Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0163 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2024-02-28 | 4.3 MEDIUM | N/A |
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. | |||||
CVE-2011-2397 | 1 Ironmountain | 1 Connected Backup | 2024-02-28 | 10.0 HIGH | N/A |
The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method. | |||||
CVE-2010-3708 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Soa Platform | 2024-02-28 | 7.5 HIGH | N/A |
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer. | |||||
CVE-2011-3185 | 2 Microsoft, Pidgin | 2 Windows, Pidgin | 2024-02-28 | 9.3 HIGH | N/A |
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. | |||||
CVE-2010-1897 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2024-02-28 | 7.2 HIGH | N/A |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability." | |||||
CVE-2010-3268 | 3 Intel, Microsoft, Symantec | 4 Intel Alert Management System, Windows 2000, Antivirus and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request. | |||||
CVE-2010-3627 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2006-7243 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. | |||||
CVE-2010-4099 | 1 Nitrosecurity | 2 Nitroview Esm, Nitroview Esm Software | 2024-02-28 | 6.8 MEDIUM | N/A |
ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess. | |||||
CVE-2011-0040 | 1 Microsoft | 1 Windows 2003 Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." | |||||
CVE-2011-1527 | 1 Mit | 1 Kerberos 5 | 2024-02-28 | 7.8 HIGH | N/A |
The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions. | |||||
CVE-2011-5034 | 1 Apache | 1 Geronimo | 2024-02-28 | 7.8 HIGH | N/A |
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461. | |||||
CVE-2011-3012 | 4 Ioquake3, Tremulous, Urbanterror and 1 more | 4 Ioquake3 Engine, Tremulous, Iourbanterror and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764. | |||||
CVE-2009-5020 | 1 Awstats | 1 Awstats | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2010-1828 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 5.0 MEDIUM | N/A |
AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets. | |||||
CVE-2011-2840 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction." | |||||
CVE-2011-2785 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension. | |||||
CVE-2011-1016 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 1.9 LOW | N/A |
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. | |||||
CVE-2010-2075 | 1 Unrealircd | 1 Unrealircd | 2024-02-28 | 7.5 HIGH | N/A |
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands. | |||||
CVE-2011-2764 | 6 Ioquake3, Openarena, Smokin-guns and 3 more | 6 Ioquake3 Engine, Openarena, Smokin\' Guns and 3 more | 2024-02-28 | 10.0 HIGH | N/A |
The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file. |