High · CVSS 7.8
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
Published Jun 8, 2010 · Updated Oct 22, 2025
Critical · CVSS 9.8 · CISA KEV
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
Published Jun 11, 2019 · Updated Oct 21, 2025
High · CVSS 7.8
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
Published Jun 8, 2010 · Updated Jan 21, 2025
High · CVSS 7.5
The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
Published Jun 8, 2010 · Updated Oct 21, 2024
Unknown · CVSS Not scored
Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors.
Published Jun 3, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information.
Published Jun 21, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file.
Published Jun 25, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory.
Published Jun 14, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes.
Published Jun 17, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in the lsConnectionCached function in editcp in EDItran Communications Platform 4.1 R7 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted packet to TCP port 7777.
Published Jun 28, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067.
Published Jun 28, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."
Published Jun 17, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file.
Published Jun 18, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.
Published Jun 28, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp.
Published Jun 17, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information.
Published Jun 9, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to execute arbitrary code via a long HEAD request.
Published Jun 18, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady Online Notebook Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
Published Jun 21, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB before 1.3.8 might allow remote attackers to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug #3001896.
Published Jun 14, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name.
Published Jun 17, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.
Published Jun 18, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi.
Published Jun 14, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component.
Published Jun 14, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Jun 29, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.
Published Jun 8, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.
Published Jun 17, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) bannerid parameter in conjunction with a /admin/ad/banner/list PATH_INFO; and allow remote authenticated users, with certain privileges, to inject arbitrary web script or HTML via the (3) title or (4) answers parameter in conjunction with a /admin/poll/add PATH_INFO, or the (5) name parameter in conjunction with a /admin/category/add PATH_INFO.
Published Jun 14, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors.
Published Jun 14, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.
Published Jun 17, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.
Published Jun 23, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.
Published Jun 14, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Jun 3, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Linear eMerge 50 and 5000 uses a default password of eMerge for the IEIeMerge account, which makes it easier for remote attackers to obtain Video Recorder data by establishing a session to the device.
Published Jun 25, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
Published Jun 14, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.
Published Jun 22, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors.
Published Jun 18, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.
Published Jun 14, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448.
Published Jun 23, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information.
Published Jun 28, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.
Published Jun 17, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Jun 7, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.
Published Jun 17, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO.
Published Jun 14, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in themes/default/download.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.
Published Jun 18, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.
Published Jun 17, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
Published Jun 8, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding.
Published Jun 17, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in st-wizard.exe in Subtitle Translation Wizard 3.0 allows user-assisted remote attackers to execute arbitrary code via a crafted SRT file with a long line after a time range. NOTE: some of these details are obtained from third party information.
Published Jun 24, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action.
Published Jun 18, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."
Published Jun 24, 2010 · Updated Sep 16, 2024