Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-5220 1 Nchsoftware 1 Meo Encryption Software 2025-04-11 N/A
Untrusted search path vulnerability in MEO Encryption Software 2.02 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .meo or .cry file. NOTE: some of these details are obtained from third party information.
CVE-2010-3683 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2025-04-11 N/A
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
CVE-2012-5893 1 Havalite 1 Cms 2025-04-11 N/A
Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/.
CVE-2010-1452 2 Apache, Redhat 3 Http Server, Enterprise Linux, Jboss Enterprise Web Server 2025-04-11 N/A
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
CVE-2012-5188 1 Labelgate 1 Mora Downloader 2025-04-11 N/A
Untrusted search path vulnerability in mora Downloader before 1.0.0.1 allows remote attackers to trigger the launch of a .exe file via unspecified vectors.
CVE-2012-3731 1 Apple 1 Iphone Os 2025-04-11 N/A
Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
CVE-2012-1238 1 Icz 1 Sencha Sns 2025-04-11 N/A
Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2013-1847 2 Apache, Redhat 2 Subversion, Enterprise Linux 2025-04-11 N/A
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
CVE-2012-3924 1 Cisco 1 Ios 2025-04-11 N/A
The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961.
CVE-2010-5211 1 Estsoft 1 Alsee 2025-04-11 N/A
Untrusted search path vulnerability in ALSee 6.20.0.1 allows local users to gain privileges via a Trojan horse patchani.dll file in the current working directory, as demonstrated by a directory that contains a .ani, .bmp, .cal, .hdp, .jpe, .mac, .pbm, .pcx, .pgm, .png, .psd, .ras, .tga, or .tiff file. NOTE: some of these details are obtained from third party information.
CVE-2012-3730 1 Apple 1 Iphone Os 2025-04-11 N/A
Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender.
CVE-2013-0513 1 Ibm 2 Rational Policy Tester, Security Appscan 2025-04-11 N/A
IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program, related to an "Unquoted Service Path Enumeration" vulnerability.
CVE-2013-1659 1 Vmware 3 Esxi, Vcenter Server, Vcenter Server Appliance 2025-04-11 N/A
VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream.
CVE-2012-2735 2 Redhat, Trevor Mckay 2 Enterprise Mrg, Cumin 2025-04-11 N/A
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.
CVE-2011-0761 1 Perl 1 Perl 2025-04-11 N/A
Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
CVE-2012-0958 1 Ps Project Management Team 1 Unity-firefox-extension 2025-04-11 N/A
content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage.
CVE-2012-2406 1 Realnetworks 2 Realplayer, Realplayer Sp 2025-04-11 N/A
RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file.
CVE-2013-1328 1 Microsoft 1 Publisher 2025-04-11 N/A
Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
CVE-2013-4949 1 Machform 1 Machform 2025-04-11 N/A
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.
CVE-2013-0110 1 Nvidia 1 Driver 2025-04-11 N/A
nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program.