| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2010-0584 |
|
|
DoS |
2010-03-25 |
2010-07-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250. |
|
252 |
CVE-2010-0585 |
|
|
DoS |
2010-03-25 |
2010-04-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the "SCCP Packet Processing Denial of Service Vulnerability." |
|
253 |
CVE-2010-0586 |
|
|
DoS |
2010-03-25 |
2017-09-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability." |
|
254 |
CVE-2010-0587 |
|
|
DoS |
2010-03-05 |
2010-03-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985. |
|
255 |
CVE-2010-0588 |
|
|
DoS |
2010-03-05 |
2010-03-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823. |
|
256 |
CVE-2010-0590 |
|
|
DoS |
2010-03-05 |
2010-03-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188. |
|
257 |
CVE-2010-0591 |
|
|
DoS Overflow |
2010-03-05 |
2010-03-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362. |
|
258 |
CVE-2010-0592 |
|
|
DoS |
2010-03-05 |
2010-03-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800. |
|
259 |
CVE-2010-0618 |
|
|
DoS |
2010-03-24 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser and inkjet printers and MarkNet devices allows remote attackers to cause a denial of service (TCP outage) by making many passive FTP connections and then aborting these connections. |
|
260 |
CVE-2010-0619 |
119 |
|
DoS Exec Code Overflow |
2010-03-24 |
2018-10-10 |
7.3 |
None |
Remote |
High |
Not required |
Complete |
Partial |
Complete |
|
Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang) via a long argument to a PJL INQUIRE command. |
|
261 |
CVE-2010-0624 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-03-15 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. |
|
262 |
CVE-2010-0628 |
|
|
DoS |
2010-03-25 |
2020-01-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token. |
|
263 |
CVE-2010-0688 |
119 |
1
|
Exec Code Overflow |
2010-03-19 |
2017-08-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assisted remote attackers to execute arbitrary code via a crafted (1) .orb or (2) .ov file. |
|
264 |
CVE-2010-0726 |
79 |
|
XSS |
2010-03-02 |
2010-03-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt parameters. |
|
265 |
CVE-2010-0727 |
399 |
|
DoS |
2010-03-16 |
2020-08-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions. |
|
266 |
CVE-2010-0728 |
264 |
|
Bypass |
2010-03-10 |
2010-03-10 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client. |
|
267 |
CVE-2010-0729 |
264 |
|
+Priv |
2010-03-16 |
2017-09-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call. |
|
268 |
CVE-2010-0731 |
119 |
|
Overflow Bypass |
2010-03-26 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. |
|
269 |
CVE-2010-0732 |
362 |
|
Bypass |
2010-03-19 |
2010-06-05 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. |
|
270 |
CVE-2010-0733 |
189 |
|
DoS Overflow |
2010-03-19 |
2017-09-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. |
|
271 |
CVE-2010-0734 |
264 |
|
DoS |
2010-03-19 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. |
|
272 |
CVE-2010-0736 |
79 |
|
XSS |
2010-03-19 |
2010-03-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input." |
|
273 |
CVE-2010-0740 |
20 |
|
DoS |
2010-03-26 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. |
|
274 |
CVE-2010-0761 |
89 |
2
|
Exec Code Sql |
2010-03-02 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action. |
|
275 |
CVE-2010-0762 |
89 |
2
|
Exec Code Sql |
2010-03-02 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action. |
|
276 |
CVE-2010-0763 |
89 |
1
|
Exec Code Sql |
2010-03-02 |
2010-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in CommodityRentals Vacation Rental Software allows remote attackers to execute arbitrary SQL commands via the rental_id parameter in a CalendarView action. |
|
277 |
CVE-2010-0764 |
89 |
2
|
Exec Code Sql |
2010-03-02 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action. |
|
278 |
CVE-2010-0765 |
264 |
2
|
|
2010-03-02 |
2017-08-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for _database/forumFips.mdb. |
|
279 |
CVE-2010-0766 |
189 |
|
Exec Code Overflow |
2010-03-03 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the Swap4 function in valet4.dll in Luxology Modo 401 allows user-assisted remote attackers to execute arbitrary code via a .LXO file containing a CHNL subchunk associated with an invalid length. |
|
280 |
CVE-2010-0787 |
59 |
|
+Priv |
2010-03-02 |
2017-08-17 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file. |
|
281 |
CVE-2010-0788 |
59 |
|
DoS +Priv +Info |
2010-03-02 |
2018-10-10 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs. |
|
282 |
CVE-2010-0789 |
59 |
|
|
2010-03-02 |
2017-08-17 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint. |
|
283 |
CVE-2010-0790 |
200 |
|
+Info |
2010-03-10 |
2018-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name. |
|
284 |
CVE-2010-0791 |
264 |
|
DoS |
2010-03-10 |
2018-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. |
|
285 |
CVE-2010-0792 |
59 |
|
|
2010-03-05 |
2018-10-10 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file. |
|
286 |
CVE-2010-0793 |
119 |
|
DoS Exec Code Overflow |
2010-03-16 |
2010-06-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header. |
|
287 |
CVE-2010-0795 |
89 |
1
|
Exec Code Sql |
2010-03-02 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php. |
|
288 |
CVE-2010-0796 |
89 |
2
|
Exec Code Sql |
2010-03-02 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to index.php. |
|
289 |
CVE-2010-0797 |
79 |
|
XSS |
2010-03-02 |
2010-03-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
290 |
CVE-2010-0798 |
89 |
|
Exec Code Sql |
2010-03-02 |
2010-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
291 |
CVE-2010-0799 |
22 |
2
|
Dir. Trav. |
2010-03-02 |
2010-03-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in misc/tell_a_friend/tell.php in phpunity.newsmanager allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. |
|
292 |
CVE-2010-0800 |
89 |
1
|
Exec Code Sql |
2010-03-02 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php. |
|
293 |
CVE-2010-0801 |
22 |
1
|
Dir. Trav. |
2010-03-02 |
2010-03-03 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to administrator/index.php. NOTE: some of these details are obtained from third party information. |
|
294 |
CVE-2010-0802 |
89 |
2
|
Exec Code Sql |
2010-03-02 |
2010-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action. |
|
295 |
CVE-2010-0803 |
89 |
2
|
Exec Code Sql |
2010-03-02 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php. |
|
296 |
CVE-2010-0804 |
79 |
1
|
XSS |
2010-03-02 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter in a products action. |
|
297 |
CVE-2010-0805 |
94 |
|
Exec Code Mem. Corr. |
2010-03-31 |
2021-07-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." |
|
298 |
CVE-2010-0806 |
399 |
|
Exec Code Mem. Corr. |
2010-03-10 |
2021-07-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." |
|
299 |
CVE-2010-0807 |
94 |
|
Exec Code Mem. Corr. |
2010-03-31 |
2021-07-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." |
|
300 |
CVE-2010-0917 |
119 |
|
Exec Code Overflow |
2010-03-03 |
2019-02-26 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. |
