Back to CVE Browser

CVE-2010-2584

MEDIUM

5.0

CVSS Severity Score

EPSS Score0.0500%

EPSS Percentile12.61th

PublishedOct 26, 2010

Last ModifiedApr 29, 2026

Vulnerability Description

The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property.

Affected Platforms (CPE)

📦

Realpage

Module Activex Controls

= 1.0.0.9

References & Advisories

🔗 http://secunia.com/advisories/41392

🔗 http://secunia.com/secunia_research/2010-118/

🔗 http://www.osvdb.org/68813

🔗 http://www.securityfocus.com/bid/44302

🔗 http://secunia.com/advisories/41392

🔗 http://secunia.com/secunia_research/2010-118/

🔗 http://www.osvdb.org/68813

🔗 http://www.securityfocus.com/bid/44302

Related Vulnerabilities

CVE-2007-293810.0

Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Inter...

CVE-2007-172210.0

Buffer overflow in the DownloadCertificateExt function in SignKorea SKCommAX ActiveX control module 7.2.0.2 and 3280 6.6.0.1 allow...

CVE-2007-195510.0

Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute a...

CVE-2008-044310.0

Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Modu...