Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1881 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 7.2 HIGH | 8.4 HIGH |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." | |||||
| CVE-2011-0403 | 1 Imgburn | 1 Imgburn | 2025-04-11 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file. | |||||
| CVE-2007-6753 | 1 Microsoft | 5 Windows 2000, Windows 7, Windows Server 2008 and 2 more | 2025-04-11 | 6.2 MEDIUM | N/A |
| Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. | |||||
| CVE-2011-4854 | 2 Microsoft, Parallels | 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel | 2025-04-11 | 9.3 HIGH | N/A |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not ensure that Content-Type HTTP headers match the corresponding Content-Type data in HTML META elements, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving the get_enabled_product_icon program. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. | |||||
| CVE-2010-3358 | 1 Henner Zeller | 1 Henplus | 2025-04-11 | 6.9 MEDIUM | N/A |
| HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-5261 | 1 Snowfoxsoft | 1 Snowfox Total Video Converter | 2025-04-11 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in SnowFox Total Video Converter 2.5.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-4936 | 1 Patterninsight | 1 Pattern Insight | 2025-04-11 | 6.8 MEDIUM | N/A |
| The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element. | |||||
| CVE-2011-0282 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name. | |||||
| CVE-2010-3366 | 1 Zeus.physik.uni-bonn | 1 Mn Fit | 2025-04-11 | 6.9 MEDIUM | N/A |
| Mn_Fit 5.13 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2012-2939 | 1 Itechscripts | 1 Travelon Express | 2025-04-11 | 6.5 MEDIUM | N/A |
| Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php. | |||||
| CVE-2011-3664 | 2 Apple, Mozilla | 4 Mac Os X, Firefox, Seamonkey and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site. | |||||
| CVE-2012-2406 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2025-04-11 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2011-1036 | 1 Ca | 3 Host-based Intrusion Prevention System, Internet Security Suite 2010, Internet Security Suite 2011 | 2025-04-11 | 8.8 HIGH | N/A |
| The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods. | |||||
| CVE-2012-0008 | 1 Microsoft | 1 Visual Studio | 2025-04-11 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." | |||||
| CVE-2011-5148 | 2 Joomla, Wasen | 2 Joomla\!, Mod Simplefileupload | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. | |||||
| CVE-2013-0138 | 1 Bitberry Software | 1 Bitzipper | 2025-04-11 | 9.3 HIGH | N/A |
| BitZipper 2013 before Update 1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ZIP archive. | |||||
| CVE-2010-3136 | 1 Skype | 1 Skype | 2025-04-11 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file. | |||||
| CVE-2010-5212 | 1 Adobe | 1 Livecycle Designer Es2 | 2025-04-11 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Adobe LiveCycle Designer ES2 9.0.0.20091029.1.612548 allows local users to gain privileges via a Trojan horse objectassisten_US.dll file in the current working directory, as demonstrated by a directory that contains a .tds file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2012-0204 | 1 Ibm | 3 Infosphere Import Export Manager, Infosphere Information Server, Infosphere Information Server Metabrokers \& Bridges | 2025-04-11 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2010-0590 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 7.8 HIGH | N/A |
| The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188. | |||||