2010 CVEs

5249 CVEs published in 2010. 47 critical, 121 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2010
CVESeverityScorePublishedSummary
CVE-2010-5326Critical10.02016-05-13The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to…
CVE-2010-20113Critical9.82025-08-21EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the…
CVE-2010-20121Critical9.82025-08-21EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working D…
CVE-2010-20103Critical9.82025-08-20A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a…
CVE-2010-1435Critical9.82021-06-21Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently re…
CVE-2010-1433Critical9.82021-06-21Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An at…
CVE-2010-4815Critical9.82020-02-05Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.
CVE-2010-4660Critical9.82019-11-20Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..
CVE-2010-4533Critical9.82019-11-13offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with m…
CVE-2010-3438Critical9.82019-11-12libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argume…
CVE-2010-2476Critical9.82019-11-07syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that…
CVE-2010-2447Critical9.82019-11-07gitolite before 1.4.1 does not filter src/ or hooks/ from path names.
CVE-2010-2446Critical9.82019-11-06Rbot Reaction plugin allows command execution
CVE-2010-0748Critical9.82019-10-30Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments i…
CVE-2010-3375Critical9.82019-10-29qtparted has insecure library loading which may allow arbitrary code execution
CVE-2010-4239Critical9.82019-10-28Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
CVE-2010-5333Critical9.82019-09-13The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST…
CVE-2010-5330Critical9.82019-06-11On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demo…
CVE-2010-5305Critical9.82019-03-26The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controll…
CVE-2010-3845Critical9.82017-08-08libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.