Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3838 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-11 | 4.0 MEDIUM | N/A |
|
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
|
|||||
| CVE-2012-2627 | 1 Sonicwall | 1 Scrutinizer | 2025-04-11 | 9.4 HIGH | N/A |
|
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.
|
|||||
| CVE-2010-3381 | 1 Alex Launi | 1 Tangerine | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The (1) tangerine and (2) tangerine-properties scripts in Tangerine 0.3.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
|
|||||
| CVE-2010-5247 | 1 Qtweb | 1 Qtweb | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .html, .htm, or .mhtml file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-3892 | 1 Ibm | 1 Omnifind | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value.
|
|||||
| CVE-2010-5203 | 1 Ncp-e | 3 Secure Client, Secure Enterprise Client, Secure Entry Client | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file. NOTE: some of these details are obtained from third party info ...
Show More |
|||||
| CVE-2010-5211 | 1 Estsoft | 1 Alsee | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in ALSee 6.20.0.1 allows local users to gain privileges via a Trojan horse patchani.dll file in the current working directory, as demonstrated by a directory that contains a .ani, .bmp, .cal, .hdp, .jpe, .mac, .pbm, .pcx, .pgm, .png, .psd, .ras, .tga, or .tiff file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-3162 | 1 Masahiko Watanabe | 1 Apsaly | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in Apsaly before 3.74 allows local users to gain privileges via a Trojan horse executable file in the current working directory.
|
|||||
| CVE-2010-3198 | 1 Zope | 1 Zope | 2025-04-11 | 4.3 MEDIUM | N/A |
|
ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions.
|
|||||
| CVE-2010-5229 | 1 Sweetscape | 1 010 Editor | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in 010 Editor before 3.1.3 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .hex file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-2663 | 1 Opera | 1 Opera Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element.
|
|||||
| CVE-2013-1092 | 1 Novell | 1 Zenworks Desktop Management | 2025-04-11 | 7.2 HIGH | N/A |
|
Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe.
|
|||||
| CVE-2011-0008 | 2 Redhat, Todd Miller | 2 Fedora, Sudo | 2025-04-11 | 6.9 MEDIUM | N/A |
|
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.
|
|||||
| CVE-2010-3126 | 1 Avast | 1 Avast Antivirus Free | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file.
|
|||||
| CVE-2009-4818 | 1 Phpsimplicity | 1 Simplicity Of Upload | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif.
|
|||||
| CVE-2010-4579 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs the (1) security information dialog or (2) download dialog.
|
|||||
| CVE-2011-1956 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic.
|
|||||
| CVE-2011-1985 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 7.2 HIGH | 7.1 HIGH |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
|
|||||
| CVE-2010-5251 | 1 Ibm | 1 Lotus Notes | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working directory, as demonstrated by a directory that contains a .vcf, .vcs, or .ics file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-5222 | 1 Audiotool | 1 Ease Jukebox | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in Ease Jukebox 1.40 allows local users to gain privileges via a Trojan horse wmaudsdk.dll file in the current working directory, as demonstrated by a directory that contains a .mp3 or .wav file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2011-2159 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | 10.0 HIGH | N/A |
|
The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/Defaults/frmDefaultSiteSettings.aspx, (2) Admin/Defaults/frmServerDefaults.aspx, (3) Admin/frmReportSettings.aspx, (4) Admin/frmSite.aspx, (5) App_Themes/Default/ButtonBarIcons.xml, (6) App_Themes/Default/Skin.xml, (7) Client/frmImportSettings.aspx, (8) Client/frmSeoSettings. ...
Show More |
|||||
| CVE-2011-5154 | 1 Sap | 1 Graphical User Interface | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-4944 | 1 Agilefleet | 2 Fleetcommander, Fleetcommander Kiosk | 2025-04-11 | 10.0 HIGH | N/A |
|
Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary code by uploading a file via an unspecified page.
|
|||||
| CVE-2012-1618 | 1 Postgresql | 2 Postgresql, Postgresql Jdbc Driver | 2025-04-11 | 7.5 HIGH | N/A |
|
Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.
|
|||||
| CVE-2010-5253 | 1 Winimage | 1 Winimage | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in WinImage 8.50 allows local users to gain privileges via a Trojan horse wnaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .imz file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-0729 | 1 Ibm | 1 Rational Appscan | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors.
|
|||||
| CVE-2013-4049 | 1 Ibm | 1 Spss Analytical Decision Management | 2025-04-11 | 8.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by uploading and accessing a JSP file.
|
|||||
| CVE-2011-2222 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors.
|
|||||
| CVE-2010-5244 | 1 Sisoftware | 1 Sandra 2012 | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in SiSoftware Sandra 2010 Lite 2010.7.16.52 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .sis file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-3923 | 1 Mitsu Hiro Hi Rose | 1 Attachecase | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory.
|
|||||
| CVE-2010-5256 | 1 Cdisplay | 1 Cdisplay | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in CDisplay 1.8.1 allows local users to gain privileges via a Trojan horse TRACE32.DLL file in the current working directory, as demonstrated by a directory that contains a .cba file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-2098 | 1 E107 | 1 E107 | 2025-04-11 | 7.5 HIGH | N/A |
|
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
|
|||||
| CVE-2012-1014 | 1 Mit | 1 Kerberos 5 | 2025-04-11 | 9.0 HIGH | N/A |
|
The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.
|
|||||
| CVE-2010-4499 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors.
|
|||||
| CVE-2010-2482 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
|
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.
|
|||||
| CVE-2013-2908 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.
|
|||||
| CVE-2012-5173 | 1 Bigace | 1 Bigace | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Session fixation vulnerability in BIGACE before 2.7.8 allows remote attackers to hijack web sessions via unspecified vectors.
|
|||||
| CVE-2010-5218 | 1 Dupehunter | 1 Dupehunter | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in Dupehunter 9.0.0.3911 allows local users to gain privileges via a Trojan horse Fwpuclnt.dll file in the current working directory, as demonstrated by a directory that contains a .dhjb file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-4472 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | 5.1 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter.
|
|||||
| CVE-2010-0925 | 2 Apple, Microsoft | 2 Safari, Windows | 2025-04-11 | 5.0 MEDIUM | N/A |
|
cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element.
|
|||||