Search Results (24238 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-0487 1 Microsoft 7 Windows 2000, Windows 2003 Server, Windows 7 and 4 more 2025-04-11 N/A
The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
CVE-2013-6709 1 Cisco 1 Webex Training Center 2025-04-11 N/A
The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111.
CVE-2013-1648 1 Open-xchange 1 Open-xchange Server 2025-04-11 N/A
The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue.
CVE-2013-7113 1 Wireshark 1 Wireshark 2025-04-11 N/A
epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2012-1786 2 Kylegilman, Wordpress 2 Video Embed \& Thumbnail Generator, Wordpress 2025-04-11 N/A
The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors.
CVE-2014-0254 1 Microsoft 3 Windows 8, Windows Rt, Windows Server 2012 2025-04-11 N/A
The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability."
CVE-2008-7264 1 G.rodola 1 Pyftpdlib 2025-04-11 N/A
The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt.
CVE-2012-3529 1 Typo3 1 Typo3 2025-04-11 N/A
The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.
CVE-2011-3799 1 Elazos 1 Reos 2025-04-11 N/A
ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/vergal.php and certain other files.
CVE-2013-4998 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.
CVE-2013-5716 1 Gomlab 1 Gom Player 2025-04-11 N/A
Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file.
CVE-2010-1517 1 Gigabyte 1 Dldrv2 Activex Control 2025-04-11 N/A
The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to (1) download arbitrary programs onto a client system, and execute these programs, via vectors involving the dl method; and (2) download arbitrary programs onto a client system via vectors involving the SetDLInfo method in conjunction with the Bdl method.
CVE-2010-1518 1 Gigabyte 1 Dldrv2 Activex Control 2025-04-11 N/A
Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via the item argument.
CVE-2012-4671 1 Psyced 1 Psyced 2025-04-11 N/A
psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.
CVE-2012-6567 1 Project-redcap 1 Redcap 2025-04-11 N/A
REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule.
CVE-2012-4776 1 Microsoft 8 .net Framework, Windows 7, Windows 8 and 5 more 2025-04-11 N/A
The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
CVE-2009-5020 1 Awstats 1 Awstats 2025-04-11 N/A
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2011-3741 1 Ganglia 1 Ganglia 2025-04-11 N/A
Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files.
CVE-2013-5487 1 Cisco 1 Prime Data Center Network Manager 2025-04-11 N/A
DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029.
CVE-2011-3737 1 Eyeos 1 Eyeos 2025-04-11 N/A
eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by apps/rmail/webmail/program/lib/Net/SMTP.php and certain other files.