Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4866 | 1 Xtremerat | 1 Xtremerat | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in Xtreme RAT 3.5 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as the current working directory. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-3475 | 1 Ushahidi | 1 Ushahidi Platform | 2025-04-11 | 7.5 HIGH | N/A |
|
The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.
|
|||||
| CVE-2013-0773 | 4 Canonical, Debian, Mozilla and 1 more | 7 Ubuntu Linux, Debian Linux, Firefox and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
|
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.
|
|||||
| CVE-2010-2951 | 1 Squid-cache | 1 Squid | 2025-04-11 | 5.0 MEDIUM | N/A |
|
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.
|
|||||
| CVE-2010-5226 | 1 Autodesk | 1 Design Review 2011 | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in Autodesk Design Review 2011 11.0.0.86 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll, (2) whiptk_wt.7.12.601.dll, or (3) xaml_wt.7.6.0.dll file in the current working directory, as demonstrated by a directory that contains a .dwf file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2012-0305 | 1 Symantec | 2 Backupexec System Recovery, System Recovery | 2025-04-11 | 4.4 MEDIUM | N/A |
|
Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
|
|||||
| CVE-2010-3773 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.
|
|||||
| CVE-2011-0282 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
|
|||||
| CVE-2010-2195 | 1 Eterna | 1 Bozohttpd | 2025-04-11 | 5.0 MEDIUM | N/A |
|
bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows attackers to cause a denial of service via vectors related to a "wrong code generation interaction with GCC."
|
|||||
| CVE-2013-6467 | 1 Libreswan | 1 Libreswan | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.
|
|||||
| CVE-2010-5202 | 1 Jetaudio | 1 Jetaudio | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic allows local users to gain privileges via a Trojan horse WNASPI32.DLL file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-4628 | 1 Mybb | 1 Mybb | 2025-04-11 | 5.0 MEDIUM | N/A |
|
member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.
|
|||||
| CVE-2012-3562 | 1 Opera | 1 Opera Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page.
|
|||||
| CVE-2011-0276 | 1 Hp | 1 Openview Performance Insight | 2025-04-11 | 10.0 HIGH | N/A |
|
HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.
|
|||||
| CVE-2010-5232 | 1 Divx | 1 Divx Plus Player | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in DivX Plus Player 8.1.0 allows local users to gain privileges via a Trojan horse ssleay32.dll file in a certain directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-3397 | 1 Pgp | 1 Desktop | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file.
|
|||||
| CVE-2010-3149 | 1 Adobe | 1 Device Central Cs5 | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse qtcf.dll that is located in the same folder as an ADCP file.
|
|||||
| CVE-2010-0782 | 1 Ibm | 1 Websphere Mq | 2025-04-11 | 4.3 MEDIUM | N/A |
|
IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate.
|
|||||
| CVE-2010-1810 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-11 | 3.5 LOW | N/A |
|
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
|
|||||
| CVE-2011-4061 | 1 Ibm | 2 Db2, Tivoli Monitoring For Databases | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.
|
|||||
| CVE-2011-5155 | 1 Helpandmanual | 1 Help \& Manual | 2025-04-11 | 6.3 MEDIUM | N/A |
|
Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 allows local users to gain privileges via a Trojan horse ijl15.dll file in the current working directory, as demonstrated by a directory that contains a .hmxz, .hmxp, .hmskin, .hmx, .hm3, .hpj, .hlp, or .chm file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-2135 | 3 Canonical, Debian, Python | 3 Ubuntu Linux, Debian Linux, Python | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.
|
|||||
| CVE-2012-3744 | 1 Apple | 1 Iphone Os | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address.
|
|||||
| CVE-2012-6460 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site.
|
|||||
| CVE-2010-3402 | 1 Ultraedit | 1 Ultraedit | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file.
|
|||||
| CVE-2012-1666 | 1 Vmware | 5 Esx, Fusion, Player and 2 more | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.
|
|||||
| CVE-2012-3563 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings.
|
|||||
| CVE-2011-1980 | 1 Microsoft | 1 Office | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
|
|||||
| CVE-2010-2956 | 1 Todd Miller | 1 Sudo | 2025-04-11 | 6.2 MEDIUM | N/A |
|
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
|
|||||
| CVE-2010-4587 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2025-04-11 | 9.3 HIGH | N/A |
|
Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module.
|
|||||
| CVE-2011-2878 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
|
|||||
| CVE-2010-5242 | 1 Sony | 1 Sound Forge | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-2186 | 2 Asterisk, Sangoma | 5 Business Edition, Certified Asterisk, Digiumphones and 2 more | 2025-04-11 | 9.0 HIGH | N/A |
|
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
|
|||||
| CVE-2012-2667 | 1 Sensiolabs | 1 Symfony | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
|
|||||
| CVE-2010-0397 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.
|
|||||
| CVE-2010-5266 | 1 Videocharge | 1 Videocharge Studio | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in VideoCharge Studio 2.9.0.632 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .vsc file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-2152 | 1 Redhat | 1 Enterprise Virtualization | 2025-04-11 | 7.2 HIGH | N/A |
|
Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder.
|
|||||
| CVE-2013-2896 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.7 MEDIUM | N/A |
|
drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.
|
|||||
| CVE-2011-4053 | 1 7t | 1 Igss | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) before 9.0.0.11291 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
|
|||||
| CVE-2012-1821 | 2 Microsoft, Symantec | 2 Windows 2003 Server, Endpoint Protection | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic.
|
|||||