Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4551 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation.
CVE-2012-4759 1 Foxitsoftware 1 Foxit Reader 2025-04-11 N/A
Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information.
CVE-2012-4882 1 3ds 1 3d Xml Player 2025-04-11 N/A
Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current working directory, as demonstrated by a directory that contains a .3dx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-4883 1 3ds 1 3dvia Composer 2025-04-11 N/A
Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a directory that contains a .smg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-3402 1 Ultraedit 1 Ultraedit 2025-04-11 N/A
Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file.
CVE-2012-2180 1 Ibm 1 Db2 2025-04-11 N/A
The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request.
CVE-2012-2144 1 Openstack 1 Horizon 2025-04-11 N/A
Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.
CVE-2011-0029 1 Microsoft 7 Remote Desktop Connection Client, Windows 2003 Server, Windows 7 and 4 more 2025-04-11 7.4 High
Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."
CVE-2011-2877 2 Apple, Google 4 Iphone Os, Itunes, Safari and 1 more 2025-04-11 N/A
Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."
CVE-2013-0800 6 Canonical, Debian, Mozilla and 3 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2025-04-11 N/A
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.
CVE-2012-5318 2 Kishore Asokan, Wordpress 2 Kish Guest Posting Plugin, Wordpress 2025-04-11 N/A
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.
CVE-2012-5459 2 Microsoft, Vmware 3 Windows, Player, Workstation 2025-04-11 N/A
Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder."
CVE-2012-1065 1 2x 1 Applicationserver 2025-04-11 N/A
Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to create or overwrite arbitrary files via the ExportSettings method.
CVE-2013-0797 1 Mozilla 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-11 N/A
Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory.
CVE-2012-4036 1 Pbboard 1 Pbboard 2025-04-11 N/A
Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216.
CVE-2010-1635 1 Samba 1 Samba 2025-04-11 N/A
The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.
CVE-2012-5609 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-11 N/A
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.
CVE-2011-0282 2 Mit, Redhat 3 Kerberos, Kerberos 5, Enterprise Linux 2025-04-11 N/A
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
CVE-2011-0283 1 Mit 1 Kerberos 5 2025-04-11 N/A
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.
CVE-2010-2981 1 Cisco 1 Unified Wireless Network Solution Software 2025-04-11 N/A
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370.