Search Results (6957 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1335 1 Miftahovn 1 Insky Cms 2025-04-11 N/A
Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/. NOTE: some of these details are obtained from third party information.
CVE-2010-1299 1 Dynpg 1 Dynpg 2025-04-11 N/A
Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information.
CVE-2010-0988 1 Pulsecms 1 Pulse Cms 2025-04-11 N/A
Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.
CVE-2010-0983 1 Utilo 1 Rezervi 2025-04-11 N/A
PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156.
CVE-2010-0975 1 Phpcityportal 1 Phpcityportal 2025-04-11 N/A
PHP remote file inclusion vulnerability in external.php in PHPCityPortal allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
CVE-2010-0966 1 Dzcp 1 Dev\!l\'z Clanportal 2025-04-11 N/A
PHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
CVE-2010-0647 2 Apple, Google 2 Webkit, Chrome 2025-04-11 N/A
WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.
CVE-2010-0267 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more 2025-04-11 N/A
Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-0266 1 Microsoft 2 Office, Outlook 2025-04-11 N/A
Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
CVE-2010-0264 1 Microsoft 6 Excel, Office, Office Compatibility Pack and 3 more 2025-04-11 N/A
Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
CVE-2010-0263 1 Microsoft 6 Excel, Office, Office Compatibility Pack and 3 more 2025-04-11 N/A
Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability."
CVE-2010-0262 1 Microsoft 6 Excel, Office, Office Compatibility Pack and 3 more 2025-04-11 N/A
Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
CVE-2010-0260 1 Microsoft 6 Excel, Office, Office Compatibility Pack and 3 more 2025-04-11 N/A
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXTUPLE record is broken up into several records," aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability."
CVE-2010-0257 1 Microsoft 6 Excel, Office, Office Compatibility Pack and 3 more 2025-04-11 N/A
Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
CVE-2010-0256 1 Microsoft 1 Visio 2025-04-11 N/A
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
CVE-2010-0254 1 Microsoft 1 Visio 2025-04-11 N/A
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
CVE-2010-0252 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more 2025-04-11 N/A
The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
CVE-2010-0248 1 Microsoft 8 Ie, Internet Explorer, Windows 2000 and 5 more 2025-04-11 8.1 High
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
CVE-2010-0247 1 Microsoft 4 Internet Explorer, Windows 2000, Windows Server 2003 and 1 more 2025-04-11 N/A
Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-0246 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.