Vulnerabilities (CVE)

Filtered by CWE-94
Total 6444 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3228 1 Microsoft 6 .net Framework, Windows 7, Windows Server 2003 and 3 more 2026-06-16 9.3 HIGH N/A
The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."
CVE-2010-3221 1 Microsoft 3 Office, Word, Word Viewer 2026-06-16 9.3 HIGH N/A
Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
CVE-2010-3220 1 Microsoft 2 Office, Word 2026-06-16 9.3 HIGH N/A
Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
CVE-2010-3219 1 Microsoft 1 Word 2026-06-16 9.3 HIGH N/A
Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
CVE-2010-3218 1 Microsoft 1 Word 2026-06-16 9.3 HIGH N/A
Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
CVE-2010-3216 1 Microsoft 2 Office, Word 2026-06-16 9.3 HIGH N/A
Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
CVE-2010-3215 1 Microsoft 2 Office, Word 2026-06-16 9.3 HIGH N/A
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
CVE-2010-3210 1 Martin Lee 1 Multi-lingual E-commerce System 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/.
CVE-2010-3209 1 Seagullproject.org 1 Seagull 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to (1) Config/Container.php and (2) HTML/QuickForm.php in fog/lib/pear/, the (3) driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the (4) path parameter to fog/lib/pear/DB/NestedSet/Output.php.
CVE-2010-3206 1 Diy-cms 1 Diy-cms 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to modules/guestbook/blocks/control.block.php, (2) main_module parameter to index.php, and (3) getFile parameter to includes/general.functions.php.
CVE-2010-3205 1 Textpattern 1 Textpattern 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
CVE-2010-3204 1 Pecio-cms 1 Pecio Cms 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) post.php, (2) article.php, (3) blog.php, or (4) home.php in pec_templates/nova-blue/.
CVE-2010-3189 1 Trendmicro 1 Internet Security 2026-06-16 9.3 HIGH N/A
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.
CVE-2010-3172 1 Mozilla 1 Bugzilla 2026-06-16 2.6 LOW N/A
CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.
CVE-2010-3088 2 Jianping Yu, Pidgin 2 Pidgin-knotify, Pidgin 2026-06-16 5.1 MEDIUM N/A
The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message.
CVE-2010-3085 1 David Shadoff 1 Mednafen 2026-06-16 10.0 HIGH N/A
The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues.
CVE-2010-3037 1 Cisco 14 Unified Videoconferencing System 3515 Multipoint Control Unit, Unified Videoconferencing System 3515 Multipoint Control Unit Firmware, Unified Videoconferencing System 3522 Basic Rate Interface Gateway and 11 more 2026-06-16 8.5 HIGH N/A
goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a "shell command injection vulnerability," aka Bug ID CSCti54059.
CVE-2010-2996 2 Microsoft, Realnetworks 2 Windows, Realplayer 2026-06-16 9.3 HIGH N/A
Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.
CVE-2010-2991 1 Citrix 1 Online Plug-in For Windows For Xenapp \& Xendesktop 2026-06-16 9.3 HIGH N/A
The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file.
CVE-2010-2918 2 Joomla, Visocrea 2 Joomla\!, Com Joomla Visites 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.