Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4355 | 1 Dadabik | 1 Dadabik | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the select_single parameter. | |||||
| CVE-2010-4364 | 1 Dadabik | 1 Dadabik | 2017-08-17 | 4.3 MEDIUM | N/A |
| DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does not include the htmLawed library, which allows remote attackers to bypass the protection mechanism for CVE-2010-4355 and conduct cross-site scripting (XSS) attacks via the (1) html content and (2) rich_editor fields. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4366 | 1 Abk-soft | 1 Chameleon Social Networking | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in forum_new_topic.php in Chameleon Social Networking allow remote attackers to inject arbitrary web script or HTML via the (1) thread_title and (2) thread_description parameters in a message. | |||||
| CVE-2010-4393 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2017-08-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an AVI file. | |||||
| CVE-2010-4413 | 1 Oracle | 1 Database Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Scheduler Agent component in Oracle Database Server 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-4415 | 1 Sun | 1 Sunos | 2017-08-17 | 4.1 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc. | |||||
| CVE-2010-4416 | 1 Oracle | 1 Fusion Middleware | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.4 allows remote attackers to affect availability via unknown vectors related to Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party researcher that this is a buffer overflow via a crafted XML soap request and a value that does not contain the expected 0x20 terminator character. | |||||
| CVE-2010-4417 | 1 Oracle | 1 Beehive | 2017-08-17 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code. | |||||
| CVE-2010-4418 | 1 Oracle | 2 Peoplesoft And Jdedwards Product Suite, Peoplesoft Enterprise | 2017-08-17 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.50.11 through 8.50.15 and 8.51GA through 8.51.05 allows remote attackers to affect confidentiality, integrity, and availability, related to PIA Core Technology. | |||||
| CVE-2010-4419 | 1 Oracle | 1 Peoplesoft And Jdedwards Product Suite | 2017-08-17 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #31 and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Order Capture. | |||||
| CVE-2010-4420 | 1 Oracle | 1 Database Server | 2017-08-17 | 3.6 LOW | N/A |
| Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows local users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2010-4421 | 1 Oracle | 1 Database Server | 2017-08-17 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-4423 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2017-08-17 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-4424 | 1 Oracle | 2 Peoplesoft And Jdedwards Product Suite, Peoplesoft Enterprise | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.0 through 8.49.29, 8.50.0 through 8.50.14, and 8.51.0 through 8.51.04 allows remote attackers to affect availability via unknown vectors related to the Security sub-component. | |||||
| CVE-2010-4425 | 1 Oracle | 1 Fusion Middleware | 2017-08-17 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2, 10.1.3.4.0, and 10.1.3.4.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Server. | |||||
| CVE-2010-4426 | 1 Oracle | 2 Peoplesoft And Jdedwards Product Suite, Peoplesoft Enterprise | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.0 through 8.49.29, 8.50.0 through 8.50.14, and 8.51.0 through 8.51.04 allows remote attackers to affect integrity, related to PIA Core Technology. | |||||
| CVE-2010-4427 | 1 Oracle | 1 Fusion Middleware | 2017-08-17 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server. | |||||
| CVE-2010-4428 | 1 Oracle | 1 Peoplesoft And Jdedwards Product Suite | 2017-08-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Update 2010-F allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management. | |||||
| CVE-2010-4429 | 1 Oracle | 1 Supply Chain Products Suite | 2017-08-17 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-3505. | |||||
| CVE-2010-4430 | 1 Oracle | 1 Peoplesoft And Jdedwards Product Suite | 2017-08-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.1 Update 2010-F allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management. | |||||
| CVE-2010-4431 | 1 Sun | 1 Java System Portal Server | 2017-08-17 | 1.0 LOW | N/A |
| Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy. | |||||
| CVE-2010-4432 | 1 Oracle | 1 Supply Chain Products Suite | 2017-08-17 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Transportation Manager component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure. | |||||
| CVE-2010-4433 | 1 Sun | 1 Sunos | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality via unknown vectors related to Ethernet and the Driver sub-component. | |||||
| CVE-2010-4434 | 1 Oracle | 2 Peoplesoft And Jdedwards Product Suite, Peoplesoft Enterprise | 2017-08-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.50.0 through 8.50.14 and 8.51.0 through 8.51.04 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal. | |||||
| CVE-2010-4436 | 1 Oracle | 1 Sunmc | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Management Center (SunMC) 4.0 allows remote attackers to affect confidentiality via unknown vectors related to Web Console. | |||||
| CVE-2010-4437 | 1 Oracle | 1 Fusion Middleware | 2017-08-17 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet Container. | |||||
| CVE-2010-4438 | 1 Oracle | 2 Glassfish Server, Java System Message Queue | 2017-08-17 | 5.7 MEDIUM | N/A |
| Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS). | |||||
| CVE-2010-4439 | 1 Oracle | 1 Peoplesoft And Jdedwards Product Suite | 2017-08-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to eProfile - Manager Desktop. | |||||
| CVE-2010-4440 | 1 Sun | 1 Sunos | 2017-08-17 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in Oracle 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel. | |||||
| CVE-2010-4441 | 1 Oracle | 1 Peoplesoft And Jdedwards Product Suite | 2017-08-17 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager. | |||||
| CVE-2010-4442 | 1 Sun | 1 Sunos | 2017-08-17 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel. | |||||
| CVE-2010-4443 | 1 Sun | 1 Sunos | 2017-08-17 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/NFS. | |||||
| CVE-2010-4444 | 2 Oracle, Sun | 2 Opensso, Java System Access Manager | 2017-08-17 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-4445 | 1 Oracle | 1 Peoplesoft And Jdedwards Product Suite | 2017-08-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #14 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager. | |||||
| CVE-2010-4446 | 1 Sun | 1 Sunos | 2017-08-17 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to RDS and Kernel/InfiniBand. | |||||
| CVE-2010-4449 | 1 Oracle | 1 Audit Vault | 2017-08-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue is related to a crafted parameter in an action.execute request to the av component on TCP port 5700. | |||||
| CVE-2010-4455 | 1 Oracle | 1 Fusion Middleware | 2017-08-17 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin. | |||||
| CVE-2010-4456 | 1 Sun | 1 Java System Communications Express | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail. | |||||
| CVE-2010-4457 | 1 Sun | 1 Sunos | 2017-08-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to SMB and CIFS. | |||||
| CVE-2010-4458 | 1 Sun | 1 Sunos | 2017-08-17 | 4.1 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to ZFS. | |||||
| CVE-2010-4459 | 1 Sun | 1 Sunos | 2017-08-17 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to SCTP and Kernel/sockfs. | |||||
| CVE-2010-4460 | 1 Sun | 1 Sunos | 2017-08-17 | 3.6 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon. | |||||
| CVE-2010-4461 | 1 Oracle | 1 Peoplesoft And Jdedwards Product Suite | 2017-08-17 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #23, 9.0 Bundle #14, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance. | |||||
| CVE-2010-4464 | 1 Oracle | 1 Sun Convergence | 2017-08-17 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. | |||||
| CVE-2010-4496 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4497 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4498 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2017-08-17 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. | |||||
| CVE-2010-4499 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2017-08-17 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2010-4506 | 1 Oracle | 1 Passlogix V-go Self-service Password Reset And Oem | 2017-08-17 | 6.2 MEDIUM | N/A |
| Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard. | |||||
| CVE-2010-4509 | 1 Sixapart | 1 Movabletype | 2017-08-17 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 and 5.x before 5.04 have unknown impact and attack vectors related to the (1) mt:AssetProperty and (2) mt:EntryFlag tags. | |||||