Vulnerabilities (CVE)

Filtered by CWE-94
Total 6442 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2358 1 Jeffkilroy 1 Nakid Cms 2026-06-16 5.1 MEDIUM N/A
PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2341 1 Ezpx 1 Ezpx Photoblog 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter.
CVE-2010-2315 1 Smartisoft 1 Phpbazar 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter.
CVE-2010-2314 2 Edmondhui.homeip, Nucleus Group 2 Np Twitter, Nucleus Cms 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2297 3 Google, Opensuse, Suse 4 Chrome, Opensuse, Suse Linux Enterprise Desktop and 1 more 2026-06-16 9.3 HIGH N/A
rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.
CVE-2010-2261 1 Linksys 1 Wap54gv3 2026-06-16 10.0 HIGH N/A
Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
CVE-2010-2240 1 Linux 1 Linux Kernel 2026-06-16 7.2 HIGH N/A
The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.
CVE-2010-2235 1 Michael Dehaan 1 Cobbler 2026-06-16 8.5 HIGH N/A
template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.
CVE-2010-2217 3 Adobe, Linux, Microsoft 4 Flash Media Server, Flash Media Server 2, Linux Kernel and 1 more 2026-06-16 10.0 HIGH N/A
Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to execute arbitrary code via unspecified vectors, related to a "JS method vulnerability."
CVE-2010-2216 1 Adobe 3 Adobe Air, Flash Player, Flash Player For Linux 2026-06-16 9.3 HIGH N/A
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214.
CVE-2010-2214 1 Adobe 3 Adobe Air, Flash Player, Flash Player For Linux 2026-06-16 9.3 HIGH N/A
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216.
CVE-2010-2213 1 Adobe 3 Adobe Air, Flash Player, Flash Player For Linux 2026-06-16 9.3 HIGH N/A
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216.
CVE-2010-2208 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2026-06-16 9.3 HIGH N/A
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors.
CVE-2010-2205 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2026-06-16 9.3 HIGH N/A
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors.
CVE-2010-2186 2 Adobe, Macromedia 3 Air, Flash Player, Flash Player 2026-06-16 9.3 HIGH N/A
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2010-2163 2 Adobe, Macromedia 3 Air, Flash Player, Flash Player 2026-06-16 9.3 HIGH N/A
Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.
CVE-2010-2161 2 Adobe, Macromedia 3 Air, Flash Player, Flash Player 2026-06-16 9.3 HIGH N/A
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code."
CVE-2010-2146 1 Graviton-mediatech 1 Visitor Logger 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter.
CVE-2010-2145 1 Richrumble 1 Clearsite 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4.50, and possibly other versions, allow remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter to (1) docs.php and (2) include/admin/device_admin.php. NOTE: the header.php vector is already covered by CVE-2009-3306. NOTE: this issue may be due to a variable extraction error.
CVE-2010-2137 1 Giaard 1 Proman 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.