LiveActive security incident?Get immediate response
CVE archive

September 2010

Browse CVE records published in September 2010, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 397 matching CVEs · Page 4 of 8.

Unknown · CVSS Not scored

CVE-2010-5242: Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privilege...

Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details are obtained from third party information.

Published Sep 7, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-5228: Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879 allows local users to gain privileges...

Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879 allows local users to gain privileges via a Trojan horse rio500.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: some of these details are obtained from third party information.

Published Sep 7, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-5243: Multiple untrusted search path vulnerabilities in Cyberlink Power2Go 7.0.0.0816 allow local users to gain p...

Multiple untrusted search path vulnerabilities in Cyberlink Power2Go 7.0.0.0816 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) MFC71LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .p2g, .iso, .pdl, .pds, or .p2i file. NOTE: some of these details are obtained from third party information.

Published Sep 7, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-3483: cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to ga...

cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters.

Published Sep 22, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-3033: Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users t...

Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843.

Published Sep 10, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-5201: Untrusted search path vulnerability in MAGIX Samplitude Producer 11 allows local users to gain privileges v...

Untrusted search path vulnerability in MAGIX Samplitude Producer 11 allows local users to gain privileges via a Trojan horse PlayRIplA6.dll file in the current working directory, as demonstrated by a directory that contains a .vip file. NOTE: some of these details are obtained from third party information.

Published Sep 6, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-5272: Untrusted search path vulnerability in Altova DatabaseSpy 2011 Enterprise Edition SP1 allows local users to...

Untrusted search path vulnerability in Altova DatabaseSpy 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .qprj file. NOTE: some of these details are obtained from third party information.

Published Sep 7, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-5206: Multiple untrusted search path vulnerabilities in e-press ONE Office E-NoteTaker and E-Zip allow local user...

Multiple untrusted search path vulnerabilities in e-press ONE Office E-NoteTaker and E-Zip allow local users to gain privileges via a Trojan horse (1) mfc71enu.dll or (2) mfc71loc.dll file in the current working directory, as demonstrated by a directory that contains a .txt, .rar, or .tar file. NOTE: some of these details are obtained from third party information.

Published Sep 6, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-5237: Untrusted search path vulnerability in CyberLink PowerDirector 7 allows local users to gain privileges via...

Untrusted search path vulnerability in CyberLink PowerDirector 7 allows local users to gain privileges via a Trojan horse mfc71loc.dll file in the current working directory, as demonstrated by a directory that contains a .pdl, .iso, .pds, .p2g, or .p2i file. NOTE: some of these details are obtained from third party information.

Published Sep 7, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-5209: Multiple untrusted search path vulnerabilities in Nuance PDF Reader 6.0 allow local users to gain privilege...

Multiple untrusted search path vulnerabilities in Nuance PDF Reader 6.0 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) exceptiondumpdll.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information.

Published Sep 6, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-5234: Multiple untrusted search path vulnerabilities in Camtasia Studio 7.0.1 build 57 allow local users to gain...

Multiple untrusted search path vulnerabilities in Camtasia Studio 7.0.1 build 57 allow local users to gain privileges via a Trojan horse (1) MFC90ENU.DLL or (2) MFC90LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .cmmp or .camrec file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Sep 7, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-5262: Multiple untrusted search path vulnerabilities in libmcl-5.4.0.dll in Gromada Multimedia Conversion Library...

Multiple untrusted search path vulnerabilities in libmcl-5.4.0.dll in Gromada Multimedia Conversion Library 5.4.0 allow local users to gain privileges via a Trojan horse (1) libgif-1.1.0.dll or (2) libhav-1.0.1.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Sep 7, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2010-5333: The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow...

The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow.

Published Sep 13, 2019 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-5290: The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext passwo...

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.

Published Sep 20, 2013 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-5213: Untrusted search path vulnerability in Adobe LiveCycle Designer 8.2.1.3144.1.471865 allows local users to g...

Untrusted search path vulnerability in Adobe LiveCycle Designer 8.2.1.3144.1.471865 allows local users to gain privileges via a Trojan horse .dll file in the current working directory, as demonstrated by a directory that contains a .tds file. NOTE: some of these details are obtained from third party information.

Published Sep 6, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4841: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote atta...

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. Fixed in Build 9000.

Published Sep 27, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4834: Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial...

Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information.

Published Sep 13, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4850: Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbit...

Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php.

Published Sep 27, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2010-4818: The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (se...

The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c.

Published Sep 5, 2012 · Updated Aug 7, 2024