Search Results (6933 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1922 1 29o3 Cms 1 29o3 Cms 2025-04-11 N/A
Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the LibDir parameter to (1) lib/page/pageDescriptionObject.php, and (2) layoutHeaderFuncs.php, (3) layoutManager.php, and (4) layoutParser.php in lib/layout/.
CVE-2010-2562 1 Microsoft 3 Excel, Office, Open Xml File Format Converter 2025-04-11 N/A
Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
CVE-2010-2564 1 Microsoft 1 Windows Movie Maker 2025-04-11 N/A
Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
CVE-2010-2567 1 Microsoft 2 Windows Server 2003, Windows Xp 2025-04-11 N/A
The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
CVE-2010-2576 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407.
CVE-2010-2677 1 Openwebanalytics 1 Open Web Analytics 2025-04-11 N/A
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2681 1 Joomla 2 Com Sef, Joomla\! 2025-04-11 N/A
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.
CVE-2010-3219 1 Microsoft 1 Word 2025-04-11 N/A
Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
CVE-2010-3220 1 Microsoft 2 Office, Word 2025-04-11 N/A
Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
CVE-2010-3326 1 Microsoft 4 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 1 more 2025-04-11 N/A
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-3340 1 Microsoft 6 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
CVE-2010-4884 1 Hinnendahl 1 Gaestebuch 2025-04-11 N/A
PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
CVE-2010-4939 1 Scripts.bdr130 1 Mailform 2025-04-11 N/A
PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.
CVE-2010-4964 1 Dlink 2 Dcs-2121, Dcs-2121 Firmware 2025-04-11 N/A
recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability.
CVE-2011-3231 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2025-04-11 N/A
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.
CVE-2011-0364 1 Cisco 1 Security Agent 2025-04-11 N/A
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.
CVE-2011-3229 1 Apple 1 Safari 2025-04-11 N/A
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.
CVE-2011-0487 1 Icq 1 Icq 2025-04-11 N/A
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.
CVE-2011-3228 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
CVE-2011-1969 1 Microsoft 1 Forefront Unified Access Gateway 2025-04-11 N/A
Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."