CVE-2010-2426

Public exploit
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command.
Max CVSS
4.0
EPSS Score
7.25%
Published
2010-06-24
Updated
2018-10-10

CVE-2010-2343

Public exploit
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
Max CVSS
9.3
EPSS Score
94.85%
Published
2010-06-21
Updated
2017-08-17

CVE-2010-2333

Public exploit
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
Max CVSS
5.0
EPSS Score
90.58%
Published
2010-06-18
Updated
2010-07-13

CVE-2010-2309

Public exploit
Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request.
Max CVSS
7.5
EPSS Score
89.62%
Published
2010-06-16
Updated
2010-06-17

CVE-2010-2263

Public exploit
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
Max CVSS
5.0
EPSS Score
2.70%
Published
2010-06-15
Updated
2021-11-10

CVE-2010-2156

Public exploit
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.
Max CVSS
5.0
EPSS Score
96.68%
Published
2010-06-07
Updated
2017-08-17

CVE-2010-2075

Public exploit
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
Max CVSS
7.5
EPSS Score
64.95%
Published
2010-06-15
Updated
2010-06-18

CVE-2010-2063

Public exploit
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.
Max CVSS
7.5
EPSS Score
97.18%
Published
2010-06-17
Updated
2023-02-13

CVE-2010-1964

Public exploit
Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683.
Max CVSS
7.5
EPSS Score
96.38%
Published
2010-06-17
Updated
2018-10-10

CVE-2010-1961

Public exploit
Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function.
Max CVSS
10.0
EPSS Score
83.29%
Published
2010-06-10
Updated
2018-10-10

CVE-2010-1960

Public exploit
Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.
Max CVSS
10.0
EPSS Score
83.29%
Published
2010-06-10
Updated
2018-10-10

CVE-2010-1885

Public exploit
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
Max CVSS
9.3
EPSS Score
97.37%
Published
2010-06-15
Updated
2019-02-26

CVE-2010-1297

Known exploited
Public exploit
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
Max CVSS
9.3
EPSS Score
35.54%
Published
2010-06-08
Updated
2017-09-19
CISA KEV Added
2022-06-08

CVE-2010-0822

Public exploit
Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
97.05%
Published
2010-06-08
Updated
2018-10-12
Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), allows remote attackers to gain privileges via unknown vectors. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.98%
Published
2010-06-30
Updated
2017-08-17
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.
Max CVSS
7.5
EPSS Score
0.18%
Published
2010-06-30
Updated
2010-07-01
Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.10%
Published
2010-06-29
Updated
2010-06-30
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
0.18%
Published
2010-06-28
Updated
2010-06-29
Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php.
Max CVSS
4.3
EPSS Score
0.16%
Published
2010-06-28
Updated
2010-06-29
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
Max CVSS
7.5
EPSS Score
0.17%
Published
2010-06-28
Updated
2010-06-29
SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2010-06-28
Updated
2010-06-29
SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2010-06-28
Updated
2010-06-29
SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2010-06-28
Updated
2010-06-29
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.
Max CVSS
4.3
EPSS Score
0.13%
Published
2010-06-28
Updated
2010-06-29
SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2010-06-28
Updated
2010-06-29
490 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!