CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2010 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2010-0763 89 1 Exec Code Sql 2010-03-02 2010-03-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CommodityRentals Vacation Rental Software allows remote attackers to execute arbitrary SQL commands via the rental_id parameter in a CalendarView action.
102 CVE-2010-0762 89 2 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
103 CVE-2010-0761 89 2 Exec Code Sql 2010-03-02 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action.
104 CVE-2010-0731 119 Overflow Bypass 2010-03-26 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
105 CVE-2010-0728 264 Bypass 2010-03-10 2010-03-10
8.5
None Remote Medium ??? Complete Complete Complete
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.
106 CVE-2010-0688 119 1 Exec Code Overflow 2010-03-19 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assisted remote attackers to execute arbitrary code via a crafted (1) .orb or (2) .ov file.
107 CVE-2010-0619 119 DoS Exec Code Overflow 2010-03-24 2018-10-10
7.3
None Remote High Not required Complete Partial Complete
Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang) via a long argument to a PJL INQUIRE command.
108 CVE-2010-0592 DoS 2010-03-05 2010-03-05
7.8
None Remote Low Not required None None Complete
The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800.
109 CVE-2010-0591 DoS Overflow 2010-03-05 2010-03-05
7.8
None Remote Low Not required None None Complete
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.
110 CVE-2010-0590 DoS 2010-03-05 2010-03-05
7.8
None Remote Low Not required None None Complete
The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188.
111 CVE-2010-0588 DoS 2010-03-05 2010-03-05
7.8
None Remote Low Not required None None Complete
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823.
112 CVE-2010-0587 DoS 2010-03-05 2010-03-05
7.8
None Remote Low Not required None None Complete
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.
113 CVE-2010-0586 DoS 2010-03-25 2017-09-19
7.8
None Remote Low Not required None None Complete
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability."
114 CVE-2010-0585 DoS 2010-03-25 2010-04-01
7.8
None Remote Low Not required None None Complete
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the "SCCP Packet Processing Denial of Service Vulnerability."
115 CVE-2010-0584 DoS 2010-03-25 2010-07-13
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250.
116 CVE-2010-0583 399 DoS 2010-03-25 2017-08-17
7.8
None Remote Low Not required None None Complete
Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855.
117 CVE-2010-0582 DoS 2010-03-25 2010-04-13
7.8
None Remote Low Not required None None Complete
Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962.
118 CVE-2010-0581 Exec Code 2010-03-25 2010-04-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."
119 CVE-2010-0580 Exec Code 2010-03-25 2010-04-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability."
120 CVE-2010-0579 DoS 2010-03-25 2010-04-13
7.8
None Remote Low Not required None None Complete
The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability."
121 CVE-2010-0578 310 DoS 2010-03-25 2017-08-17
7.8
None Remote Low Not required None None Complete
The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491.
122 CVE-2010-0577 399 DoS 2010-03-25 2017-08-17
7.1
None Remote Medium Not required None None Complete
Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186.
123 CVE-2010-0576 DoS 2010-03-25 2017-08-17
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers to cause a denial of service (device reload or process restart) via a crafted LDP packet, aka Bug IDs CSCsz45567 and CSCsj25893.
124 CVE-2010-0573 2010-03-05 2017-08-17
8.5
None Remote Low Not required None Partial Complete
Unspecified vulnerability on the Cisco Digital Media Player before 5.2 allows remote attackers to hijack the source of (1) video or (2) data for a display via unknown vectors, related to a "content injection" issue, aka Bug ID CSCtc46024.
125 CVE-2010-0572 200 +Info 2010-03-05 2017-08-17
7.1
None Remote High ??? Complete Complete Complete
Cisco Digital Media Manager (DMM) before 5.2 allows remote authenticated users to discover Cisco Digital Media Player credentials via vectors related to reading a (1) error log or (2) stack trace, aka Bug ID CSCtc46050.
126 CVE-2010-0571 264 Exec Code +Priv 2010-03-05 2017-08-17
8.5
None Remote Medium ??? Complete Complete Complete
Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x allows remote authenticated users to gain privileges via unknown vectors, and consequently execute arbitrary code via a crafted web application, aka Bug ID CSCtc46008.
127 CVE-2010-0570 255 Exec Code 2010-03-05 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default password for the Tomcat administration account, which makes it easier for remote attackers to execute arbitrary code via a crafted web application, aka Bug ID CSCta03378.
128 CVE-2010-0536 119 DoS Exec Code Overflow Mem. Corr. 2010-03-31 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.
129 CVE-2010-0533 22 Dir. Trav. 2010-03-30 2013-09-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.
130 CVE-2010-0529 119 DoS Exec Code Overflow 2010-03-31 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation.
131 CVE-2010-0528 119 DoS Exec Code Overflow Mem. Corr. 2010-03-31 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value.
132 CVE-2010-0527 189 DoS Exec Code Overflow 2010-03-31 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
133 CVE-2010-0524 264 2010-03-30 2010-05-21
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message.
134 CVE-2010-0522 264 2010-03-30 2010-06-21
9.0
None Remote Low ??? Complete Complete Complete
Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing.
135 CVE-2010-0512 264 Bypass 2010-03-30 2010-05-21
9.3
None Remote Medium Not required Complete Complete Complete
The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials.
136 CVE-2010-0510 255 2010-03-30 2010-03-31
9.0
None Remote Low ??? Complete Complete Complete
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.
137 CVE-2010-0509 264 +Priv 2010-03-30 2010-03-31
7.2
None Local Low Not required Complete Complete Complete
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.
138 CVE-2010-0508 2010-03-30 2010-03-31
10.0
None Remote Low Not required Complete Complete Complete
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
139 CVE-2010-0504 119 DoS Exec Code Overflow 2010-03-30 2010-03-31
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
140 CVE-2010-0500 20 DoS 2010-03-30 2010-03-31
7.8
None Remote Low Not required None None Complete
Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue."
141 CVE-2010-0498 287 +Priv 2010-03-30 2010-03-31
7.2
None Local Low Not required Complete Complete Complete
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.
142 CVE-2010-0492 94 Exec Code Mem. Corr. 2010-03-31 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
143 CVE-2010-0491 399 Exec Code Mem. Corr. 2010-03-31 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."
144 CVE-2010-0490 94 Exec Code Mem. Corr. 2010-03-31 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
145 CVE-2010-0489 362 Exec Code Mem. Corr. 2010-03-31 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability."
146 CVE-2010-0483 94 Exec Code 2010-03-03 2019-02-26
7.6
None Remote High Not required Complete Complete Complete
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
147 CVE-2010-0450 +Priv 2010-03-31 2019-10-09
8.5
None Remote Low ??? Complete Complete None
Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote authenticated users to gain privileges via unknown vectors.
148 CVE-2010-0447 287 Exec Code 2010-03-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.
149 CVE-2010-0437 DoS 2010-03-24 2018-10-10
7.8
None Remote Low Not required None None Complete
The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.
150 CVE-2010-0425 Exec Code 2010-03-05 2021-06-06
10.0
None Remote Low Not required Complete Complete Complete
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
Total number of vulnerabilities : 249   Page : 1 2 3 (This Page)4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.