Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-0472 1 Ibm 1 Db2 2025-04-11 N/A
kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.
CVE-2010-0481 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2025-04-11 5.5 Medium
The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
CVE-2010-0497 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.
CVE-2010-5243 1 Cyberlink 1 Power2go 2025-04-11 N/A
Multiple untrusted search path vulnerabilities in Cyberlink Power2Go 7.0.0.0816 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) MFC71LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .p2g, .iso, .pdl, .pds, or .p2i file. NOTE: some of these details are obtained from third party information.
CVE-2009-4271 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 N/A
The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platforms allows local users to cause a denial of service (panic) via a 32-bit application that calls mprotect on its Virtual Dynamic Shared Object (VDSO) page and then triggers a segmentation fault.
CVE-2014-1680 1 Bandisoft 1 Bandizip 2025-04-11 N/A
Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.
CVE-2012-3015 1 Siemens 2 Simatic Pcs7, Simatic Step 7 2025-04-11 N/A
Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder.
CVE-2012-3005 1 Invensys 7 Foxboro Control Software, Infusion Ce\/fe\/scada, Intouch and 4 more 2025-04-11 N/A
Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2012-3004 1 Realflex 3 Flexview, Realwin, Realwindemo 2025-04-11 N/A
Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or (2) keyhook.dll file in the current working directory.
CVE-2010-5240 1 Corel 2 Coreldraw X5, Photo-paint X3 2025-04-11 N/A
Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT and CorelDRAW X5 15.1.0.588 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) CrlRib.dll file in the current working directory, as demonstrated by a directory that contains a .cdr, .cpt, .cmx, or .csl file. NOTE: some of these details are obtained from third party information.
CVE-2012-2991 2 Oscommerce, Paypal 2 Online Merchant, Website Payments Standard Module 2025-04-11 N/A
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.
CVE-2012-2982 1 Gentoo 1 Webmin 2025-04-11 N/A
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
CVE-2010-5241 1 Autodesk 1 Autocad 2025-04-11 N/A
Multiple untrusted search path vulnerabilities in Autodesk AutoCAD 2010 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) IBFS32.DLL file in the current working directory, as demonstrated by a directory that contains a .dwg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-2967 1 Caucho 1 Resin 2025-04-11 N/A
Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack vectors.
CVE-2012-2966 1 Caucho 1 Resin 2025-04-11 N/A
Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors.
CVE-2010-5242 1 Sony 1 Sound Forge 2025-04-11 N/A
Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details are obtained from third party information.
CVE-2012-2943 1 Captcha 1 Cryptographp 2025-04-11 N/A
CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter.
CVE-2012-2280 2 Emc, Rsa 3 Rsa Authentication Manager, Authentication Manager, Securid Appliance 2025-04-11 N/A
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."
CVE-2012-2252 1 Pizzashack 1 Rssh 2025-04-11 N/A
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
CVE-2012-2186 2 Asterisk, Sangoma 5 Business Edition, Certified Asterisk, Digiumphones and 2 more 2025-04-11 N/A
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.