Unknown · CVSS Not scored
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.
Published Jul 22, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
Published Jul 29, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form.
Published Jul 13, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Published Jul 29, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action.
Published Jul 13, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning.
Published Jul 7, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
Published Jul 9, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in manager/login.php in CruxSoftware CruxCMS 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the txtusername parameter.
Published Jul 13, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.
Published Jul 27, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Published Jul 9, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter.
Published Jul 1, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request.
Published Jul 9, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter.
Published Jul 8, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors.
Published Jul 8, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected.
Published Jul 1, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
Published Jul 6, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment.
Published Jul 9, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations.
Published Jul 7, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click."
Published Jul 7, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands.
Published Jul 12, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
Published Jul 7, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php.
Published Jul 9, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information.
Published Jul 8, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information.
Published Jul 12, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
Published Jul 13, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
Published Jul 9, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Published Jul 6, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.
Published Jul 12, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe.
Published Jul 27, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.
Published Jul 7, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors.
Published Jul 6, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action.
Published Jul 8, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter.
Published Jul 12, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.
Published Jul 6, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
Published Jul 8, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters, as reachable from olk/c_p/searchCart.asp, and other unspecified vectors when performing an advanced search. NOTE: some of these details are obtained from third party information.
Published Jul 9, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance.
Published Jul 22, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.
Published Jul 7, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations.
Published Jul 7, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) ndetail.php and (2) print.php.
Published Jul 13, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to execute arbitrary commands via shell metacharacters in the fn command. NOTE: some of these details are obtained from third party information.
Published Jul 2, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image.
Published Jul 6, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.
Published Jul 9, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.
Published Jul 7, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
Published Jul 2, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Jul 12, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters.
Published Jul 8, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
Published Jul 8, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in printdetail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the Id parameter.
Published Jul 9, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
Published Jul 6, 2010 · Updated Aug 7, 2024