Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2321 1 Adobe 1 Indesign Cs3 2017-08-16 9.3 HIGH N/A
Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote attackers to execute arbitrary code via a crafted .indd file.
CVE-2010-2329 1 Rosoftengineering 1 Rosoft Audio Converter 2017-08-16 9.3 HIGH N/A
Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote attackers to execute arbitrary code via a long playlist entry in a .m3u file.
CVE-2010-2330 1 Upredsun 1 Isharer File Sharing Wizard 2017-08-16 9.3 HIGH N/A
Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Length header.
CVE-2010-2332 2 Apple, Impactfinancials 2 Iphone Os, Impact Pdf Reader 2017-08-16 5.0 MEDIUM N/A
Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions for iPhone and iPod touch allows remote attackers to cause a denial of service (server crash) via a "..." body in a POST request.
CVE-2010-2337 1 Rsa 1 Federated Identity Manager 2017-08-16 6.0 MEDIUM N/A
Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.
CVE-2010-2338 1 Vunet 1 Vu Web Visitor Analyst 2017-08-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2339 1 Subdreamer 1 Subdreamer 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x allows remote attackers to execute arbitrary SQL commands via the categoryids[] parameter in an update_pages action.
CVE-2010-2341 1 Ezpx 1 Ezpx Photoblog 2017-08-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter.
CVE-2010-2343 1 Dennisre 1 Audio Converter 2017-08-16 9.3 HIGH N/A
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
CVE-2010-2344 1 Odcms 1 Odcms 2017-08-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to (1) _main/index.php, (2) _members/index.php, (3) _forum/index.php, (4) _docs/index.php, and (5) _announcements/index.php.
CVE-2010-2345 1 Odcms 1 Odcms 2017-08-16 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password, and other unspecified requests.
CVE-2010-2348 1 Freesoftwaretoolbox 1 Batch Audio Converter 2017-08-16 9.3 HIGH N/A
Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0.0.0 and earlier allows remote attackers to execute arbitrary code via a long line in a .WAV file.
CVE-2010-2350 1 Daniel Mealha Cabrita 1 Ziproxy 2017-08-16 6.8 MEDIUM N/A
Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNG file.
CVE-2010-2352 3 Drupal, Karen Stevenson, Yves Chedemois 3 Drupal, Cck, Cck 2017-08-16 5.0 MEDIUM N/A
The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes.
CVE-2010-2353 2 Drupal, Yves Chedemois 2 Drupal, Cck 2017-08-16 5.0 MEDIUM N/A
The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes.
CVE-2010-2354 1 Pilotgroup 1 Elms Pro 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.
CVE-2010-2355 1 Pilotgroup 1 Elms Pro 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2356 1 Pilotgroup 1 Elms Pro 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter.
CVE-2010-2357 1 Eicrasoft 1 Eicra Realestate Script 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2358 1 Jeffkilroy 1 Nakid Cms 2017-08-16 5.1 MEDIUM N/A
PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information.