Total
5486 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-5164 | 2 Kingsoft, Microsoft | 2 Personal Firewall 9, Windows Xp | 2025-04-11 | 5.3 Medium |
| Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | ||||
| CVE-2010-2991 | 1 Citrix | 1 Online Plug-in For Windows For Xenapp \& Xendesktop | 2025-04-11 | N/A |
| The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. | ||||
| CVE-2010-2163 | 3 Adobe, Macromedia, Redhat | 4 Air, Flash Player, Flash Player and 1 more | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2011-1508 | 1 Microsoft | 1 Publisher | 2025-04-11 | N/A |
| Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability." | ||||
| CVE-2010-2918 | 2 Joomla, Visocrea | 2 Joomla\!, Com Joomla Visites | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2010-2809 | 1 Uzbl | 1 Uzbl | 2025-04-11 | N/A |
| The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document. | ||||
| CVE-2011-1392 | 2 .bbsoftware, Ibm | 2 Bb Flashback, Rational Rhapsody | 2025-04-11 | N/A |
| The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2010-2761 | 2 Andy Armstrong, Redhat | 3 Cgi-simple, Cgi.pm, Enterprise Linux | 2025-04-11 | N/A |
| The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. | ||||
| CVE-2010-2750 | 1 Microsoft | 2 Office, Word | 2025-04-11 | N/A |
| Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." | ||||
| CVE-2010-2681 | 1 Joomla | 2 Com Sef, Joomla\! | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php. | ||||
| CVE-2011-1391 | 2 .bbsoftware, Ibm | 2 Bb Flashback, Rational Rhapsody | 2025-04-11 | N/A |
| The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2010-2677 | 1 Openwebanalytics | 1 Open Web Analytics | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-3200 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2025-04-11 | N/A |
| The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability." | ||||
| CVE-2010-2628 | 1 Strongswan | 1 Strongswan | 2025-04-11 | N/A |
| The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows. | ||||
| CVE-2010-4964 | 1 Dlink | 2 Dcs-2121, Dcs-2121 Firmware | 2025-04-11 | N/A |
| recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability. | ||||
| CVE-2010-2626 | 1 Miyabi-seo | 1 Cgi Tools Seo Links | 2025-04-11 | N/A |
| index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to execute arbitrary commands via shell metacharacters in the fn command. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-2817 | 1 Mitsubishielectric | 1 Mc-worx Suite | 2025-04-11 | N/A |
| An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. | ||||
| CVE-2010-2618 | 1 Insanevisions | 1 Adapcms | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected. | ||||
| CVE-2010-2576 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407. | ||||
| CVE-2010-4939 | 1 Scripts.bdr130 | 1 Mailform | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter. | ||||