Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3964 | 1 Microsoft | 1 Sharepoint Server | 2025-04-11 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
|
|||||
| CVE-2012-2982 | 1 Gentoo | 1 Webmin | 2025-04-11 | 6.5 MEDIUM | N/A |
|
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
|
|||||
| CVE-2012-2451 | 1 Shlomi Fish | 1 Config-inifiles | 2025-04-11 | 3.6 LOW | N/A |
|
The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.
|
|||||
| CVE-2010-5224 | 1 Coolrecordedit | 1 Cool Iphone Ringtone Maker | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in Cool iPhone Ringtone Maker 2.2.3 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-3394 | 1 Texmacs | 1 Texmacs | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
|
|||||
| CVE-2012-2830 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors.
|
|||||
| CVE-2012-0187 | 1 Ibm | 1 Lotus Expeditor | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory.
|
|||||
| CVE-2011-3690 | 1 Plotsoft | 1 Pdfill Pdf Editor | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in PlotSoft PDFill PDF Editor 8.0 allows local users to gain privileges via a Trojan horse mfc70enu.dll or mfc80loc.dll in the current working directory.
|
|||||
| CVE-2010-1425 | 1 F-secure | 14 Anti-virus, F-secure Anti-virus, F-secure Anti-virus Client Security and 11 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earli ...
Show More |
|||||
| CVE-2003-1578 | 1 Sun | 1 One Web Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
|
|||||
| CVE-2011-4752 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | 10.0 HIGH | N/A |
|
SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
|
|||||
| CVE-2011-0399 | 1 Matomo | 1 Matomo | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
|
|||||
| CVE-2012-1820 | 1 Quagga | 1 Quagga | 2025-04-11 | 2.9 LOW | N/A |
|
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
|
|||||
| CVE-2012-2652 | 1 Qemu | 1 Qemu | 2025-04-11 | 4.4 MEDIUM | N/A |
|
The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.
|
|||||
| CVE-2012-4897 | 1 Vmware | 1 Movie Decoder | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory.
|
|||||
| CVE-2010-5217 | 1 Tuneup | 2 Tuneup Utilities 2009, Tuneup Utilities 2010 | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in TuneUp Utilities 2009 8.0.3310 and 2010 9.0.4600 allow local users to gain privileges via a Trojan horse (1) wscapi.dll or (2) vclib32.dll file in the current working directory, as demonstrated by a directory that contains a .tvs file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-5268 | 1 Amazon | 1 Kindle For Pc | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 30884 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .azw file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-5254 | 1 Gfi | 1 Gfi Backup 2009 | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 2009 Home Edition allows local users to gain privileges via a Trojan horse ArmAccess.dll file in the current working directory, as demonstrated by a directory that contains a .gbc or .gbt file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-5223 | 1 Phoenixcpm | 1 Phoenix Project Manager | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in Phoenix Project Manager 2.1.0.8 allow local users to gain privileges via a Trojan horse (1) wbtrv32.dll or (2) w3btrv7.dll file in the current working directory, as demonstrated by a directory that contains a .ppx file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-6617 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.
|
|||||
| CVE-2010-3839 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-11 | 4.0 MEDIUM | N/A |
|
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
|
|||||
| CVE-2012-1955 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.
|
|||||
| CVE-2012-1065 | 1 2x | 1 Applicationserver | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to create or overwrite arbitrary files via the ExportSettings method.
|
|||||
| CVE-2012-0756 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.
|
|||||
| CVE-2010-3681 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
|
|||||
| CVE-2013-6999 | 1 Microsoft | 1 Windows Server 2008 | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted NtUserValidateHandleSecure call for an owned object. NOTE: the vendor reportedly disputes the significance of this report, stating that "it appears to be a local DOS ... we don't consider it a security vulnerability ...
Show More |
|||||
| CVE-2012-1950 | 1 Mozilla | 1 Firefox | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.
|
|||||
| CVE-2010-5265 | 1 Nirsoft | 1 Smartsniff | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in SmartSniff 1.71 allows local users to gain privileges via a Trojan horse wpcap.dll file in the current working directory, as demonstrated by a directory that contains a .cfg or .ssp file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-1849 | 1 Apache | 1 Subversion | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
|
|||||
| CVE-2013-2601 | 1 Citrix | 1 Xenclient Xt | 2025-04-11 | 7.5 HIGH | N/A |
|
The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection.
|
|||||
| CVE-2011-5156 | 1 Sowsoft | 1 Effective File Search | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in Effective File Search 6.7 allows local users to gain privileges via a Trojan horse ztvunrar36.dll file in the current working directory, as demonstrated by a directory that contains a .efs file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-3312 | 1 Gnome | 1 Epiphany | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
|
|||||
| CVE-2012-1967 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
|
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.
|
|||||
| CVE-2013-1453 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.
|
|||||
| CVE-2010-3369 | 1 Debian | 1 Mono-debugger | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, and other versions before 2.8.1, place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
|
|||||
| CVE-2010-3141 | 1 Microsoft | 1 Powerpoint | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
|
|||||
| CVE-2010-0055 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 10.0 HIGH | N/A |
|
xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.
|
|||||
| CVE-2011-4761 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | 10.0 HIGH | N/A |
|
Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving domains/sitebuilder_edit.php and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
|
|||||
| CVE-2011-3664 | 2 Apple, Mozilla | 4 Mac Os X, Firefox, Seamonkey and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site.
|
|||||
| CVE-2010-2369 | 1 Susie Ro | 1 Lhasa | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in Lhasa 0.19 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.
|
|||||