Total
3563 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2358 | 1 Jeffkilroy | 1 Nakid Cms | 2024-02-04 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2628 | 1 Strongswan | 1 Strongswan | 2024-02-04 | 7.5 HIGH | N/A |
| The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows. | |||||
| CVE-2010-1946 | 1 Openmairie | 1 Openregistrecil | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation_normale.class.php, (2) collectivite.class.php, (3) dossier.class.php, (4) norme_simplifiee.class.php, (5) registre.class.php, (6) autorisation_unique.class.php, (7) demande_avis.class.php, (8) droit.class.php, (9) organisme.class.php, (10) service.class.php, (11) categorie_donnee.class.php, (12) destinataire.class.php, (13) profil.class.php, (14) tabdyn_visu.class.php, (15) categorie_personne.class.php, (16) dispense.class.php, (17) modificatif.class.php, (18) reference.class.php, and (19) utilisateur.class.php in obj/. | |||||
| CVE-2010-1272 | 1 Komputer.boo | 1 Gnat-tgp | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | |||||
| CVE-2010-2569 | 1 Microsoft | 1 Publisher | 2024-02-04 | 9.3 HIGH | N/A |
| pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability." | |||||
| CVE-2010-1934 | 1 Openmairie | 1 Openplanning | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php, (2) profil.class.php, (3) collectivite.class.php, (4) ressource.class.php, (5) droit.class.php, (6) utilisateur.class.php, and (7) planning.class.php in obj/. | |||||
| CVE-2011-4248 | 1 Realnetworks | 1 Realplayer | 2024-02-04 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file. | |||||
| CVE-2010-1978 | 1 Freephpblogsoftware | 1 Freephpblogsoftware | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in default_theme.php in FreePHPBlogSoftware 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpincdir parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2297 | 3 Google, Opensuse, Suse | 4 Chrome, Opensuse, Suse Linux Enterprise Desktop and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table. | |||||
| CVE-2009-4614 | 1 Dan Brown | 1 Moa Gallery | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Moa Gallery 1.2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the MOA_PATH parameter to (1) _error_funcs.php, (2) _integrity_funcs.php, (3) _template_component_admin.php, (4) _template_component_gallery.php, (5) _template_parser.php, (6) mod_gallery_funcs.php, (7) mod_image_funcs.php, (8) mod_tag_funcs.php, (9) mod_tag_view.php, (10) mod_upgrade_funcs.php, (11) mod_user_funcs.php, (12) page_admin.php, (13) page_gallery_add.php, (14) page_gallery_view.php, (15) page_image_add.php, (16) page_image_view_full.php, (17) page_login.php, and (18) page_sitemap.php in sources/. | |||||
| CVE-2011-2752 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 5.8 MEDIUM | N/A |
| CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555. | |||||
| CVE-2011-4825 | 3 Phpletter, Phpmyfaq, Tinymce | 3 Ajax File And Image Manager, Phpmyfaq, Tinymce | 2024-02-04 | 7.5 HIGH | N/A |
| Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters. | |||||
| CVE-2010-4878 | 1 Hinnendahl | 1 Kontakt Formular | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter. | |||||
| CVE-2010-0187 | 1 Adobe | 2 Adobe Air, Flash Player | 2024-02-04 | 4.3 MEDIUM | N/A |
| Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file. | |||||
| CVE-2010-4588 | 1 Microsoft | 1 Wmi Administrative Tools | 2024-02-04 | 9.3 HIGH | N/A |
| The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference. | |||||
| CVE-2010-0367 | 1 Bitscripts | 1 Bits Video Script | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php. | |||||
| CVE-2011-3828 | 1 Sunplus-tech | 1 Dvr Remote Activex Control | 2024-02-04 | 9.3 HIGH | N/A |
| DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web server. | |||||
| CVE-2010-0178 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-04 | 7.6 HIGH | N/A |
| Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. | |||||
| CVE-2010-2163 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2024-02-04 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2010-2750 | 1 Microsoft | 2 Office, Word | 2024-02-04 | 9.3 HIGH | N/A |
| Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." | |||||