Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1319 | 1 Versant | 1 Versant Object Database | 2018-10-11 | 9.3 HIGH | N/A |
| Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field. | |||||
| CVE-2008-1261 | 1 Zyxel | 1 P-2602hw-d1a | 2018-10-11 | 5.0 MEDIUM | N/A |
| The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI. | |||||
| CVE-2008-1072 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 4.7 MEDIUM | N/A |
| The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. | |||||
| CVE-2008-1079 | 1 Beehive Software | 1 Sendfile.net | 2018-10-11 | 7.5 HIGH | N/A |
| The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges. | |||||
| CVE-2008-1070 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. | |||||
| CVE-2015-7403 | 1 Ibm | 2 General Parallel File System, Spectrum Scale | 2018-10-11 | 2.1 LOW | 4.0 MEDIUM |
| IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors. | |||||
| CVE-2011-4061 | 1 Ibm | 2 Db2, Tivoli Monitoring For Databases | 2018-10-11 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header. | |||||
| CVE-2011-0276 | 1 Hp | 1 Openview Performance Insight | 2018-10-10 | 10.0 HIGH | N/A |
| HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class. | |||||
| CVE-2011-0420 | 1 Php | 1 Php | 2018-10-10 | 5.0 MEDIUM | N/A |
| The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. | |||||
| CVE-2010-4313 | 1 Novo-ws | 1 Orbis Cms | 2018-10-10 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in fileman_file_upload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a direct request to the file in uploads/. | |||||
| CVE-2010-4236 | 1 Ibm | 1 Omnifind | 2018-10-10 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895. | |||||
| CVE-2010-4255 | 1 Citrix | 1 Xen | 2018-10-10 | 6.1 MEDIUM | N/A |
| The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access. | |||||
| CVE-2010-4242 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 4.0 MEDIUM | N/A |
| The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver. | |||||
| CVE-2010-3976 | 2 Adobe, Microsoft | 2 Flash Player, Windows | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player. | |||||
| CVE-2010-3892 | 1 Ibm | 1 Omnifind | 2018-10-10 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value. | |||||
| CVE-2010-3200 | 1 Microsoft | 1 Word | 2018-10-10 | 4.3 MEDIUM | N/A |
| MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc. | |||||
| CVE-2010-3153 | 1 Adobe | 1 Indesign Cs4 | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an .indl, .indp, .indt, or .inx file. | |||||
| CVE-2010-3086 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 4.9 MEDIUM | N/A |
| include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault. | |||||
| CVE-2010-3128 | 1 Teamviewer | 1 Teamviewer | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file. | |||||
| CVE-2010-3151 | 1 Adobe | 2 Onlocation Cs4, Premiere Pro Cs4 | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Adobe On Location CS4 Build 315 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an OLPROJ file. | |||||
| CVE-2010-3131 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file. | |||||
| CVE-2010-3397 | 1 Pgp | 1 Desktop | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file. | |||||
| CVE-2010-3149 | 1 Adobe | 1 Device Central Cs5 | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse qtcf.dll that is located in the same folder as an ADCP file. | |||||
| CVE-2010-3150 | 1 Adobe | 1 Premier Pro Cs4 | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Adobe Premier Pro CS4 4.0.0 (314 (MC: 160820)) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as a .pproj, .prfpset, .prexport, .prm, .prmp, .prpreset, .prproj, .prsl, .prtl, or .vpr file. | |||||
| CVE-2010-3152 | 1 Adobe | 1 Illustrator | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or aires.dll that is located in the same folder as an .ait or .eps file. | |||||
| CVE-2010-2956 | 1 Todd Miller | 1 Sudo | 2018-10-10 | 6.2 MEDIUM | N/A |
| Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. | |||||
| CVE-2010-3066 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 4.9 MEDIUM | N/A |
| The io_submit_one function in fs/aio.c in the Linux kernel before 2.6.23 allows local users to cause a denial of service (NULL pointer dereference) via a crafted io_submit system call with an IOCB_FLAG_RESFD flag. | |||||
| CVE-2010-1988 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2018-10-10 | 10.0 HIGH | N/A |
| Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. | |||||
| CVE-2010-2070 | 1 Xensource | 1 Xen | 2018-10-10 | 4.9 MEDIUM | N/A |
| arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and "turn on BE by modifying the user mask of the PSR," as demonstrated via exploitation of CVE-2006-0742. | |||||
| CVE-2010-1795 | 1 Apple | 1 Itunes | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2010-1612 | 2 Ibm, Qlogic | 6 Websphere Datapower B2b Appliance Xb60, Websphere Datapower Datapower Integration Appliance Xi50, Websphere Datapower Low Latency Appliance Xm70 and 3 more | 2018-10-10 | 5.0 MEDIUM | N/A |
| The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote attackers to cause a denial of service (interface outage) via malformed ICMP packets to the 0.0.0.0 destination IP address. | |||||
| CVE-2010-0996 | 1 E107 | 1 E107 | 2018-10-10 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required. | |||||
| CVE-2010-0993 | 1 Pulsecms | 1 Pulse Cms | 2018-10-10 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2010-0618 | 1 Lexmark | 1 Z2420 | 2018-10-10 | 5.0 MEDIUM | N/A |
| The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser and inkjet printers and MarkNet devices allows remote attackers to cause a denial of service (TCP outage) by making many passive FTP connections and then aborting these connections. | |||||
| CVE-2010-0689 | 1 Datev | 1 Base System | 2018-10-10 | 10.0 HIGH | N/A |
| The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2010-0715 | 1 Ibm | 4 Lotus Quickr, Lotus Web Content Management, Lotus Workplace Web Content Management and 1 more | 2018-10-10 | 6.8 MEDIUM | N/A |
| Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string. | |||||
| CVE-2010-0685 | 1 Digium | 1 Asterisk | 2018-10-10 | 5.0 MEDIUM | N/A |
| The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available. | |||||
| CVE-2010-0622 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 2.1 LOW | N/A |
| The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. | |||||
| CVE-2010-0437 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 7.8 HIGH | N/A |
| The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2010-0415 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 4.6 MEDIUM | N/A |
| The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set. | |||||
| CVE-2010-0278 | 1 Microsoft | 3 Windows 7, Windows Live Messenger, Windows Vista | 2018-10-10 | 4.3 MEDIUM | N/A |
| A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. | |||||
| CVE-2009-4587 | 1 Cherokee | 1 Cherokee | 2018-10-10 | 5.0 MEDIUM | N/A |
| Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word. | |||||
| CVE-2009-4017 | 1 Php | 1 Php | 2018-10-10 | 5.0 MEDIUM | N/A |
| PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. | |||||
| CVE-2009-4048 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2018-10-10 | 4.0 MEDIUM | N/A |
| Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket. | |||||
| CVE-2009-4055 | 1 Digium | 2 Asterisk, S800i | 2018-10-10 | 5.0 MEDIUM | N/A |
| rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length. | |||||
| CVE-2009-4136 | 1 Postgresql | 1 Postgresql | 2018-10-10 | 6.5 MEDIUM | N/A |
| PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230. | |||||
| CVE-2009-3944 | 1 Rim | 2 Blackberry 8800, Blackberry Browser | 2018-10-10 | 5.0 MEDIUM | N/A |
| Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. | |||||
| CVE-2009-3749 | 1 Websense | 2 Email Security, Personal Email Manager | 2018-10-10 | 5.0 MEDIUM | N/A |
| The Web Administrator service (STEMWADM.EXE) in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allows remote attackers to cause a denial of service (crash) by sending a HTTP GET request to TCP port 8181 and closing the socket before the service can send a response. | |||||
| CVE-2009-3845 | 1 Hp | 1 Openview Network Node Manager | 2018-10-10 | 10.0 HIGH | N/A |
| The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts. | |||||
| CVE-2009-3277 | 1 Xenu By | 1 Datavault | 2018-10-10 | 5.0 MEDIUM | N/A |
| DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of an [ (open bracket) followed by many commas, related to a certain regular expression, aka a "ReDoS" vulnerability. | |||||