Export limit exceeded: 364939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3383 | 1 Teamspeak | 1 Teamspeak | 2025-04-11 | N/A |
| The (1) teamspeak and (2) teamspeak-server scripts in TeamSpeak 2.0.32 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||||
| CVE-2010-3386 | 1 Lttng | 1 Ust | 2025-04-11 | N/A |
| usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||||
| CVE-2012-1364 | 1 Cisco | 1 Unified Computing System Infrastructure And Unified Computing System Software | 2025-04-11 | N/A |
| Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32452. | ||||
| CVE-2010-3387 | 1 Tvdr | 1 Vdr | 2025-04-11 | N/A |
| vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: a third party disputes this issue because the script erroneously uses a semicolon in a context where a colon was intended | ||||
| CVE-2012-3398 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records. | ||||
| CVE-2010-3389 | 2 Linux-ha, Redhat | 3 Ocf Resource Agents, Enterprise Linux, Rhel Cluster | 2025-04-11 | N/A |
| The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||||
| CVE-2010-3975 | 1 Adobe | 1 Flash Player | 2025-04-11 | N/A |
| Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash. | ||||
| CVE-2010-3976 | 2 Adobe, Microsoft | 2 Flash Player, Windows | 2025-04-11 | N/A |
| Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player. | ||||
| CVE-2012-3475 | 1 Ushahidi | 1 Ushahidi Platform | 2025-04-11 | N/A |
| The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors. | ||||
| CVE-2012-1819 | 1 Wellintech | 1 Kingview | 2025-04-11 | N/A |
| Untrusted search path vulnerability in WellinTech KingView 6.53 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | ||||
| CVE-2012-1820 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2025-04-11 | N/A |
| The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. | ||||
| CVE-2012-3574 | 2 Tbelmans, Wordpress | 2 Mm Forms Community, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp. | ||||
| CVE-2010-3996 | 1 Cstr | 1 Festival | 2025-04-11 | N/A |
| festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||||
| CVE-2010-3999 | 1 Gnucash | 1 Gnucash | 2025-04-11 | N/A |
| gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||||
| CVE-2010-1764 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data. | ||||
| CVE-2012-1955 | 2 Mozilla, Redhat | 5 Firefox, Seamonkey, Thunderbird and 2 more | 2025-04-11 | N/A |
| Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. | ||||
| CVE-2013-1789 | 1 Freedesktop | 1 Poppler | 2025-04-11 | N/A |
| splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. | ||||
| CVE-2012-2062 | 2 Drupal, Sami Kiminki | 2 Drupal, Redirecting Click Bouncer | 2025-04-11 | N/A |
| Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2010-3676 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-11 | N/A |
| storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement. | ||||
| CVE-2013-2908 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code. | ||||