LiveActive security incident?Get immediate response
CVE archive

July 2010

Browse CVE records published in July 2010, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 304 matching CVEs · Page 1 of 7.

High · CVSS 8.7

CVE-2010-10012: httpdASM 0.92 Path Traversal

A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal patterns, an attacker can escape the web root and access sensitive files outside of the intended directory.

Published Jul 23, 2025 · Updated Apr 7, 2026

High · CVSS 7.8 · CISA KEV

CVE-2010-2568: Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and...

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

Published Jul 22, 2010 · Updated Oct 22, 2025

Unknown · CVSS Not scored

CVE-2010-2722: Cross-site scripting (XSS) vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attac...

Cross-site scripting (XSS) vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artist_id parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jul 13, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-2625: Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-...

Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-00, 01-01, and 06-00 through 06-00-/A; ServerConductor / Deployment Manager Standard Edition and Enterprise Edition 07-50 through 07-55, and 07-57 through 07-59; and JP1/ServerConductor/Deployment Manager Standard and Enterprise Edition 07-50 through 07-56-/F, 08-00 through 08-09-/E, 08-50 through 08-80-/A, 08-06 through 08-07, and 08-51 through 08-70; allows attackers to cause a denial of service (shutdown and reboot) via unknown vectors.

Published Jul 2, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2010-2448: znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by reque...

znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.

Published Jul 12, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-2594: Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect All...

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.

Published Jul 1, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-1670: Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for aut...

Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.

Published Jul 6, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-2854: Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magi...

Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message. NOTE: some of these details are obtained from third party information.

Published Jul 23, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-2627: Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5....

Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.

Published Jul 2, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-2855: Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc...

Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) YourEmail and (2) VerificationNumber parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jul 23, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-5331: In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an...

In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. NOTE: At least one Linux maintainer believes that this CVE is incorrectly assigned and should be rejected because the value is hard coded and are not user-controllable where it is used

Published Jul 27, 2019 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-5332: In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c.

In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access.

Published Jul 27, 2019 · Updated Aug 7, 2024