Total
3694 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1360 | 1 Boesch-it | 1 Faqengine | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php. | |||||
| CVE-2010-1351 | 1 Nodesforum | 1 Nodesforum | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 and 1.045, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _nodesforum_path_from_here_to_nodesforum_folder parameter to erase_user_data.php and the (2) _nodesforum_code_path parameter to pre_output.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1342 | 1 Directnews | 1 Direct News | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to (1) admin/menu.php and (2) library/lib.menu.php; and the adminroot parameter to (3) admin/media/update_content.php and (4) library/class.backup.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1337 | 1 Lussumo | 1 Vanilla | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters. | |||||
| CVE-2010-1335 | 1 Miftahovn | 1 Insky Cms | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1299 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1279 | 1 Adobe | 1 Photoshop Cs4 | 2024-11-21 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. | |||||
| CVE-2010-1272 | 1 Komputer.boo | 1 Gnat-tgp | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | |||||
| CVE-2010-1266 | 1 Kjetiltroan | 1 Webmaid Cms | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php. | |||||
| CVE-2010-1263 | 1 Microsoft | 1 Office | 2024-11-21 | 9.3 HIGH | N/A |
| Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiation, which allows remote attackers to execute arbitrary code via a crafted file, aka "COM Validation Vulnerability." | |||||
| CVE-2010-1262 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." | |||||
| CVE-2010-1261 | 1 Microsoft | 6 Internet Explorer, Windows 2003 Server, Windows 7 and 3 more | 2024-11-21 | 9.3 HIGH | N/A |
| The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2010-1260 | 1 Microsoft | 6 Internet Explorer, Windows 2003 Server, Windows 7 and 3 more | 2024-11-21 | 9.3 HIGH | 7.5 HIGH |
| The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." | |||||
| CVE-2010-1259 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2010-1256 | 1 Microsoft | 5 Internet Information Server, Windows 2003 Server, Windows 7 and 2 more | 2024-11-21 | 8.5 HIGH | N/A |
| Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability." | |||||
| CVE-2010-1255 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." | |||||
| CVE-2010-1253 | 1 Microsoft | 4 Excel, Office, Office Compatibility Pack and 1 more | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function call to a "user-controlled pointer," aka "Excel ADO Object Vulnerability." | |||||
| CVE-2010-1252 | 1 Microsoft | 2 Excel, Office | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability." | |||||
| CVE-2010-1251 | 1 Microsoft | 2 Excel, Office | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability." | |||||
| CVE-2010-1250 | 1 Microsoft | 3 Excel, Office, Open Xml File Format Converter | 2024-11-21 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability." | |||||