LiveActive security incident?Get immediate response
CVE archive

July 2010

Browse CVE records published in July 2010, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 304 matching CVEs · Page 3 of 7.

Unknown · CVSS Not scored

CVE-2010-2755: layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter ar...

layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.

Published Jul 29, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2754: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0...

dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.

Published Jul 29, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2695: Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and po...

Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands.

Published Jul 12, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2656: The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other ver...

The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.

Published Jul 7, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2677: PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quot...

PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information.

Published Jul 8, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2702: Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as...

Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.

Published Jul 12, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2654: Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module...

Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.

Published Jul 7, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2686: Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow re...

Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters, as reachable from olk/c_p/searchCart.asp, and other unspecified vectors when performing an advanced search. NOTE: some of these details are obtained from third party information.

Published Jul 9, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2655: Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Manag...

Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.

Published Jul 7, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2698: Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated...

Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jul 12, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-2630: The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific...

The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.

Published Jul 6, 2010 · Updated Aug 7, 2024