Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5318 | 2 Kishore Asokan, Wordpress | 2 Kish Guest Posting Plugin, Wordpress | 2012-10-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125. | |||||
| CVE-2012-1618 | 1 Postgresql | 2 Postgresql, Postgresql Jdbc Driver | 2012-10-08 | 7.5 HIGH | N/A |
| Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005. | |||||
| CVE-2012-3693 | 1 Apple | 1 Safari | 2012-09-22 | 5.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs. | |||||
| CVE-2011-3328 | 1 Greg Roelofs | 1 Libpng | 2012-09-22 | 2.6 LOW | N/A |
| The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value. | |||||
| CVE-2010-5202 | 1 Jetaudio | 1 Jetaudio | 2012-09-21 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic allows local users to gain privileges via a Trojan horse WNASPI32.DLL file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5257 | 1 Graphisoft | 1 Archicad | 2012-09-21 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in ArchiCAD 13 and 14 allow local users to gain privileges via a Trojan horse (1) srcsrv.dll or (2) GSAutoTester.DLL file in the current working directory, as demonstrated by a directory that contains a .2df file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5255 | 1 Ezbsystems | 1 Ultraiso | 2012-09-21 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5243 | 1 Cyberlink | 1 Power2go | 2012-09-21 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Cyberlink Power2Go 7.0.0.0816 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) MFC71LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .p2g, .iso, .pdl, .pds, or .p2i file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5237 | 1 Cyberlink | 1 Powerdirector | 2012-09-21 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in CyberLink PowerDirector 7 allows local users to gain privileges via a Trojan horse mfc71loc.dll file in the current working directory, as demonstrated by a directory that contains a .pdl, .iso, .pds, .p2g, or .p2i file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5242 | 1 Sony | 1 Sound Forge | 2012-09-21 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-3052 | 1 Cisco | 1 Vpn Client | 2012-09-17 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747. | |||||
| CVE-2012-4883 | 1 3ds | 1 3dvia Composer | 2012-09-17 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a directory that contains a .smg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2012-3893 | 1 Cisco | 1 Ios | 2012-09-17 | 6.3 MEDIUM | N/A |
| The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622. | |||||
| CVE-2010-5204 | 1 Ibm | 1 Lotus Symphony | 2012-09-13 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via a Trojan horse (1) eclipse_1114.dll or (2) emser645mi.dll file in the current working directory, as demonstrated by a directory that contains a .odm, .odt, .otp, .stc, .stw, .sxg, or .sxw file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5200 | 1 Keepass | 1 Keepass | 2012-09-13 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .kdb file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-3146 | 1 Gnome | 1 Librsvg | 2012-09-13 | 6.8 MEDIUM | N/A |
| librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. | |||||
| CVE-2010-5201 | 1 Magix | 1 Samplitude Producer | 2012-09-13 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in MAGIX Samplitude Producer 11 allows local users to gain privileges via a Trojan horse PlayRIplA6.dll file in the current working directory, as demonstrated by a directory that contains a .vip file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5206 | 1 E-press | 2 One Office E-notetaker, One Office E-zip | 2012-09-13 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in e-press ONE Office E-NoteTaker and E-Zip allow local users to gain privileges via a Trojan horse (1) mfc71enu.dll or (2) mfc71loc.dll file in the current working directory, as demonstrated by a directory that contains a .txt, .rar, or .tar file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5205 | 1 E-press | 1 One Office Author | 2012-09-13 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in e-press ONE Office Author allow local users to gain privileges via a Trojan horse (1) java_msci.dll or (2) msci_java.dll file in the current working directory, as demonstrated by a directory that contains a .psw file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-4389 | 1 Owncloud | 1 Owncloud | 2012-09-13 | 6.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. | |||||
| CVE-2012-4010 | 1 Opera | 1 Opera Browser | 2012-09-13 | 5.0 MEDIUM | N/A |
| Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660. | |||||
| CVE-2010-5198 | 1 Intuit | 1 Quickbooks | 2012-09-13 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Intuit QuickBooks 2010 allow local users to gain privileges via a Trojan horse (1) dbicudtx11.dll, (2) mfc90enu.dll, or (3) mfc90loc.dll file in the current working directory, as demonstrated by a directory that contains a .des, .qbo, or .qpg file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5134 | 2 Joomla, Widgetfactorylimited | 2 Joomla\!, Com Jce | 2012-09-13 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5259 | 1 Isobuster | 1 Isobuster | 2012-09-11 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow local users to gain privileges via a Trojan horse (1) wnaspi32.dll or (2) ntaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .img file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-5197 | 1 Pixia | 1 Pixia | 2012-09-11 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Pixia 4.70j allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pxa file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5230 | 1 Bentley | 1 Microstation | 2012-09-11 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in MicroStation 7.1 allow local users to gain privileges via a Trojan horse (1) mptools.dll, (2) baseman.dll, (3) wintab32.dll, or (4) wintab.dll file in the current working directory, as demonstrated by a directory that contains a .hln or .rdl file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5268 | 1 Amazon | 1 Kindle For Pc | 2012-09-10 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 30884 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .azw file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1666 | 1 Vmware | 5 Esx, Fusion, Player and 2 more | 2012-09-10 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. | |||||
| CVE-2012-3004 | 1 Realflex | 3 Flexview, Realwin, Realwindemo | 2012-09-10 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or (2) keyhook.dll file in the current working directory. | |||||
| CVE-2012-4880 | 1 Sony | 2 Dvd Architect Pro, Dvd Architect Studio | 2012-09-10 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users to gain privileges via a Trojan horse (1) enc_mp2v.200 or (2) CFHDDecoder.dll file in the current working directory, as demonstrated by a directory that contains a .dar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2012-4881 | 1 Sony | 1 Moviez Hd | 2012-09-10 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain privileges via a Trojan horse avrt.dll file in the current working directory, as demonstrated by a directory that contains a .mvz file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2012-4882 | 1 3ds | 1 3d Xml Player | 2012-09-10 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current working directory, as demonstrated by a directory that contains a .3dx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-5269 | 1 Intel | 1 Threading Building Blocks | 2012-09-10 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in tbb.dll in Intel Threading Building Blocks (TBB) 2.2.013 allows local users to gain privileges via a Trojan horse tbbmalloc.dll file in the current working directory, as demonstrated by a directory that contains a .pbk file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5271 | 1 Altova | 1 Mapforce | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Altova MapForce 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .mfd file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5264 | 1 Prof-uis | 1 Prof-uis | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the CExtDWM::CExtDWM method in ProfUIS290m.dll and ProfUIS290m-RDE.dll in Prof-UIS before 2.9.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5263 | 1 Sothink | 1 Swf Decompiler | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Sothink SWF Decompiler 6.0 Build 610 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .flv file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5258 | 1 Adobe | 1 Audition | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 allows local users to gain privileges via a Trojan horse Assist.Dll file in the current working directory, as demonstrated by a directory that contains a .ses file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5254 | 1 Gfi | 1 Gfi Backup 2009 | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 2009 Home Edition allows local users to gain privileges via a Trojan horse ArmAccess.dll file in the current working directory, as demonstrated by a directory that contains a .gbc or .gbt file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5253 | 1 Winimage | 1 Winimage | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in WinImage 8.50 allows local users to gain privileges via a Trojan horse wnaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .imz file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5252 | 1 Httrack | 1 Httrack | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in HTTrack 3.43-9 allows local users to gain privileges via a Trojan horse httrack-plugin.dll file in the current working directory, as demonstrated by a directory that contains a .whtt file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5251 | 1 Ibm | 1 Lotus Notes | 2012-09-07 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working directory, as demonstrated by a directory that contains a .vcf, .vcs, or .ics file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-5249 | 1 Sophos | 2 Free Encryption, Safeguard Privatecrypto | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Sophos Free Encryption 2.40.1.1 and Sophos SafeGuard PrivateCrypto 2.40.1.2 allows local users to gain privileges via a Trojan horse pcrypt0406.dll file in the current working directory, as demonstrated by a directory that contains a .uti file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-5248 | 1 Ultravnc | 1 Ultravnc | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local users to gain privileges via a Trojan horse vnclang.dll file in the current working directory, as demonstrated by a directory that contains a .vnc file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5247 | 1 Qtweb | 1 Qtweb | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .html, .htm, or .mhtml file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5244 | 1 Sisoftware | 1 Sandra 2012 | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in SiSoftware Sandra 2010 Lite 2010.7.16.52 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .sis file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5239 | 1 Daemon-tools | 1 Daemon Tools | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 and Pro Standard 4.36.0309.0160 allows local users to gain privileges via a Trojan horse mfc80loc.dll file in the current working directory, as demonstrated by a directory that contains a .mds file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5234 | 1 Techsmith | 1 Camtasia Studio | 2012-09-07 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Camtasia Studio 7.0.1 build 57 allow local users to gain privileges via a Trojan horse (1) MFC90ENU.DLL or (2) MFC90LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .cmmp or .camrec file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-5232 | 1 Divx | 1 Divx Plus Player | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in DivX Plus Player 8.1.0 allows local users to gain privileges via a Trojan horse ssleay32.dll file in a certain directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-5227 | 1 Opera | 1 Opera | 2012-09-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1468 | 1 Pkp | 1 Open Journal Systems | 2012-09-07 | 6.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions. | |||||