Complete Complete
gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack.
45 CVE-2010-2941 399 DoS Exec Code 2010-11-05 2017-08-17
7.9
None Local Network Medium Not required Complete Complete Complete
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
46 CVE-2010-2962 20 +Priv 2010-11-26 2020-08-14
7.2
None Local Low Not required Complete Complete Complete
drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations.
47 CVE-2010-2963 20 +Priv 2010-11-26 2020-08-14
6.2
None Local High Not required Complete Complete Complete
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.
48 CVE-2010-3037 94 Exec Code 2010-11-22 2010-12-10
8.5
None Remote Medium ??? Complete Complete Complete
goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a "shell command injection vulnerability," aka Bug ID CSCti54059.
49 CVE-2010-3038 255 2010-11-22 2010-12-10
10.0
None Remote Low Not required Complete Complete Complete
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.
50 CVE-2010-3039 78 Exec Code 2010-11-09 2018-10-10
6.8
None Local Low ??? Complete Complete Complete
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.
Total number of vulnerabilities : 279   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.