High · CVSS 7.5
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
Published Mar 7, 2013 · Updated May 29, 2026
High · CVSS 8.8 · CISA KEV
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
Published Mar 10, 2010 · Updated May 20, 2026
Unknown · CVSS Not scored
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
Published Mar 2, 2011 · Updated Nov 3, 2025
Unknown · CVSS Not scored
The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product’s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.
Published Mar 26, 2019 · Updated Jun 26, 2025
Medium · CVSS 5.3
A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Published Mar 28, 2022 · Updated Apr 15, 2025
Medium · CVSS 6.5
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."
Published Mar 31, 2010 · Updated Jan 21, 2025
High · CVSS 8.1
Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
Published Mar 31, 2010 · Updated Oct 21, 2024
High · CVSS 8.8
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
Published Mar 12, 2010 · Updated Oct 15, 2024
High · CVSS 8.8
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content."
Published Mar 12, 2010 · Updated Oct 15, 2024
Unknown · CVSS Not scored
Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Published Mar 30, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
Published Mar 30, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
Published Mar 9, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Published Mar 19, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.
Published Mar 30, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Mar 24, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Published Mar 19, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to obtain "unauthorized access to data" via unknown vectors.
Published Mar 31, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.
Published Mar 30, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing.
Published Mar 30, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Published Mar 23, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors.
Published Mar 18, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.
Published Mar 5, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Published Mar 19, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.
Published Mar 30, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.
Published Mar 18, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Published Mar 19, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets.
Published Mar 18, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the style parameter.
Published Mar 19, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement.
Published Mar 26, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Published Mar 16, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.
Published Mar 5, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames.
Published Mar 30, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php.
Published Mar 24, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number.
Published Mar 5, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.
Published Mar 23, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the UserTask Center, Recent (taskcenter_recent) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Mar 19, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element.
Published Mar 3, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.
Published Mar 9, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users.
Published Mar 30, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image.
Published Mar 30, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command.
Published Mar 5, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors.
Published Mar 22, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Published Mar 19, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Published Mar 19, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
Published Mar 25, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type.
Published Mar 30, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image.
Published Mar 30, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter.
Published Mar 23, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."
Published Mar 19, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.
Published Mar 29, 2010 · Updated Sep 17, 2024