Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6471 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.
CVE-2012-0305 1 Symantec 2 Backupexec System Recovery, System Recovery 2025-04-11 N/A
Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVE-2011-3107 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 19.0.1084.52 does not properly implement JavaScript bindings for plug-ins, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2012-5173 1 Bigace 1 Bigace 2025-04-11 N/A
Session fixation vulnerability in BIGACE before 2.7.8 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2011-3424 1 Tibco 3 Managed File Transfer Command Center, Managed File Transfer Internet Server, Slingshot 2025-04-11 N/A
Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2012-1192 1 Unbound 1 Unbound 2025-04-11 N/A
The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
CVE-2010-3771 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2025-04-11 N/A
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI.
CVE-2013-7311 1 Checkpoint 2 Gaia Os, Ipso Os 2025-04-11 N/A
The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2010-5202 1 Jetaudio 1 Jetaudio 2025-04-11 N/A
Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic allows local users to gain privileges via a Trojan horse WNASPI32.DLL file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party information.
CVE-2012-6509 1 Netartmedia 1 Car Portal 2025-04-11 N/A
Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg.
CVE-2010-3381 1 Alex Launi 1 Tangerine 2025-04-11 N/A
The (1) tangerine and (2) tangerine-properties scripts in Tangerine 0.3.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVE-2011-3109 2 Google, Linux 2 Chrome, Linux Kernel 2025-04-11 N/A
Google Chrome before 19.0.1084.52 on Linux does not properly perform a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact by leveraging an error in the GTK implementation of the UI.
CVE-2010-4708 2 Linux-pam, Redhat 2 Linux-pam, Enterprise Linux 2025-04-11 N/A
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
CVE-2010-5138 1 Bitcoin 2 Bitcoin Core, Wxbitcoin 2025-04-11 N/A
wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.
CVE-2010-5199 1 Novadevelopement 1 Photoimpact X3 2025-04-11 N/A
Untrusted search path vulnerability in PhotoImpact X3 13.00.0000.0 allows local users to gain privileges via a Trojan horse bwsconst.dll file in the current working directory, as demonstrated by a directory that contains a .ufp or .ufo file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2011-1419 1 Apache 1 Tomcat 2025-04-11 N/A
Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
CVE-2010-3773 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2025-04-11 N/A
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.
CVE-2010-5252 1 Httrack 1 Httrack 2025-04-11 N/A
Untrusted search path vulnerability in HTTrack 3.43-9 allows local users to gain privileges via a Trojan horse httrack-plugin.dll file in the current working directory, as demonstrated by a directory that contains a .whtt file. NOTE: some of these details are obtained from third party information.
CVE-2010-5254 1 Gfi 1 Gfi Backup 2009 2025-04-11 N/A
Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 2009 Home Edition allows local users to gain privileges via a Trojan horse ArmAccess.dll file in the current working directory, as demonstrated by a directory that contains a .gbc or .gbt file. NOTE: some of these details are obtained from third party information.
CVE-2010-5255 1 Ezbsystems 1 Ultraiso 2025-04-11 N/A
Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third party information.