Total
3693 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4964 | 1 Dlink | 2 Dcs-2121, Dcs-2121 Firmware | 2024-11-21 | 9.0 HIGH | N/A |
| recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability. | |||||
| CVE-2010-4948 | 1 Phpgalleryscript | 1 Php Free Photo Gallery | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in PHP Free Photo Gallery script allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2010-4943 | 1 Brothersoft | 1 Saurus Cms | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php. | |||||
| CVE-2010-4939 | 1 Scripts.bdr130 | 1 Mailform | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter. | |||||
| CVE-2010-4924 | 1 Clearbudget | 1 Clearbudget | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party | |||||
| CVE-2010-4918 | 2 Ijoomla, Joomla | 2 Com Magazine, Joomla\! | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php. | |||||
| CVE-2010-4914 | 1 Deltascripts | 1 Php Classifieds | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter. | |||||
| CVE-2010-4884 | 1 Hinnendahl | 1 Gaestebuch | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter. | |||||
| CVE-2010-4879 | 1 Digitaljunkies | 1 Dompdf | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter. | |||||
| CVE-2010-4878 | 1 Hinnendahl | 1 Kontakt Formular | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter. | |||||
| CVE-2010-4820 | 1 Ghostscript | 1 Ghostscript | 2024-11-21 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055. | |||||
| CVE-2010-4810 | 1 Awcm-cms | 1 Ar Web Content Manager | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) lang_file parameter to control/common.php. | |||||
| CVE-2010-4732 | 1 Intellicom | 7 Netbiter Easyconnect Ec150, Netbiter Modbus Rtu-tcp Gateway Mb100, Netbiter Nb100 and 4 more | 2024-11-21 | 9.0 HIGH | N/A |
| cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463. | |||||
| CVE-2010-4588 | 1 Microsoft | 1 Wmi Administrative Tools | 2024-11-21 | 9.3 HIGH | N/A |
| The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference. | |||||
| CVE-2010-4572 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a different vulnerability than CVE-2010-2761 and CVE-2010-4411. | |||||
| CVE-2010-4558 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 7.5 HIGH | N/A |
| phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2010-4410 | 1 Andy Armstrong | 2 Cgi-simple, Cgi.pm | 2024-11-21 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. | |||||
| CVE-2010-4368 | 2 Awstats, Microsoft | 2 Awstats, Windows | 2024-11-21 | 7.5 HIGH | N/A |
| awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname. | |||||
| CVE-2010-4367 | 1 Awstats | 1 Awstats | 2024-11-21 | 7.5 HIGH | N/A |
| awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server. | |||||
| CVE-2010-4294 | 2 Microsoft, Vmware | 5 Windows, Movie Decoder, Player and 2 more | 2024-11-21 | 9.3 HIGH | N/A |
| The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. | |||||