Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2011-3640 | 7.1 |
Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE:
|
11-04-2024 - 00:48 | 28-10-2011 - 02:49 | |
CVE-2006-2842 | 7.5 |
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array p
|
11-04-2024 - 00:40 | 06-06-2006 - 20:06 | |
CVE-2009-3563 | 6.4 |
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchang
|
19-03-2024 - 21:15 | 09-12-2009 - 18:30 | |
CVE-2009-3720 | 5.0 |
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafte
|
22-02-2024 - 03:40 | 03-11-2009 - 16:30 | |
CVE-2004-0119 | 7.5 |
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenI
|
15-02-2024 - 21:44 | 01-06-2004 - 04:00 | |
CVE-2009-3547 | 6.9 |
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathna
|
15-02-2024 - 21:12 | 04-11-2009 - 15:30 | |
CVE-2004-0184 | 5.0 |
Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversio
|
15-02-2024 - 21:09 | 04-05-2004 - 04:00 | |
CVE-2010-0249 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote
|
15-02-2024 - 21:06 | 15-01-2010 - 17:30 | |
CVE-2004-0112 | 5.0 |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a
|
15-02-2024 - 20:54 | 23-11-2004 - 05:00 | |
CVE-2004-0183 | 5.0 |
TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Tes
|
15-02-2024 - 20:53 | 04-05-2004 - 04:00 | |
CVE-2009-2857 | 4.9 |
The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) v
|
15-02-2024 - 20:42 | 19-08-2009 - 17:30 | |
CVE-2004-0174 | 5.0 |
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listeni
|
15-02-2024 - 20:37 | 04-05-2004 - 04:00 | |
CVE-2006-2374 | 2.1 |
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file hand
|
15-02-2024 - 20:22 | 13-06-2006 - 19:06 | |
CVE-2009-1388 | 4.9 |
The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace sys
|
15-02-2024 - 19:19 | 05-07-2009 - 16:30 | |
CVE-2009-1195 | 4.9 |
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Opti
|
15-02-2024 - 18:54 | 28-05-2009 - 20:30 | |
CVE-2003-0190 | 5.0 |
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
|
15-02-2024 - 18:46 | 12-05-2003 - 04:00 | |
CVE-2004-0213 | 7.2 |
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to la
|
14-02-2024 - 17:25 | 06-08-2004 - 04:00 | |
CVE-2008-0087 | 8.8 |
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
|
14-02-2024 - 16:54 | 08-04-2008 - 23:05 | |
CVE-2005-2498 | 7.5 |
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certai
|
14-02-2024 - 15:47 | 15-08-2005 - 04:00 | |
CVE-2005-1921 | 7.5 |
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) Mail
|
14-02-2024 - 15:41 | 05-07-2005 - 04:00 | |
CVE-2007-0882 | 10.0 |
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to
|
14-02-2024 - 14:56 | 12-02-2007 - 20:28 | |
CVE-2006-4253 | 7.6 |
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by red
|
14-02-2024 - 01:17 | 21-08-2006 - 20:04 | |
CVE-2005-4585 | 7.8 |
Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
|
14-02-2024 - 01:17 | 29-12-2005 - 11:03 | |
CVE-2005-1465 | 5.0 |
Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (long loop).
|
14-02-2024 - 01:17 | 05-05-2005 - 04:00 | |
CVE-2003-0081 | 7.5 |
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.
|
14-02-2024 - 01:17 | 18-03-2003 - 05:00 | |
CVE-2003-0431 | 10.0 |
The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences.
|
14-02-2024 - 01:17 | 24-07-2003 - 04:00 | |
CVE-2003-0430 | 5.0 |
The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value.
|
14-02-2024 - 01:17 | 24-07-2003 - 04:00 | |
CVE-2005-3248 | 5.0 |
Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (divide-by-zero) via unknown vectors.
|
14-02-2024 - 01:17 | 27-10-2005 - 10:02 | |
CVE-2005-2361 | 5.0 |
Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, (3) DOCSIS dissector, (4) SCTP graphs, (5) HTTP dissector, (6) DCERPC, (7) DHCP, (8) RADIUS dissector, (9) Telnet dissector, (10) IS-IS LSP dissector, or (11) NCP dissector in Ethe
|
14-02-2024 - 01:17 | 10-08-2005 - 04:00 | |
CVE-2004-1139 | 5.0 |
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).
|
14-02-2024 - 01:17 | 15-12-2004 - 05:00 | |
CVE-2005-1467 | 5.0 |
Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (memory exhaustion) via unknown vectors.
|
14-02-2024 - 01:17 | 05-05-2005 - 04:00 | |
CVE-2005-1462 | 7.5 |
Double free vulnerability in the ICEP dissector in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code.
|
14-02-2024 - 01:17 | 05-05-2005 - 04:00 | |
CVE-2009-0553 | 9.3 |
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that trig
|
14-02-2024 - 01:17 | 15-04-2009 - 08:00 | |
CVE-2005-2364 | 5.0 |
Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service (application crash) via certain packets that cause a null pointer dereference.
|
14-02-2024 - 01:17 | 10-08-2005 - 04:00 | |
CVE-2004-0505 | 5.0 |
The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.
|
14-02-2024 - 01:17 | 18-08-2004 - 04:00 | |
CVE-2005-1466 | 5.0 |
Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (large memory allocation) via unknown vectors.
|
14-02-2024 - 01:17 | 05-05-2005 - 04:00 | |
CVE-2003-1013 | 5.0 |
The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.
|
14-02-2024 - 01:17 | 05-01-2004 - 05:00 | |
CVE-2010-0425 | 10.0 |
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an
|
14-02-2024 - 01:17 | 05-03-2010 - 19:30 | |
CVE-2005-2362 | 5.0 |
Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a denial of service (application crash) by reassembling certain packets.
|
14-02-2024 - 01:17 | 10-08-2005 - 04:00 | |
CVE-2004-1761 | 5.0 |
Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file.
|
14-02-2024 - 01:17 | 31-12-2004 - 05:00 | |
CVE-2005-3245 | 5.0 |
Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the "Dissect unknown RPC program numbers" option is enabled, allows remote attackers to cause a denial of service (memory consumption).
|
14-02-2024 - 01:17 | 27-10-2005 - 10:02 | |
CVE-2005-2360 | 5.0 |
Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through 0.10.11 allows remote attackers to cause a denial of service (free static memory and application crash) via unknown attack vectors.
|
14-02-2024 - 01:17 | 10-08-2005 - 04:00 | |
CVE-2003-0429 | 7.5 |
The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.
|
14-02-2024 - 01:17 | 24-07-2003 - 04:00 | |
CVE-2006-1940 | 5.0 |
Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector.
|
14-02-2024 - 01:17 | 25-04-2006 - 12:50 | |
CVE-2005-2367 | 7.5 |
Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet.
|
14-02-2024 - 01:17 | 10-08-2005 - 04:00 | |
CVE-2005-3249 | 6.4 |
Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0.10.12 allows remote attackers to cause a denial of service or corrupt memory via unknown vectors that cause Ethereal to free an invalid pointer.
|
14-02-2024 - 01:17 | 27-10-2005 - 10:02 | |
CVE-2005-3184 | 10.0 |
Buffer overflow vulnerability in the unicode_to_bytes in the Service Location Protocol (srvloc) dissector (packet-srvloc.c) in Ethereal allows remote attackers to execute arbitrary code via a srvloc packet with a modified length value.
|
14-02-2024 - 01:17 | 20-10-2005 - 23:02 | |
CVE-2005-1469 | 5.0 |
Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 allows remote attackers to cause the dissector to access an invalid pointer.
|
14-02-2024 - 01:17 | 05-05-2005 - 04:00 | |
CVE-2005-0765 | 5.0 |
Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash).
|
14-02-2024 - 01:17 | 12-03-2005 - 05:00 | |
CVE-2004-0506 | 5.0 |
The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.
|
14-02-2024 - 01:17 | 18-08-2004 - 04:00 | |
CVE-2005-2365 | 5.0 |
Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a buffer overflow or a denial of service (memory consumption) via unknown attack vectors.
|
14-02-2024 - 01:17 | 10-08-2005 - 04:00 | |
CVE-2003-0428 | 5.0 |
Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string.
|
14-02-2024 - 01:17 | 24-07-2003 - 04:00 | |
CVE-2005-2363 | 5.0 |
Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, (3) DHCP, (4) MEGACO dissector, or (5) H1 dissector in Ethereal 0.8.15 through 0.10.11 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vecto
|
14-02-2024 - 01:17 | 10-08-2005 - 04:00 | |
CVE-2004-0507 | 10.0 |
Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
|
14-02-2024 - 01:17 | 18-08-2004 - 04:00 | |
CVE-2005-0766 | 5.0 |
Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 allows remote attackers to cause a denial of service (application crash).
|
14-02-2024 - 01:17 | 02-05-2005 - 04:00 | |
CVE-2005-2366 | 5.0 |
Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows remote attackers to cause a denial of service (abort or infinite loop) via unknown attack vectors.
|
14-02-2024 - 01:17 | 10-08-2005 - 04:00 | |
CVE-2003-1012 | 5.0 |
The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets.
|
14-02-2024 - 01:17 | 05-01-2004 - 05:00 | |
CVE-2004-0411 | 7.5 |
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to th
|
13-02-2024 - 18:01 | 07-07-2004 - 04:00 | |
CVE-2003-0907 | 5.1 |
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr
|
13-02-2024 - 18:00 | 01-06-2004 - 04:00 | |
CVE-2004-0121 | 7.5 |
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and e
|
13-02-2024 - 18:00 | 15-04-2004 - 04:00 | |
CVE-2006-4692 | 5.1 |
Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slas
|
13-02-2024 - 17:50 | 10-10-2006 - 22:07 | |
CVE-2008-1440 | 7.1 |
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang)
|
13-02-2024 - 16:09 | 12-06-2008 - 02:32 | |
CVE-2002-0862 | 6.8 |
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express f
|
09-02-2024 - 03:26 | 04-10-2002 - 04:00 | |
CVE-2009-0269 | 4.9 |
fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, l
|
09-02-2024 - 03:26 | 26-01-2009 - 15:30 | |
CVE-2009-0040 | 6.8 |
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cr
|
09-02-2024 - 03:25 | 22-02-2009 - 22:30 | |
CVE-2007-1213 | 7.2 |
The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
|
09-02-2024 - 03:23 | 04-04-2007 - 16:19 | |
CVE-2009-1532 | 9.3 |
Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malfor
|
09-02-2024 - 03:22 | 10-06-2009 - 18:30 | |
CVE-2004-0421 | 5.0 |
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
|
09-02-2024 - 00:27 | 18-08-2004 - 04:00 | |
CVE-2009-2523 | 10.0 |
The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRe
|
09-02-2024 - 00:24 | 11-11-2009 - 19:30 | |
CVE-2009-3620 | 4.9 |
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash
|
09-02-2024 - 00:20 | 22-10-2009 - 16:00 | |
CVE-2009-2692 | 7.2 |
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using
|
08-02-2024 - 23:50 | 14-08-2009 - 15:16 | |
CVE-2008-3475 | 9.3 |
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a craft
|
08-02-2024 - 23:46 | 15-10-2008 - 00:12 | |
CVE-2008-0081 | 9.3 |
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnera
|
08-02-2024 - 23:42 | 16-01-2008 - 23:00 | |
CVE-2008-3282 | 9.3 |
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly exec
|
08-02-2024 - 02:18 | 29-08-2008 - 18:41 | |
CVE-2009-0231 | 9.3 |
The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in
|
08-02-2024 - 02:14 | 15-07-2009 - 15:30 | |
CVE-2009-1386 | 5.0 |
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
|
07-02-2024 - 18:03 | 04-06-2009 - 16:30 | |
CVE-2009-1387 | 5.0 |
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a
|
07-02-2024 - 18:01 | 04-06-2009 - 16:30 | |
CVE-2005-0246 | 5.0 |
The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.
|
05-02-2024 - 19:56 | 02-05-2005 - 04:00 | |
CVE-2009-3658 | 9.3 |
Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.
|
03-02-2024 - 02:27 | 09-10-2009 - 14:30 | |
CVE-2010-2753 | 9.3 |
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a X
|
03-02-2024 - 02:26 | 30-07-2010 - 20:30 | |
CVE-2010-0050 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
|
03-02-2024 - 02:24 | 15-03-2010 - 14:15 | |
CVE-2010-0302 | 4.3 |
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denia
|
03-02-2024 - 02:22 | 05-03-2010 - 19:30 | |
CVE-2008-0077 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG e
|
03-02-2024 - 02:21 | 12-02-2008 - 23:00 | |
CVE-2010-0378 | 9.3 |
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memo
|
03-02-2024 - 02:21 | 21-01-2010 - 23:30 | |
CVE-2010-0629 | 4.0 |
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an inva
|
02-02-2024 - 16:52 | 07-04-2010 - 15:30 | |
CVE-2010-1772 | 6.8 |
Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web
|
02-02-2024 - 16:27 | 24-09-2010 - 19:00 | |
CVE-2007-6388 | 4.3 |
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or H
|
02-02-2024 - 16:16 | 08-01-2008 - 18:46 | |
CVE-2010-1208 | 9.3 |
Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors rel
|
02-02-2024 - 16:10 | 30-07-2010 - 20:30 | |
CVE-2009-3553 | 5.0 |
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash
|
02-02-2024 - 16:04 | 20-11-2009 - 02:30 | |
CVE-2009-2416 | 4.3 |
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute
|
02-02-2024 - 16:04 | 11-08-2009 - 18:30 | |
CVE-2009-1837 | 9.3 |
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading,
|
02-02-2024 - 16:03 | 12-06-2009 - 21:30 | |
CVE-2010-3328 | 9.3 |
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitiali
|
02-02-2024 - 16:00 | 13-10-2010 - 19:00 | |
CVE-2005-1689 | 7.5 |
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
|
02-02-2024 - 15:24 | 18-07-2005 - 04:00 | |
CVE-2003-1048 | 10.0 |
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
|
02-02-2024 - 15:23 | 27-07-2004 - 04:00 | |
CVE-2003-0545 | 10.0 |
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
|
02-02-2024 - 15:23 | 17-11-2003 - 05:00 | |
CVE-2005-0891 | 5.0 |
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
|
02-02-2024 - 15:22 | 02-05-2005 - 04:00 | |
CVE-2003-0252 | 10.0 |
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain ne
|
02-02-2024 - 02:56 | 18-08-2003 - 04:00 | |
CVE-2010-0258 | 9.3 |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP
|
02-02-2024 - 02:38 | 10-03-2010 - 22:30 | |
CVE-2005-0587 | 2.6 |
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
|
02-02-2024 - 02:03 | 25-03-2005 - 05:00 | |
CVE-2004-0427 | 2.1 |
The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows loca
|
26-01-2024 - 18:56 | 07-07-2004 - 04:00 | |
CVE-2010-0013 | 5.0 |
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) requ
|
26-01-2024 - 17:47 | 09-01-2010 - 18:30 | |
CVE-2009-3939 | 6.6 |
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
|
25-01-2024 - 21:37 | 16-11-2009 - 19:30 | |
CVE-2007-4465 | 4.3 |
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using t
|
19-01-2024 - 15:13 | 14-09-2007 - 00:17 | |
CVE-2008-2939 | 4.3 |
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary we
|
19-01-2024 - 15:13 | 06-08-2008 - 18:41 | |
CVE-2005-3352 | 4.3 |
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
|
19-01-2024 - 15:12 | 13-12-2005 - 20:03 | |
CVE-2004-0079 | 5.0 |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
|
28-12-2023 - 15:33 | 23-11-2004 - 05:00 | |
CVE-2009-2698 | 7.2 |
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vecto
|
28-12-2023 - 15:22 | 27-08-2009 - 17:30 | |
CVE-2011-1142 | 5.0 |
Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-ref
|
22-12-2023 - 18:18 | 03-03-2011 - 01:00 | |
CVE-2004-1287 | 10.0 |
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
|
22-12-2023 - 17:15 | 10-01-2005 - 05:00 | |
CVE-2009-3560 | 5.0 |
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that
|
01-11-2023 - 17:16 | 04-12-2009 - 21:30 | |
CVE-2010-1452 | 5.0 |
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
|
01-11-2023 - 15:32 | 28-07-2010 - 20:00 | |
CVE-2010-0408 | 5.0 |
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial o
|
01-11-2023 - 15:32 | 05-03-2010 - 16:30 | |
CVE-2013-1315 | 9.3 |
Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to exec
|
03-10-2023 - 15:37 | 11-09-2013 - 14:03 | |
CVE-2004-0783 | 7.5 |
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifie
|
11-08-2023 - 20:12 | 20-10-2004 - 04:00 | |
CVE-2005-3669 | 5.0 |
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the
|
11-08-2023 - 18:54 | 18-11-2005 - 21:03 | |
CVE-2005-2976 | 7.5 |
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-200
|
03-08-2023 - 17:19 | 18-11-2005 - 06:03 | |
CVE-2005-0372 | 5.0 |
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
|
03-08-2023 - 17:17 | 02-05-2005 - 04:00 | |
CVE-2007-4965 | 5.8 |
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) t
|
02-08-2023 - 18:52 | 18-09-2007 - 22:17 | |
CVE-2008-3144 | 5.0 |
Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to stri
|
02-08-2023 - 18:52 | 01-08-2008 - 14:41 | |
CVE-2008-3143 | 7.5 |
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c
|
02-08-2023 - 18:50 | 01-08-2008 - 14:41 | |
CVE-2007-2052 | 5.0 |
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown m
|
02-08-2023 - 18:04 | 16-04-2007 - 22:19 | |
CVE-2008-2315 | 7.5 |
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7)
|
02-08-2023 - 17:14 | 01-08-2008 - 14:41 | |
CVE-2008-1145 | 5.0 |
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access a
|
01-08-2023 - 18:58 | 04-03-2008 - 23:44 | |
CVE-2008-2383 | 9.3 |
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related
|
27-07-2023 - 05:15 | 02-01-2009 - 18:11 | |
CVE-2013-0169 | 2.6 |
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding,
|
12-05-2023 - 12:58 | 08-02-2013 - 19:55 | |
CVE-2007-2586 | 9.3 |
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that i
|
09-05-2023 - 13:53 | 10-05-2007 - 00:19 | |
CVE-2004-1349 | 2.1 |
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
|
24-03-2023 - 18:12 | 04-10-2004 - 04:00 | |
CVE-2007-5000 | 4.3 |
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inje
|
07-03-2023 - 18:11 | 13-12-2007 - 18:46 | |
CVE-2012-1595 | 4.3 |
The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Mul
|
13-02-2023 - 04:33 | 11-04-2012 - 10:39 | |
CVE-2011-2698 | 4.3 |
Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid
|
13-02-2023 - 04:31 | 23-08-2011 - 21:55 | |
CVE-2011-1958 | 4.3 |
Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file.
|
13-02-2023 - 04:30 | 06-06-2011 - 19:55 | |
CVE-2011-1590 | 4.3 |
The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.
|
13-02-2023 - 04:29 | 29-04-2011 - 22:55 | |
CVE-2010-4252 | 7.5 |
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending cra
|
13-02-2023 - 04:28 | 06-12-2010 - 21:05 | |
CVE-2010-2068 | 5.0 |
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows rem
|
13-02-2023 - 04:19 | 18-06-2010 - 16:30 | |
CVE-2010-1440 | 6.8 |
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related
|
13-02-2023 - 04:17 | 07-05-2010 - 18:24 | |
CVE-2012-0067 | 4.3 |
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
|
13-02-2023 - 03:24 | 11-04-2012 - 10:39 | |
CVE-2010-0290 | 4.0 |
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisonin
|
13-02-2023 - 02:21 | 22-01-2010 - 22:00 | |
CVE-2009-4141 | 7.2 |
Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then cl
|
13-02-2023 - 02:20 | 19-01-2010 - 16:30 | |
CVE-2009-4021 | 4.9 |
The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption a
|
13-02-2023 - 02:20 | 25-11-2009 - 16:30 | |
CVE-2009-3546 | 9.3 |
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-
|
13-02-2023 - 02:20 | 19-10-2009 - 20:00 | |
CVE-2009-2409 | 5.1 |
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificat
|
13-02-2023 - 02:20 | 30-07-2009 - 19:30 | |
CVE-2009-1890 | 7.1 |
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which al
|
13-02-2023 - 02:20 | 05-07-2009 - 16:30 | |
CVE-2009-2906 | 4.0 |
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
|
13-02-2023 - 02:20 | 07-10-2009 - 18:30 | |
CVE-2009-3621 | 4.9 |
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing
|
13-02-2023 - 02:20 | 22-10-2009 - 16:00 | |
CVE-2009-2406 | 6.9 |
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vec
|
13-02-2023 - 02:20 | 31-07-2009 - 19:00 | |
CVE-2009-3889 | 6.6 |
The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
|
13-02-2023 - 02:20 | 16-11-2009 - 19:30 | |
CVE-2009-3555 | 5.8 |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
|
13-02-2023 - 02:20 | 09-11-2009 - 17:30 | |
CVE-2009-3551 | 5.0 |
Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.
|
13-02-2023 - 02:20 | 30-10-2009 - 20:30 | |
CVE-2009-2908 | 4.9 |
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a
|
13-02-2023 - 02:20 | 13-10-2009 - 10:30 | |
CVE-2009-4138 | 4.7 |
drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified
|
13-02-2023 - 02:20 | 16-12-2009 - 19:30 | |
CVE-2009-1887 | 5.0 |
agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability e
|
13-02-2023 - 02:20 | 26-06-2009 - 18:30 | |
CVE-2009-4030 | 4.4 |
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks
|
13-02-2023 - 02:20 | 30-11-2009 - 17:30 | |
CVE-2009-3726 | 7.8 |
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect
|
13-02-2023 - 02:20 | 09-11-2009 - 19:30 | |
CVE-2009-3556 | 1.9 |
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport
|
13-02-2023 - 02:20 | 27-01-2010 - 17:30 | |
CVE-2009-2407 | 6.9 |
Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vecto
|
13-02-2023 - 02:20 | 31-07-2009 - 19:00 | |
CVE-2009-1895 | 7.2 |
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to l
|
13-02-2023 - 02:20 | 16-07-2009 - 15:30 | |
CVE-2009-4020 | 7.8 |
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
|
13-02-2023 - 02:20 | 04-12-2009 - 21:30 | |
CVE-2009-2910 | 2.1 |
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 p
|
13-02-2023 - 02:20 | 20-10-2009 - 17:30 | |
CVE-2009-1379 | 5.0 |
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS
|
13-02-2023 - 02:20 | 19-05-2009 - 19:30 | |
CVE-2009-3080 | 7.2 |
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
|
13-02-2023 - 02:20 | 20-11-2009 - 17:30 | |
CVE-2009-3550 | 4.3 |
The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of t
|
13-02-2023 - 02:20 | 30-10-2009 - 20:30 | |
CVE-2009-1891 | 7.1 |
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
|
13-02-2023 - 02:20 | 10-07-2009 - 15:30 | |
CVE-2009-1308 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in
|
13-02-2023 - 02:20 | 22-04-2009 - 18:30 | |
CVE-2009-1385 | 7.8 |
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote a
|
13-02-2023 - 02:20 | 04-06-2009 - 16:30 | |
CVE-2010-0001 | 6.8 |
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cra
|
13-02-2023 - 02:20 | 29-01-2010 - 18:30 | |
CVE-2009-1389 | 7.8 |
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet.
|
13-02-2023 - 02:20 | 16-06-2009 - 23:30 | |
CVE-2008-5513 | 4.3 |
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cr
|
13-02-2023 - 02:19 | 17-12-2008 - 23:30 | |
CVE-2008-5504 | 7.5 |
Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836.
|
13-02-2023 - 02:19 | 17-12-2008 - 23:30 | |
CVE-2008-4316 | 4.6 |
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.
|
13-02-2023 - 02:19 | 14-03-2009 - 18:30 | |
CVE-2008-4307 | 4.0 |
Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improp
|
13-02-2023 - 02:19 | 13-01-2009 - 17:00 | |
CVE-2008-4309 | 5.0 |
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK req
|
13-02-2023 - 02:19 | 31-10-2008 - 20:29 | |
CVE-2008-3833 | 4.9 |
The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain s
|
13-02-2023 - 02:19 | 03-10-2008 - 17:41 | |
CVE-2008-3528 | 2.1 |
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically prox
|
13-02-2023 - 02:19 | 27-09-2008 - 10:30 | |
CVE-2008-2365 | 4.7 |
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another
|
13-02-2023 - 02:19 | 30-06-2008 - 21:41 | |
CVE-2008-2927 | 6.8 |
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to
|
13-02-2023 - 02:19 | 07-07-2008 - 23:41 | |
CVE-2008-3275 | 4.9 |
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denia
|
13-02-2023 - 02:19 | 12-08-2008 - 23:41 | |
CVE-2008-3432 | 6.8 |
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
|
13-02-2023 - 02:19 | 10-10-2008 - 10:30 | |
CVE-2008-2938 | 4.3 |
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequence
|
13-02-2023 - 02:19 | 13-08-2008 - 00:41 | |
CVE-2008-1947 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
|
13-02-2023 - 02:19 | 04-06-2008 - 19:32 | |
CVE-2008-2370 | 5.0 |
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traver
|
13-02-2023 - 02:19 | 04-08-2008 - 01:41 | |
CVE-2008-1951 | 4.6 |
Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows l
|
13-02-2023 - 02:19 | 25-06-2008 - 12:36 | |
CVE-2008-1926 | 7.5 |
Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the lo
|
13-02-2023 - 02:19 | 24-04-2008 - 05:05 | |
CVE-2008-2364 | 5.0 |
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service
|
13-02-2023 - 02:19 | 13-06-2008 - 18:41 | |
CVE-2008-2375 | 7.1 |
Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication at
|
13-02-2023 - 02:19 | 09-07-2008 - 00:41 | |
CVE-2009-0781 | 4.3 |
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary
|
13-02-2023 - 02:19 | 09-03-2009 - 21:30 | |
CVE-2009-1185 | 7.2 |
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
|
13-02-2023 - 02:19 | 17-04-2009 - 14:30 | |
CVE-2009-0030 | 6.5 |
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the stand
|
13-02-2023 - 02:19 | 21-01-2009 - 20:30 | |
CVE-2009-0771 | 10.0 |
The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption a
|
13-02-2023 - 02:19 | 05-03-2009 - 02:30 | |
CVE-2009-0778 | 7.1 |
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of a
|
13-02-2023 - 02:19 | 12-03-2009 - 15:20 | |
CVE-2009-1191 | 5.0 |
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
|
13-02-2023 - 02:19 | 23-04-2009 - 17:30 | |
CVE-2009-0787 | 4.9 |
The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows lo
|
13-02-2023 - 02:19 | 25-03-2009 - 01:30 | |
CVE-2007-6284 | 5.0 |
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
|
13-02-2023 - 02:18 | 12-01-2008 - 02:46 | |
CVE-2007-6439 | 6.1 |
Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Fir
|
13-02-2023 - 02:18 | 19-12-2007 - 22:46 | |
CVE-2007-6438 | 5.0 |
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already cover
|
13-02-2023 - 02:18 | 19-12-2007 - 22:46 | |
CVE-2007-5966 | 7.2 |
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details
|
13-02-2023 - 02:18 | 20-12-2007 - 00:46 | |
CVE-2007-4567 | 7.8 |
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic)
|
13-02-2023 - 02:18 | 21-12-2007 - 00:46 | |
CVE-2008-1232 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to
|
13-02-2023 - 02:18 | 04-08-2008 - 01:41 | |
CVE-2008-0600 | 7.2 |
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vuln
|
13-02-2023 - 02:18 | 12-02-2008 - 21:00 | |
CVE-2006-7228 | 6.8 |
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an in
|
13-02-2023 - 02:17 | 14-11-2007 - 21:46 | |
CVE-2007-2754 | 6.8 |
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overf
|
13-02-2023 - 02:17 | 17-05-2007 - 22:30 | |
CVE-2007-0450 | 5.0 |
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence
|
13-02-2023 - 02:17 | 16-03-2007 - 22:19 | |
CVE-2007-0493 | 7.8 |
Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that c
|
13-02-2023 - 02:17 | 25-01-2007 - 20:28 | |
CVE-2006-7195 | 4.3 |
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
|
13-02-2023 - 02:16 | 10-05-2007 - 00:19 | |
CVE-2006-5753 | 7.2 |
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
|
13-02-2023 - 02:16 | 30-01-2007 - 19:28 | |
CVE-2006-4340 | 4.0 |
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature
|
13-02-2023 - 02:16 | 15-09-2006 - 18:07 | |
CVE-2006-1863 | 2.1 |
Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.
|
13-02-2023 - 02:16 | 25-04-2006 - 22:02 | |
CVE-2011-1957 | 4.3 |
The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length.
|
13-02-2023 - 01:19 | 06-06-2011 - 19:55 | |
CVE-2011-1183 | 5.8 |
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerabil
|
13-02-2023 - 01:19 | 08-04-2011 - 15:17 | |
CVE-2009-3612 | 2.1 |
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensit
|
13-02-2023 - 01:17 | 19-10-2009 - 20:00 | |
CVE-2009-3613 | 7.8 |
The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of netwo
|
13-02-2023 - 01:17 | 19-10-2009 - 20:00 | |
CVE-2009-2414 | 4.3 |
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related
|
13-02-2023 - 01:17 | 11-08-2009 - 18:30 | |
CVE-2009-0354 | 2.6 |
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors
|
13-02-2023 - 01:17 | 04-02-2009 - 19:30 | |
CVE-2009-1192 | 4.9 |
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows
|
13-02-2023 - 01:17 | 24-04-2009 - 15:30 | |
CVE-2009-1313 | 9.3 |
The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this v
|
13-02-2023 - 01:17 | 30-04-2009 - 21:30 | |
CVE-2013-1896 | 4.3 |
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for han
|
13-02-2023 - 00:28 | 10-07-2013 - 20:55 | |
CVE-2012-0767 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attac
|
30-01-2023 - 18:00 | 16-02-2012 - 19:55 | |
CVE-2012-0756 | 9.3 |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via uns
|
30-01-2023 - 18:00 | 16-02-2012 - 19:55 | |
CVE-2012-0755 | 9.3 |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via uns
|
30-01-2023 - 18:00 | 16-02-2012 - 19:55 | |
CVE-2013-0880 | 7.5 |
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databas
|
24-01-2023 - 01:50 | 23-02-2013 - 21:55 | |
CVE-2013-0898 | 7.5 |
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL.
|
24-01-2023 - 01:46 | 23-02-2013 - 21:55 | |
CVE-2005-0245 | 7.5 |
Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE
|
19-01-2023 - 20:13 | 01-02-2005 - 05:00 | |
CVE-2013-5829 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto
|
21-12-2022 - 15:35 | 16-10-2013 - 17:55 | |
CVE-2013-5830 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect conf
|
21-12-2022 - 15:33 | 16-10-2013 - 17:55 | |
CVE-2013-5842 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto
|
21-12-2022 - 15:32 | 16-10-2013 - 17:55 | |
CVE-2013-5843 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and ava
|
21-12-2022 - 15:28 | 16-10-2013 - 17:55 | |
CVE-2008-4609 | 7.1 |
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vect
|
14-12-2022 - 16:40 | 20-10-2008 - 17:59 | |
CVE-2011-3389 | 4.3 |
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man
|
29-11-2022 - 15:56 | 06-09-2011 - 19:55 | |
CVE-2010-0987 | 9.3 |
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.
|
03-11-2022 - 17:38 | 13-05-2010 - 17:30 | |
CVE-2010-0986 | 9.3 |
Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.
|
03-11-2022 - 17:35 | 13-05-2010 - 17:30 | |
CVE-2010-0130 | 9.3 |
Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.
|
03-11-2022 - 17:34 | 13-05-2010 - 17:30 | |
CVE-2010-0127 | 9.3 |
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.
|
03-11-2022 - 17:33 | 13-05-2010 - 17:30 | |
CVE-2009-2948 | 1.9 |
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain t
|
31-10-2022 - 15:03 | 07-10-2009 - 18:30 | |
CVE-2010-1281 | 9.3 |
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)
|
29-09-2022 - 16:52 | 13-05-2010 - 17:30 | |
CVE-2006-5752 | 4.3 |
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML vi
|
21-09-2022 - 19:34 | 27-06-2007 - 17:30 | |
CVE-2009-3095 | 5.0 |
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as
|
19-09-2022 - 19:50 | 08-09-2009 - 18:30 | |
CVE-2011-3348 | 4.3 |
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP r
|
19-09-2022 - 19:49 | 20-09-2011 - 05:55 | |
CVE-2011-3192 | 7.8 |
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as e
|
19-09-2022 - 19:49 | 29-08-2011 - 15:55 | |
CVE-2009-3094 | 2.6 |
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a mal
|
19-09-2022 - 19:49 | 08-09-2009 - 18:30 | |
CVE-2012-5096 | 3.5 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
|
16-09-2022 - 19:53 | 17-01-2013 - 01:55 | |
CVE-2010-2179 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecifi
|
15-09-2022 - 13:29 | 15-06-2010 - 18:00 | |
CVE-2013-1862 | 5.1 |
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containi
|
14-09-2022 - 19:50 | 10-06-2013 - 17:55 | |
CVE-2008-3804 | 7.1 |
Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path
|
29-08-2022 - 21:04 | 26-09-2008 - 16:21 | |
CVE-2013-0383 | 4.3 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
|
29-08-2022 - 20:49 | 17-01-2013 - 01:55 | |
CVE-2009-1888 | 5.8 |
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vecto
|
29-08-2022 - 19:43 | 25-06-2009 - 01:30 | |
CVE-2012-0574 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
|
26-08-2022 - 20:32 | 17-01-2013 - 01:55 | |
CVE-2012-0572 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
|
26-08-2022 - 20:32 | 17-01-2013 - 01:55 | |
CVE-2012-1705 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
|
26-08-2022 - 20:31 | 17-01-2013 - 01:55 | |
CVE-2012-0578 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
|
26-08-2022 - 20:31 | 17-01-2013 - 01:55 | |
CVE-2013-0367 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
|
26-08-2022 - 16:23 | 17-01-2013 - 01:55 | |
CVE-2013-0368 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
|
26-08-2022 - 16:23 | 17-01-2013 - 01:55 | |
CVE-2013-0371 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
|
26-08-2022 - 16:23 | 17-01-2013 - 01:55 | |
CVE-2004-0589 | 4.3 |
Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.
|
24-08-2022 - 15:40 | 06-08-2004 - 04:00 | |
CVE-2009-1724 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors r
|
09-08-2022 - 13:48 | 09-07-2009 - 17:30 | |
CVE-2009-1725 | 9.3 |
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character
|
09-08-2022 - 13:48 | 09-07-2009 - 17:30 | |
CVE-2010-1387 | 9.3 |
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) vi
|
09-08-2022 - 13:48 | 18-06-2010 - 16:30 | |
CVE-2010-4180 | 4.3 |
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an uninte
|
04-08-2022 - 19:59 | 06-12-2010 - 21:05 | |
CVE-2012-1702 | 5.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
|
04-08-2022 - 19:55 | 17-01-2013 - 01:55 | |
CVE-2012-5612 | 6.5 |
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute ar
|
20-07-2022 - 16:24 | 03-12-2012 - 12:49 | |
CVE-2006-4482 | 9.3 |
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990
|
19-07-2022 - 18:32 | 31-08-2006 - 21:04 | |
CVE-2013-0375 | 5.5 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
|
19-07-2022 - 16:22 | 17-01-2013 - 01:55 | |
CVE-2013-0385 | 6.6 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
|
18-07-2022 - 17:53 | 17-01-2013 - 01:55 | |
CVE-2008-4864 | 7.5 |
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function,
|
05-07-2022 - 18:48 | 01-11-2008 - 00:00 | |
CVE-2008-1721 | 7.5 |
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
|
05-07-2022 - 18:43 | 10-04-2008 - 19:05 | |
CVE-2008-3142 | 7.5 |
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicod
|
05-07-2022 - 18:41 | 01-08-2008 - 14:41 | |
CVE-2013-0389 | 6.8 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
|
30-06-2022 - 19:53 | 17-01-2013 - 01:55 | |
CVE-2013-0384 | 6.8 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
|
30-06-2022 - 19:52 | 17-01-2013 - 01:55 | |
CVE-2013-0386 | 6.8 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
|
30-06-2022 - 19:52 | 17-01-2013 - 01:55 | |
CVE-2008-1887 | 9.3 |
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when asse
|
27-06-2022 - 16:33 | 18-04-2008 - 17:05 | |
CVE-2005-2096 | 7.5 |
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted
|
22-06-2022 - 16:40 | 06-07-2005 - 04:00 | |
CVE-2011-4372 | 7.5 |
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and
|
03-06-2022 - 17:21 | 10-01-2012 - 21:55 | |
CVE-2011-4373 | 7.5 |
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and
|
03-06-2022 - 15:50 | 10-01-2012 - 21:55 | |
CVE-2011-3279 | 7.8 |
The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti9821
|
02-06-2022 - 17:24 | 03-10-2011 - 23:55 | |
CVE-2008-3813 | 7.8 |
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.
|
02-06-2022 - 17:22 | 26-09-2008 - 16:21 | |
CVE-2008-3812 | 7.1 |
Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.
|
02-06-2022 - 17:20 | 26-09-2008 - 16:21 | |
CVE-2008-3809 | 7.1 |
Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet.
|
02-06-2022 - 17:19 | 26-09-2008 - 16:21 | |
CVE-2008-3807 | 9.3 |
Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this commun
|
02-06-2022 - 17:18 | 26-09-2008 - 16:21 | |
CVE-2008-3808 | 7.8 |
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet.
|
02-06-2022 - 17:18 | 26-09-2008 - 16:21 | |
CVE-2008-3806 | 8.5 |
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of s
|
02-06-2022 - 17:18 | 26-09-2008 - 16:21 | |
CVE-2008-3805 | 8.5 |
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of s
|
02-06-2022 - 17:17 | 26-09-2008 - 16:21 | |
CVE-2008-3803 | 5.1 |
A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from oth
|
02-06-2022 - 17:16 | 26-09-2008 - 16:21 | |
CVE-2008-3802 | 7.1 |
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Ci
|
02-06-2022 - 17:13 | 26-09-2008 - 16:21 | |
CVE-2008-3801 | 7.1 |
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device
|
02-06-2022 - 17:12 | 26-09-2008 - 16:21 | |
CVE-2008-3800 | 7.1 |
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device
|
02-06-2022 - 17:11 | 26-09-2008 - 16:21 | |
CVE-2008-3799 | 7.8 |
Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP
|
02-06-2022 - 17:10 | 26-09-2008 - 16:21 | |
CVE-2008-3798 | 7.8 |
Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session.
|
02-06-2022 - 17:09 | 26-09-2008 - 16:21 | |
CVE-2008-2739 | 7.8 |
The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different
|
02-06-2022 - 17:09 | 26-09-2008 - 16:21 | |
CVE-2007-0918 | 7.1 |
The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations tha
|
02-06-2022 - 17:09 | 14-02-2007 - 02:28 | |
CVE-2013-5817 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors relat
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5810 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5804 | 6.4 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unkno
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5806 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5778 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5840 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5805 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5846 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and JavaFX 2.2.40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5832 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5787 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5783 | 6.4 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to S
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5844 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5831 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-20
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5789 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5820 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5803 | 2.6 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect avai
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5802 | 7.5 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect conf
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5812 | 6.4 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5854 | 2.6 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors.
|
13-05-2022 - 14:57 | 16-10-2013 - 18:55 | |
CVE-2013-5784 | 4.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5819 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-20
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5777 | 9.3 |
Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerabil
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5782 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect conf
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5824 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5775 | 7.5 |
Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerabil
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5774 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5851 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
|
13-05-2022 - 14:57 | 16-10-2013 - 18:55 | |
CVE-2013-5848 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5788 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5850 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5818 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-20
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5801 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5780 | 4.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect conf
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5772 | 2.6 |
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5849 | 4.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5809 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5790 | 4.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5852 | 7.6 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
|
13-05-2022 - 14:57 | 16-10-2013 - 18:55 | |
CVE-2013-5800 | 4.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5797 | 3.5 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect in
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5776 | 5.0 |
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors relat
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5823 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5814 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors relat
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5825 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect avai
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-3829 | 6.4 |
Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentia
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-2418 | 4.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to D
|
13-05-2022 - 14:53 | 17-04-2013 - 18:55 | |
CVE-2013-2435 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:53 | 17-04-2013 - 18:55 | |
CVE-2012-5071 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX
|
13-05-2022 - 14:53 | 16-10-2012 - 21:55 | |
CVE-2013-1475 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:53 | 02-02-2013 - 00:55 | |
CVE-2012-1711 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrit
|
13-05-2022 - 14:53 | 16-06-2012 - 21:55 | |
CVE-2013-1481 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknow
|
13-05-2022 - 14:53 | 02-02-2013 - 00:55 | |
CVE-2012-1725 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
|
13-05-2022 - 14:53 | 16-06-2012 - 21:55 | |
CVE-2012-0502 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and u
|
13-05-2022 - 14:53 | 15-02-2012 - 22:55 | |
CVE-2013-0438 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
|
13-05-2022 - 14:53 | 02-02-2013 - 00:55 | |
CVE-2013-0432 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:53 | 02-02-2013 - 00:55 | |
CVE-2011-3547 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java a
|
13-05-2022 - 14:52 | 19-10-2011 - 21:55 | |
CVE-2011-3561 | 1.8 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
|
13-05-2022 - 14:52 | 19-10-2011 - 21:55 | |
CVE-2013-2422 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via u
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2012-5075 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX.
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-5069 | 5.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vec
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-3159 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-3143 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability,
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-5089 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability,
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-5072 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security.
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-5068 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2011-3563 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and ava
|
13-05-2022 - 14:52 | 15-02-2012 - 22:55 | |
CVE-2011-3546 | 5.8 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and
|
13-05-2022 - 14:52 | 19-10-2011 - 21:55 | |
CVE-2012-3342 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-2433 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnera
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2012-3213 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scri
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-5086 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2013-2440 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2012-4416 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot.
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-1716 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2013-1473 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-1721 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2013-1480 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-1713 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect c
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2012-1722 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2012-1718 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2013-1478 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-1479 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unkn
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-1476 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-1558 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-1540 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnera
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2010-1423 | 9.3 |
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code
|
13-05-2022 - 14:52 | 15-04-2010 - 21:30 | |
CVE-2012-1723 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrit
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2012-1532 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-1719 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to COR
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2012-1533 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-1720 | 3.7 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect conf
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2012-1541 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-1724 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP.
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2013-0445 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0442 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0427 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors rela
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0435 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0450 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-0505 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and unt
|
13-05-2022 - 14:52 | 15-02-2012 - 22:55 | |
CVE-2013-0423 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-0503 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and u
|
13-05-2022 - 14:52 | 15-02-2012 - 22:55 | |
CVE-2013-0443 | 4.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0428 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-0501 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
|
13-05-2022 - 14:52 | 15-02-2012 - 22:55 | |
CVE-2013-0434 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-0506 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and u
|
13-05-2022 - 14:52 | 15-02-2012 - 22:55 | |
CVE-2013-0433 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors rela
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0429 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-0500 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets t
|
13-05-2022 - 14:52 | 15-02-2012 - 22:55 | |
CVE-2013-0419 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-0498 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability
|
13-05-2022 - 14:52 | 15-02-2012 - 22:55 | |
CVE-2012-0551 | 5.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows
|
13-05-2022 - 14:52 | 03-05-2012 - 18:55 | |
CVE-2012-0497 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 15-02-2012 - 22:55 | |
CVE-2013-0425 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-0504 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 15-02-2012 - 22:55 | |
CVE-2013-0409 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0441 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0426 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-0499 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to
|
13-05-2022 - 14:52 | 15-02-2012 - 22:55 | |
CVE-2013-0446 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0440 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via v
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0430 | 6.9 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the inst
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0424 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vect
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0351 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2010-0128 | 9.3 |
Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir fil
|
22-04-2022 - 01:44 | 13-05-2010 - 17:30 | |
CVE-2010-1283 | 9.3 |
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF
|
05-04-2022 - 14:48 | 13-05-2010 - 17:30 | |
CVE-2010-1282 | 4.3 |
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.
|
05-04-2022 - 14:46 | 13-05-2010 - 17:30 | |
CVE-2011-2001 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual
|
01-03-2022 - 16:39 | 12-10-2011 - 02:52 | |
CVE-2012-0171 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability."
|
01-03-2022 - 16:34 | 10-04-2012 - 21:55 | |
CVE-2012-0169 | 9.3 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability."
|
01-03-2022 - 16:33 | 10-04-2012 - 21:55 | |
CVE-2012-0168 | 7.6 |
Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution
|
01-03-2022 - 16:32 | 10-04-2012 - 21:55 | |
CVE-2012-0155 | 9.3 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."
|
01-03-2022 - 16:30 | 14-02-2012 - 22:55 | |
CVE-2012-0012 | 4.3 |
Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure
|
01-03-2022 - 16:29 | 14-02-2012 - 22:55 | |
CVE-2012-0011 | 9.3 |
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability."
|
01-03-2022 - 16:28 | 14-02-2012 - 22:55 | |
CVE-2009-0915 | 6.8 |
Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.
|
01-03-2022 - 15:06 | 16-03-2009 - 19:30 | |
CVE-2012-0010 | 4.3 |
Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information D
|
01-03-2022 - 14:58 | 14-02-2012 - 22:55 | |
CVE-2011-3404 | 4.3 |
Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web
|
01-03-2022 - 14:55 | 14-12-2011 - 00:55 | |
CVE-2011-2019 | 9.3 |
Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a d
|
01-03-2022 - 14:50 | 14-12-2011 - 00:55 | |
CVE-2011-1992 | 4.3 |
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."
|
01-03-2022 - 14:26 | 14-12-2011 - 00:55 | |
CVE-2011-2000 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."
|
28-02-2022 - 20:50 | 12-10-2011 - 02:52 | |
CVE-2011-1999 | 9.3 |
Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."
|
28-02-2022 - 20:49 | 12-10-2011 - 02:52 | |
CVE-2011-1998 | 9.3 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability."
|
28-02-2022 - 20:26 | 12-10-2011 - 02:52 | |
CVE-2011-1996 | 9.3 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
|
28-02-2022 - 20:25 | 12-10-2011 - 02:52 | |
CVE-2011-1995 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerabili
|
28-02-2022 - 20:23 | 12-10-2011 - 02:52 | |
CVE-2011-1993 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability."
|
28-02-2022 - 20:17 | 12-10-2011 - 02:52 | |
CVE-2011-1964 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corru
|
28-02-2022 - 20:01 | 10-08-2011 - 21:55 | |
CVE-2011-1960 | 4.3 |
Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclo
|
28-02-2022 - 20:01 | 10-08-2011 - 21:55 | |
CVE-2011-1963 | 9.3 |
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vu
|
28-02-2022 - 20:00 | 10-08-2011 - 21:55 | |
CVE-2011-1962 | 4.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Sh
|
28-02-2022 - 19:58 | 10-08-2011 - 21:55 | |
CVE-2011-1961 | 9.3 |
The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerab
|
28-02-2022 - 19:54 | 10-08-2011 - 21:55 | |
CVE-2011-1257 | 7.6 |
Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."
|
28-02-2022 - 19:49 | 10-08-2011 - 21:55 | |
CVE-2011-1266 | 9.3 |
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly
|
28-02-2022 - 19:48 | 16-06-2011 - 20:55 | |
CVE-2011-1262 | 9.3 |
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corr
|
28-02-2022 - 19:46 | 16-06-2011 - 20:55 | |
CVE-2011-1261 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory C
|
28-02-2022 - 19:44 | 16-06-2011 - 20:55 | |
CVE-2011-1258 | 4.3 |
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "D
|
28-02-2022 - 19:43 | 16-06-2011 - 20:55 | |
CVE-2011-1256 | 9.3 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory C
|
28-02-2022 - 19:41 | 16-06-2011 - 20:55 | |
CVE-2011-1255 | 9.3 |
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1)
|
28-02-2022 - 19:35 | 16-06-2011 - 20:55 | |
CVE-2011-1254 | 9.3 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corr
|
28-02-2022 - 19:33 | 16-06-2011 - 20:55 | |
CVE-2011-1251 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption
|
28-02-2022 - 19:32 | 16-06-2011 - 20:55 | |
CVE-2011-1250 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling
|
28-02-2022 - 19:30 | 16-06-2011 - 20:55 | |
CVE-2011-1246 | 4.3 |
Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information
|
28-02-2022 - 19:26 | 16-06-2011 - 20:55 | |
CVE-2011-1244 | 5.8 |
Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information
|
28-02-2022 - 19:25 | 13-04-2011 - 18:55 | |
CVE-2010-3348 | 4.3 |
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosur
|
28-02-2022 - 19:23 | 16-12-2010 - 19:33 | |
CVE-2010-3346 | 9.3 |
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption,
|
28-02-2022 - 19:22 | 16-12-2010 - 19:33 | |
CVE-2010-3345 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML
|
28-02-2022 - 19:21 | 16-12-2010 - 19:33 | |
CVE-2010-3343 | 9.3 |
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML
|
28-02-2022 - 19:20 | 16-12-2010 - 19:33 | |
CVE-2010-3342 | 4.3 |
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosur
|
28-02-2022 - 19:19 | 16-12-2010 - 19:33 | |
CVE-2010-3962 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issu
|
28-02-2022 - 19:15 | 05-11-2010 - 17:00 | |
CVE-2010-2560 | 9.3 |
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption,
|
28-02-2022 - 18:57 | 11-08-2010 - 18:47 | |
CVE-2005-0233 | 7.5 |
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homog
|
28-02-2022 - 17:41 | 08-02-2005 - 05:00 | |
CVE-2010-2559 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Unini
|
28-02-2022 - 17:31 | 11-08-2010 - 18:47 | |
CVE-2010-2558 | 9.3 |
Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerabili
|
28-02-2022 - 17:30 | 11-08-2010 - 18:47 | |
CVE-2010-2557 | 9.3 |
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Unini
|
28-02-2022 - 17:27 | 11-08-2010 - 18:47 | |
CVE-2010-2556 | 9.3 |
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption,
|
28-02-2022 - 17:24 | 11-08-2010 - 18:47 | |
CVE-2010-1489 | 4.3 |
The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a differe
|
28-02-2022 - 17:15 | 20-04-2010 - 16:30 | |
CVE-2009-3270 | 5.0 |
Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
|
28-02-2022 - 17:00 | 18-09-2009 - 22:30 | |
CVE-2009-3267 | 5.0 |
Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
|
28-02-2022 - 16:59 | 18-09-2009 - 22:30 | |
CVE-2007-1751 | 9.3 |
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corrupti
|
28-02-2022 - 16:50 | 12-06-2007 - 19:30 | |
CVE-2010-1289 | 9.3 |
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-201
|
28-02-2022 - 14:41 | 13-05-2010 - 21:30 | |
CVE-2010-1288 | 9.3 |
Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors.
|
28-02-2022 - 14:41 | 13-05-2010 - 21:30 | |
CVE-2010-1287 | 9.3 |
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-201
|
28-02-2022 - 14:41 | 13-05-2010 - 21:30 | |
CVE-2010-1286 | 9.3 |
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-201
|
28-02-2022 - 14:41 | 13-05-2010 - 21:30 | |
CVE-2010-1291 | 9.3 |
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-201
|
28-02-2022 - 14:41 | 13-05-2010 - 21:30 | |
CVE-2010-1292 | 9.3 |
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a d
|
28-02-2022 - 14:35 | 13-05-2010 - 17:30 | |
CVE-2010-3886 | 4.3 |
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtai
|
18-02-2022 - 18:39 | 08-10-2010 - 22:00 | |
CVE-2008-4019 | 9.3 |
Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold
|
09-02-2022 - 19:22 | 15-10-2008 - 00:12 | |
CVE-2008-3471 | 9.3 |
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; O
|
09-02-2022 - 19:22 | 15-10-2008 - 00:12 | |
CVE-2008-4250 | 10.0 |
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during p
|
09-02-2022 - 14:36 | 23-10-2008 - 22:00 | |
CVE-2007-2356 | 6.8 |
Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.
|
07-02-2022 - 19:21 | 30-04-2007 - 22:19 | |
CVE-2009-1570 | 9.3 |
Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.
|
07-02-2022 - 17:54 | 13-11-2009 - 15:30 | |
CVE-2007-2949 | 6.8 |
Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.
|
07-02-2022 - 17:48 | 04-07-2007 - 15:30 | |
CVE-2006-3404 | 5.1 |
Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VE
|
07-02-2022 - 17:27 | 06-07-2006 - 20:05 | |
CVE-2006-3894 | 5.0 |
The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
|
17-12-2021 - 20:00 | 22-05-2007 - 19:30 | |
CVE-2010-1290 | 9.3 |
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-201
|
16-12-2021 - 18:19 | 13-05-2010 - 21:30 | |
CVE-2005-4360 | 7.8 |
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.d
|
08-11-2021 - 21:45 | 20-12-2005 - 01:03 | |
CVE-2009-0080 | 6.9 |
The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows
|
08-11-2021 - 21:45 | 15-04-2009 - 08:00 | |
CVE-2009-2816 | 6.8 |
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight,
|
08-11-2021 - 21:43 | 13-11-2009 - 15:30 | |
CVE-2004-0081 | 5.0 |
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
|
08-11-2021 - 15:48 | 23-11-2004 - 05:00 | |
CVE-2011-4370 | 7.5 |
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and
|
22-09-2021 - 14:22 | 10-01-2012 - 21:55 | |
CVE-2013-0074 | 9.3 |
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Dou
|
22-09-2021 - 14:22 | 13-03-2013 - 00:55 | |
CVE-2013-0021 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability."
|
17-09-2021 - 11:15 | 13-02-2013 - 12:04 | |
CVE-2007-0066 | 7.1 |
The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-boun
|
13-09-2021 - 01:23 | 08-01-2008 - 20:46 | |
CVE-2010-4487 | 7.5 |
Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."
|
08-09-2021 - 17:19 | 07-12-2010 - 21:00 | |
CVE-2012-0724 | 9.3 |
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725.
|
08-09-2021 - 17:19 | 06-04-2012 - 20:55 | |
CVE-2012-0725 | 9.3 |
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724.
|
08-09-2021 - 17:19 | 06-04-2012 - 20:55 | |
CVE-2012-4845 | 6.8 |
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executa
|
31-08-2021 - 15:43 | 20-10-2012 - 10:41 | |
CVE-2013-3905 | 5.0 |
Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificat
|
30-08-2021 - 14:28 | 13-11-2013 - 00:55 | |
CVE-2010-3971 | 9.3 |
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code
|
23-07-2021 - 15:12 | 22-12-2010 - 21:00 | |
CVE-2012-1872 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2009-3673 | 9.3 |
Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka
|
23-07-2021 - 15:12 | 09-12-2009 - 18:30 | |
CVE-2010-1261 | 9.3 |
The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption,
|
23-07-2021 - 15:12 | 08-06-2010 - 22:30 | |
CVE-2011-1345 | 9.3 |
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Few
|
23-07-2021 - 15:12 | 10-03-2011 - 20:55 | |
CVE-2009-1917 | 9.3 |
Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly h
|
23-07-2021 - 15:12 | 29-07-2009 - 17:30 | |
CVE-2010-3330 | 4.3 |
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information D
|
23-07-2021 - 15:12 | 13-10-2010 - 19:00 | |
CVE-2010-3325 | 4.3 |
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a cra
|
23-07-2021 - 15:12 | 13-10-2010 - 19:00 | |
CVE-2009-3671 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Unini
|
23-07-2021 - 15:12 | 09-12-2009 - 18:30 | |
CVE-2010-1258 | 4.3 |
Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "E
|
23-07-2021 - 15:12 | 11-08-2010 - 18:47 | |
CVE-2011-2383 | 4.3 |
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: U
|
23-07-2021 - 15:12 | 03-06-2011 - 17:55 | |
CVE-2009-1919 | 9.3 |
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do n
|
23-07-2021 - 15:12 | 29-07-2009 - 17:30 | |
CVE-2010-1259 | 9.3 |
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption V
|
23-07-2021 - 15:12 | 08-06-2010 - 22:30 | |
CVE-2009-1530 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML doc
|
23-07-2021 - 15:12 | 10-06-2009 - 18:30 | |
CVE-2010-1257 | 4.3 |
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows re
|
23-07-2021 - 15:12 | 08-06-2010 - 20:30 | |
CVE-2009-1529 | 9.3 |
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling
|
23-07-2021 - 15:12 | 10-06-2009 - 18:30 | |
CVE-2010-3329 | 9.3 |
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Cor
|
23-07-2021 - 15:12 | 13-10-2010 - 19:00 | |
CVE-2011-1713 | 4.3 |
Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: thi
|
23-07-2021 - 15:12 | 15-04-2011 - 20:55 | |
CVE-2010-1262 | 9.3 |
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and
|
23-07-2021 - 15:12 | 08-06-2010 - 22:30 | |
CVE-2010-3324 | 4.3 |
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows rem
|
23-07-2021 - 15:12 | 17-09-2010 - 18:00 | |
CVE-2009-4074 | 4.3 |
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of
|
23-07-2021 - 15:12 | 25-11-2009 - 18:30 | |
CVE-2010-1260 | 9.3 |
The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption,
|
23-07-2021 - 15:12 | 08-06-2010 - 22:30 | |
CVE-2009-1918 | 10.0 |
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do n
|
23-07-2021 - 15:12 | 29-07-2009 - 17:30 | |
CVE-2010-3331 | 9.3 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1
|
23-07-2021 - 15:12 | 13-10-2010 - 19:00 | |
CVE-2010-3243 | 4.3 |
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to injec
|
23-07-2021 - 15:12 | 13-10-2010 - 19:00 | |
CVE-2010-3327 | 4.3 |
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, a
|
23-07-2021 - 15:12 | 13-10-2010 - 19:00 | |
CVE-2009-2433 | 4.3 |
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
|
23-07-2021 - 15:12 | 10-07-2009 - 21:00 | |
CVE-2009-3674 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Unini
|
23-07-2021 - 15:12 | 09-12-2009 - 18:30 | |
CVE-2011-0347 | 9.3 |
Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.
|
23-07-2021 - 15:12 | 07-01-2011 - 23:00 | |
CVE-2010-0027 | 9.3 |
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attac
|
23-07-2021 - 15:12 | 22-01-2010 - 22:00 | |
CVE-2012-1877 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2012-1858 | 4.3 |
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduc
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2011-0038 | 9.3 |
Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "I
|
23-07-2021 - 15:12 | 10-02-2011 - 16:00 | |
CVE-2011-0035 | 9.3 |
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption,
|
23-07-2021 - 15:12 | 10-02-2011 - 16:00 | |
CVE-2010-0244 | 9.3 |
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corru
|
23-07-2021 - 15:12 | 22-01-2010 - 22:00 | |
CVE-2010-0494 | 4.3 |
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the cl
|
23-07-2021 - 15:12 | 31-03-2010 - 19:30 | |
CVE-2010-0245 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Unini
|
23-07-2021 - 15:12 | 22-01-2010 - 22:00 | |
CVE-2010-0246 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Unini
|
23-07-2021 - 15:12 | 22-01-2010 - 22:00 | |
CVE-2012-1874 | 9.3 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2012-1879 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerabil
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2010-0255 | 4.3 |
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScr
|
23-07-2021 - 15:12 | 04-02-2010 - 20:15 | |
CVE-2010-0492 | 9.3 |
Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption,
|
23-07-2021 - 15:12 | 31-03-2010 - 19:30 | |
CVE-2012-1876 | 9.3 |
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflo
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2010-0248 | 9.3 |
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corru
|
23-07-2021 - 15:12 | 22-01-2010 - 22:00 | |
CVE-2012-1873 | 4.3 |
Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerab
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2012-1875 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2011-1260 | 9.3 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vuln
|
23-07-2021 - 15:12 | 16-06-2011 - 20:55 | |
CVE-2011-0036 | 9.3 |
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption,
|
23-07-2021 - 15:12 | 10-02-2011 - 16:00 | |
CVE-2011-1252 | 4.3 |
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows
|
23-07-2021 - 15:12 | 16-06-2011 - 20:55 | |
CVE-2012-1878 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2012-1882 | 4.3 |
Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerabi
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2010-0490 | 9.3 |
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corru
|
23-07-2021 - 15:12 | 31-03-2010 - 19:30 | |
CVE-2012-1523 | 9.3 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2012-0172 | 9.3 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 10-04-2012 - 21:55 | |
CVE-2012-1880 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2011-0346 | 9.3 |
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM i
|
23-07-2021 - 15:12 | 07-01-2011 - 23:00 | |
CVE-2012-1881 | 9.3 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2007-5347 | 6.8 |
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
|
23-07-2021 - 15:06 | 12-12-2007 - 00:46 | |
CVE-2007-5344 | 6.8 |
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption
|
23-07-2021 - 15:06 | 12-12-2007 - 00:46 | |
CVE-2007-3892 | 7.5 |
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.
|
23-07-2021 - 15:06 | 09-10-2007 - 22:17 | |
CVE-2007-3903 | 6.8 |
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-
|
23-07-2021 - 15:06 | 12-12-2007 - 00:46 | |
CVE-2007-3902 | 9.3 |
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property o
|
23-07-2021 - 15:06 | 12-12-2007 - 00:46 | |
CVE-2007-3893 | 6.8 |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.
|
23-07-2021 - 15:06 | 09-10-2007 - 22:17 | |
CVE-2006-2766 | 2.6 |
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via
|
23-07-2021 - 15:06 | 02-06-2006 - 10:18 | |
CVE-2010-0247 | 9.3 |
Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory c
|
23-07-2021 - 15:06 | 22-01-2010 - 22:00 | |
CVE-2007-2222 | 9.3 |
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object tha
|
23-07-2021 - 15:05 | 12-06-2007 - 19:30 | |
CVE-2007-3027 | 9.3 |
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation V
|
23-07-2021 - 15:05 | 12-06-2007 - 19:30 | |
CVE-2007-2292 | 4.3 |
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
|
23-07-2021 - 15:05 | 26-04-2007 - 20:19 | |
CVE-2007-3896 | 9.3 |
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as de
|
23-07-2021 - 15:05 | 11-10-2007 - 00:17 | |
CVE-2007-3091 | 7.1 |
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions
|
23-07-2021 - 15:05 | 06-06-2007 - 21:30 | |
CVE-2007-2221 | 9.3 |
Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 o
|
23-07-2021 - 15:05 | 08-05-2007 - 23:19 | |
CVE-2006-4697 | 9.3 |
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
|
23-07-2021 - 15:05 | 13-02-2007 - 22:28 | |
CVE-2007-0945 | 9.3 |
Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corrupt
|
23-07-2021 - 15:05 | 08-05-2007 - 23:19 | |
CVE-2007-0218 | 9.3 |
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.
|
23-07-2021 - 15:05 | 12-06-2007 - 19:30 | |
CVE-2007-1750 | 9.3 |
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.
|
23-07-2021 - 15:05 | 12-06-2007 - 19:30 | |
CVE-2007-0219 | 10.0 |
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue th
|
23-07-2021 - 15:05 | 13-02-2007 - 23:28 | |
CVE-2007-0024 | 9.3 |
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted
|
23-07-2021 - 15:05 | 09-01-2007 - 23:28 | |
CVE-2007-0942 | 9.3 |
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls,
|
23-07-2021 - 15:05 | 08-05-2007 - 23:19 | |
CVE-2007-4790 | 7.5 |
Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to e
|
23-07-2021 - 15:04 | 10-09-2007 - 21:17 | |
CVE-2009-1528 | 9.3 |
Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitr
|
23-07-2021 - 15:04 | 10-06-2009 - 18:30 | |
CVE-2008-2255 | 9.3 |
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Objec
|
23-07-2021 - 15:04 | 13-08-2008 - 12:42 | |
CVE-2008-2259 | 9.3 |
Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."
|
23-07-2021 - 15:04 | 13-08-2008 - 12:42 | |
CVE-2008-2258 | 9.3 |
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a spec
|
23-07-2021 - 15:04 | 13-08-2008 - 12:42 | |
CVE-2010-3340 | 9.3 |
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka
|
23-07-2021 - 15:04 | 16-12-2010 - 19:33 | |
CVE-2007-3041 | 9.3 |
Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "Active
|
23-07-2021 - 15:04 | 14-08-2007 - 21:17 | |
CVE-2008-2254 | 9.3 |
Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."
|
23-07-2021 - 15:04 | 13-08-2008 - 12:42 | |
CVE-2007-3826 | 9.3 |
Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, bu
|
23-07-2021 - 15:04 | 17-07-2007 - 21:30 | |
CVE-2008-2256 | 9.3 |
Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uni
|
23-07-2021 - 15:04 | 13-08-2008 - 12:42 | |
CVE-2008-2257 | 9.3 |
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a spec
|
23-07-2021 - 15:04 | 13-08-2008 - 12:42 | |
CVE-2011-1245 | 4.3 |
Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Informati
|
23-07-2021 - 15:04 | 13-04-2011 - 18:55 | |
CVE-2007-2216 | 9.3 |
The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a cr
|
23-07-2021 - 15:04 | 14-08-2007 - 21:17 | |
CVE-2009-1531 | 9.3 |
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combi
|
23-07-2021 - 15:04 | 10-06-2009 - 18:30 | |
CVE-2010-0488 | 4.3 |
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding
|
23-07-2021 - 15:04 | 31-03-2010 - 19:30 | |
CVE-2007-1749 | 9.3 |
Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer siz
|
23-07-2021 - 15:04 | 14-08-2007 - 22:17 | |
CVE-2005-2087 | 5.0 |
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedd
|
23-07-2021 - 15:04 | 05-07-2005 - 04:00 | |
CVE-2010-0267 | 9.3 |
Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corrupti
|
23-07-2021 - 15:04 | 31-03-2010 - 19:30 | |
CVE-2005-1790 | 2.6 |
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "M
|
23-07-2021 - 15:04 | 01-06-2005 - 04:00 | |
CVE-2012-0170 | 9.3 |
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability."
|
23-07-2021 - 15:04 | 10-04-2012 - 21:55 | |
CVE-2011-0094 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerabilit
|
23-07-2021 - 15:04 | 13-04-2011 - 18:55 | |
CVE-2010-0807 | 9.3 |
Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
|
23-07-2021 - 15:04 | 31-03-2010 - 19:30 | |
CVE-2010-0806 | 9.3 |
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an
|
23-07-2021 - 15:04 | 10-03-2010 - 22:30 | |
CVE-2009-1140 | 7.1 |
Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers t
|
23-07-2021 - 15:04 | 10-06-2009 - 18:30 | |
CVE-2010-0808 | 2.6 |
Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoCo
|
23-07-2021 - 15:04 | 13-10-2010 - 19:00 | |
CVE-2010-0489 | 9.3 |
Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability."
|
23-07-2021 - 15:04 | 31-03-2010 - 19:30 | |
CVE-2004-0214 | 10.0 |
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long s
|
23-07-2021 - 15:03 | 03-11-2004 - 05:00 | |
CVE-2004-0727 | 7.5 |
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to
|
23-07-2021 - 15:02 | 27-07-2004 - 04:00 | |
CVE-2003-0309 | 7.5 |
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple
|
23-07-2021 - 15:02 | 09-06-2003 - 04:00 | |
CVE-2004-0420 | 10.0 |
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demo
|
23-07-2021 - 15:02 | 07-07-2004 - 04:00 | |
CVE-2002-0027 | 7.5 |
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Ver
|
23-07-2021 - 12:55 | 08-03-2002 - 05:00 | |
CVE-2002-0648 | 5.0 |
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
|
23-07-2021 - 12:55 | 24-09-2002 - 04:00 | |
CVE-2002-0190 | 7.5 |
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerabilit
|
23-07-2021 - 12:55 | 29-05-2002 - 04:00 | |
CVE-2002-1254 | 7.5 |
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification
|
23-07-2021 - 12:55 | 11-12-2002 - 05:00 | |
CVE-2002-1187 | 6.8 |
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting,
|
23-07-2021 - 12:55 | 11-12-2002 - 05:00 | |
CVE-2006-3450 | 7.5 |
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain
|
23-07-2021 - 12:55 | 08-08-2006 - 23:04 | |
CVE-2002-1188 | 6.4 |
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security chec
|
23-07-2021 - 12:55 | 11-12-2002 - 05:00 | |
CVE-2006-3281 | 5.1 |
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and w
|
23-07-2021 - 12:55 | 28-06-2006 - 22:05 | |
CVE-2005-4089 | 7.1 |
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) file
|
23-07-2021 - 12:55 | 08-12-2005 - 11:03 | |
CVE-2006-3730 | 9.3 |
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which
|
23-07-2021 - 12:55 | 21-07-2006 - 14:03 | |
CVE-2006-4868 | 9.3 |
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Marku
|
23-07-2021 - 12:55 | 19-09-2006 - 19:07 | |
CVE-2002-1185 | 5.0 |
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes duri
|
23-07-2021 - 12:55 | 11-12-2002 - 05:00 | |
CVE-2006-3280 | 7.5 |
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies
|
23-07-2021 - 12:55 | 28-06-2006 - 22:05 | |
CVE-2006-2378 | 6.8 |
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corr
|
23-07-2021 - 12:55 | 13-06-2006 - 19:06 | |
CVE-2006-3357 | 7.5 |
Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field
|
23-07-2021 - 12:55 | 06-07-2006 - 20:05 | |
CVE-2006-3638 | 7.5 |
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the
|
23-07-2021 - 12:55 | 08-08-2006 - 23:04 | |
CVE-2002-1186 | 5.0 |
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site tha
|
23-07-2021 - 12:55 | 11-12-2002 - 05:00 | |
CVE-2006-2218 | 9.3 |
Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object
|
23-07-2021 - 12:55 | 05-05-2006 - 12:46 | |
CVE-2005-2830 | 5.0 |
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
|
23-07-2021 - 12:55 | 14-12-2005 - 11:03 | |
CVE-2006-1190 | 10.0 |
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and al
|
23-07-2021 - 12:55 | 11-04-2006 - 23:02 | |
CVE-2004-1043 | 5.0 |
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local z
|
23-07-2021 - 12:55 | 31-12-2004 - 05:00 | |
CVE-2004-1050 | 10.0 |
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vul
|
23-07-2021 - 12:55 | 31-12-2004 - 05:00 | |
CVE-2005-0055 | 7.5 |
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory
|
23-07-2021 - 12:55 | 02-05-2005 - 04:00 | |
CVE-2007-1091 | 6.8 |
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
|
23-07-2021 - 12:55 | 26-02-2007 - 11:28 | |
CVE-2004-0842 | 7.5 |
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based b
|
23-07-2021 - 12:55 | 23-12-2004 - 05:00 | |
CVE-2005-0555 | 7.5 |
Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."
|
23-07-2021 - 12:55 | 12-04-2005 - 04:00 | |
CVE-2003-1025 | 4.3 |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka
|
23-07-2021 - 12:55 | 20-01-2004 - 05:00 | |
CVE-2003-0817 | 7.5 |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
|
23-07-2021 - 12:55 | 03-02-2004 - 05:00 | |
CVE-2001-0875 | 7.5 |
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
|
23-07-2021 - 12:55 | 26-11-2001 - 05:00 | |
CVE-2005-2831 | 7.5 |
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for
|
23-07-2021 - 12:55 | 14-12-2005 - 11:03 | |
CVE-2001-0727 | 7.5 |
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, ak
|
23-07-2021 - 12:55 | 14-12-2001 - 05:00 | |
CVE-2006-1303 | 9.3 |
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransfo
|
23-07-2021 - 12:55 | 13-06-2006 - 19:06 | |
CVE-2005-0554 | 7.5 |
Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption V
|
23-07-2021 - 12:55 | 02-05-2005 - 04:00 | |
CVE-2003-0815 | 7.5 |
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or
|
23-07-2021 - 12:55 | 03-02-2004 - 05:00 | |
CVE-2003-1041 | 7.5 |
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it
|
23-07-2021 - 12:55 | 14-06-2004 - 04:00 | |
CVE-2006-1191 | 4.0 |
Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the
|
23-07-2021 - 12:55 | 11-04-2006 - 23:02 | |
CVE-2006-1626 | 4.3 |
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a
|
23-07-2021 - 12:55 | 05-04-2006 - 10:04 | |
CVE-2004-0839 | 5.0 |
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities
|
23-07-2021 - 12:55 | 18-08-2004 - 04:00 | |
CVE-2004-1166 | 7.5 |
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the com
|
23-07-2021 - 12:55 | 31-12-2004 - 05:00 | |
CVE-2003-1027 | 10.0 |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as de
|
23-07-2021 - 12:55 | 20-01-2004 - 05:00 | |
CVE-2006-1388 | 7.5 |
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
|
23-07-2021 - 12:55 | 24-03-2006 - 20:02 | |
CVE-2003-1026 | 9.3 |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is c
|
23-07-2021 - 12:55 | 20-01-2004 - 05:00 | |
CVE-2003-0114 | 5.0 |
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
|
23-07-2021 - 12:55 | 12-05-2003 - 04:00 | |
CVE-2003-0344 | 7.5 |
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
|
23-07-2021 - 12:55 | 16-06-2003 - 04:00 | |
CVE-2005-0553 | 5.1 |
Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corrupt
|
23-07-2021 - 12:55 | 02-05-2005 - 04:00 | |
CVE-2005-2829 | 5.1 |
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the dis
|
23-07-2021 - 12:55 | 14-12-2005 - 11:03 | |
CVE-2007-0217 | 10.0 |
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, wh
|
23-07-2021 - 12:55 | 13-02-2007 - 22:28 | |
CVE-2003-0823 | 7.5 |
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
|
23-07-2021 - 12:55 | 03-02-2004 - 05:00 | |
CVE-2004-0841 | 5.0 |
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerabi
|
23-07-2021 - 12:55 | 23-12-2004 - 05:00 | |
CVE-2005-0053 | 7.5 |
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
|
23-07-2021 - 12:55 | 02-05-2005 - 04:00 | |
CVE-2006-3637 | 5.1 |
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML R
|
23-07-2021 - 12:19 | 08-08-2006 - 23:04 | |
CVE-2006-2382 | 10.0 |
Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decod
|
23-07-2021 - 12:19 | 13-06-2006 - 19:06 | |
CVE-2006-4687 | 5.1 |
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulner
|
23-07-2021 - 12:19 | 14-11-2006 - 21:07 | |
CVE-2006-2385 | 7.6 |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht)
|
23-07-2021 - 12:19 | 13-06-2006 - 19:06 | |
CVE-2006-2383 | 9.3 |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control,
|
23-07-2021 - 12:19 | 13-06-2006 - 19:06 | |
CVE-2006-2384 | 4.3 |
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after
|
23-07-2021 - 12:19 | 13-06-2006 - 19:06 | |
CVE-2010-0805 | 9.3 |
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the
|
23-07-2021 - 12:19 | 31-03-2010 - 19:30 | |
CVE-2007-0944 | 9.3 |
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute
|
23-07-2021 - 12:19 | 08-05-2007 - 23:19 | |
CVE-2004-0566 | 7.5 |
Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.
|
23-07-2021 - 12:19 | 27-07-2004 - 04:00 | |
CVE-2010-0491 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object M
|
23-07-2021 - 12:19 | 31-03-2010 - 19:30 | |
CVE-2009-0550 | 9.3 |
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on
|
23-07-2021 - 12:19 | 15-04-2009 - 08:00 | |
CVE-2008-1086 | 9.3 |
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, wh
|
23-07-2021 - 12:19 | 08-04-2008 - 23:05 | |
CVE-2006-3639 | 7.5 |
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted
|
23-07-2021 - 12:18 | 09-08-2006 - 00:04 | |
CVE-2006-3643 | 6.0 |
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users t
|
23-07-2021 - 12:18 | 09-08-2006 - 00:04 | |
CVE-2006-3640 | 5.0 |
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Dis
|
23-07-2021 - 12:18 | 09-08-2006 - 00:04 | |
CVE-2005-0056 | 5.1 |
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cro
|
23-07-2021 - 12:18 | 02-05-2005 - 04:00 | |
CVE-2007-0943 | 6.8 |
Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.
|
23-07-2021 - 12:18 | 14-08-2007 - 21:17 | |
CVE-2001-0339 | 7.5 |
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability.
|
23-07-2021 - 12:18 | 27-06-2001 - 04:00 | |
CVE-2005-1988 | 5.1 |
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption
|
23-07-2021 - 12:18 | 10-08-2005 - 04:00 | |
CVE-2001-0002 | 7.5 |
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
|
23-07-2021 - 12:18 | 21-07-2001 - 04:00 | |
CVE-2005-1990 | 5.1 |
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, inc
|
23-07-2021 - 12:18 | 10-08-2005 - 04:00 | |
CVE-2004-0845 | 6.4 |
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the us
|
23-07-2021 - 12:18 | 03-11-2004 - 05:00 | |
CVE-2004-0843 | 5.0 |
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulner
|
23-07-2021 - 12:18 | 03-11-2004 - 05:00 | |
CVE-2005-0054 | 5.1 |
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to gene
|
23-07-2021 - 12:18 | 02-05-2005 - 04:00 | |
CVE-2005-1989 | 7.5 |
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability
|
23-07-2021 - 12:18 | 10-08-2005 - 04:00 | |
CVE-2008-3013 | 9.3 |
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint
|
23-07-2021 - 12:17 | 11-09-2008 - 01:11 | |
CVE-2006-1185 | 7.5 |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.
|
23-07-2021 - 12:17 | 11-04-2006 - 23:02 | |
CVE-2006-1192 | 2.6 |
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to anot
|
23-07-2021 - 12:17 | 11-04-2006 - 23:02 | |
CVE-2006-5581 | 9.3 |
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script F
|
23-07-2021 - 12:16 | 12-12-2006 - 20:28 | |
CVE-2006-5579 | 9.3 |
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerabi
|
23-07-2021 - 12:16 | 12-12-2006 - 20:28 | |
CVE-2010-3326 | 9.3 |
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Unini
|
23-07-2021 - 12:16 | 13-10-2010 - 19:00 | |
CVE-2011-1997 | 9.3 |
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability."
|
23-07-2021 - 12:16 | 12-10-2011 - 02:52 | |
CVE-2009-1141 | 9.3 |
Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell,"
|
23-07-2021 - 12:16 | 10-06-2009 - 18:30 | |
CVE-2009-0552 | 9.3 |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in me
|
23-07-2021 - 12:16 | 15-04-2009 - 08:00 | |
CVE-2003-0083 | 5.0 |
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities relate
|
15-07-2021 - 20:37 | 02-04-2003 - 05:00 | |
CVE-2003-0132 | 5.0 |
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
|
15-07-2021 - 20:14 | 11-04-2003 - 04:00 | |
CVE-2007-3898 | 6.4 |
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attac
|
07-07-2021 - 16:09 | 14-11-2007 - 01:46 | |
CVE-2011-0154 | 5.1 |
WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corrup
|
23-06-2021 - 14:31 | 03-03-2011 - 20:00 | |
CVE-2007-6420 | 4.3 |
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
|
06-06-2021 - 11:15 | 12-01-2008 - 00:46 | |
CVE-2007-6421 | 3.5 |
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the U
|
06-06-2021 - 11:15 | 08-01-2008 - 19:46 | |
CVE-2007-6422 | 4.0 |
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb
|
06-06-2021 - 11:15 | 08-01-2008 - 18:46 | |
CVE-2005-2728 | 5.0 |
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
|
06-06-2021 - 11:15 | 30-08-2005 - 11:45 | |
CVE-2010-0010 | 6.8 |
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary co
|
06-06-2021 - 11:15 | 02-02-2010 - 16:30 | |
CVE-2003-0192 | 6.4 |
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which c
|
06-06-2021 - 11:15 | 18-08-2003 - 04:00 | |
CVE-2003-0987 | 7.5 |
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
|
06-06-2021 - 11:15 | 03-03-2004 - 05:00 | |
CVE-2003-0020 | 5.0 |
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
|
06-06-2021 - 11:15 | 18-03-2003 - 05:00 | |
CVE-2003-0993 | 7.5 |
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
|
06-06-2021 - 11:15 | 29-03-2004 - 05:00 | |
CVE-2013-3893 | 9.3 |
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL t
|
17-05-2021 - 17:15 | 18-09-2013 - 10:08 | |
CVE-2011-1229 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
26-03-2021 - 18:47 | 13-04-2011 - 20:26 | |
CVE-2010-3972 | 10.0 |
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a den
|
05-02-2021 - 15:37 | 23-12-2010 - 18:00 | |
CVE-2012-2532 | 5.0 |
Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka
|
05-02-2021 - 15:37 | 14-11-2012 - 00:55 | |
CVE-2010-2730 | 9.3 |
Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." Per: http://www.mic
|
05-02-2021 - 15:37 | 15-09-2010 - 19:00 | |
CVE-2010-1899 | 4.3 |
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS
|
05-02-2021 - 15:37 | 15-09-2010 - 19:00 | |
CVE-2010-1256 | 8.5 |
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corr
|
05-02-2021 - 15:37 | 08-06-2010 - 20:30 | |
CVE-2008-0074 | 7.2 |
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
|
05-02-2021 - 15:37 | 12-02-2008 - 21:00 | |
CVE-2012-2531 | 2.1 |
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
|
05-02-2021 - 15:37 | 14-11-2012 - 00:55 | |
CVE-2007-2798 | 9.0 |
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
|
02-02-2021 - 18:32 | 26-06-2007 - 22:30 | |
CVE-2007-1216 | 9.0 |
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows r
|
02-02-2021 - 18:22 | 06-04-2007 - 01:19 | |
CVE-2004-0643 | 4.6 |
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
|
02-02-2021 - 18:08 | 28-09-2004 - 04:00 | |
CVE-2007-5730 | 7.2 |
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used
|
15-12-2020 - 23:48 | 30-10-2007 - 22:46 | |
CVE-2013-3128 | 9.3 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and
|
08-12-2020 - 15:11 | 09-10-2013 - 14:53 | |
CVE-2008-1446 | 9.0 |
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users
|
23-11-2020 - 20:09 | 15-10-2008 - 00:12 | |
CVE-2009-1122 | 7.5 |
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "I
|
23-11-2020 - 20:06 | 10-06-2009 - 18:30 | |
CVE-2009-1535 | 7.5 |
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary
|
23-11-2020 - 20:01 | 10-06-2009 - 14:30 | |
CVE-2009-3023 | 9.0 |
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption,
|
23-11-2020 - 19:51 | 31-08-2009 - 20:30 | |
CVE-2010-3332 | 6.4 |
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt
|
23-11-2020 - 19:50 | 22-09-2010 - 19:00 | |
CVE-2009-2521 | 5.0 |
Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that re
|
23-11-2020 - 19:50 | 04-09-2009 - 10:30 | |
CVE-2002-0869 | 7.5 |
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka
|
23-11-2020 - 19:49 | 12-11-2002 - 05:00 | |
CVE-2010-2731 | 6.8 |
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted
|
23-11-2020 - 19:49 | 15-09-2010 - 19:00 | |
CVE-2003-0718 | 5.0 |
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML element
|
23-11-2020 - 19:49 | 03-11-2004 - 05:00 | |
CVE-2008-0075 | 10.0 |
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
|
23-11-2020 - 19:49 | 12-02-2008 - 21:00 | |
CVE-2006-0026 | 6.5 |
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
|
23-11-2020 - 19:49 | 11-07-2006 - 22:05 | |
CVE-2013-0006 | 9.3 |
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
|
20-11-2020 - 20:15 | 09-01-2013 - 18:09 | |
CVE-2007-6427 | 9.3 |
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
|
20-11-2020 - 16:47 | 18-01-2008 - 23:00 | |
CVE-2010-3190 | 9.3 |
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3
|
16-11-2020 - 19:33 | 31-08-2010 - 20:00 | |
CVE-2003-0227 | 5.0 |
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Informatio
|
13-11-2020 - 16:30 | 09-06-2003 - 04:00 | |
CVE-2010-2008 | 3.5 |
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot
|
09-11-2020 - 14:33 | 13-07-2010 - 20:30 | |
CVE-2011-1783 | 4.3 |
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memor
|
05-10-2020 - 19:05 | 06-06-2011 - 19:55 | |
CVE-2011-1752 | 5.0 |
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as e
|
05-10-2020 - 19:04 | 06-06-2011 - 19:55 | |
CVE-2013-3167 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2012-4774 | 9.3 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
CVE-2013-3888 | 7.2 |
dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerab
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2011-3417 | 9.3 |
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access t
|
28-09-2020 - 12:58 | 30-12-2011 - 01:55 | |
CVE-2011-3416 | 8.5 |
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms A
|
28-09-2020 - 12:58 | 30-12-2011 - 01:55 | |
CVE-2012-4792 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated
|
28-09-2020 - 12:58 | 30-12-2012 - 18:55 | |
CVE-2013-3881 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2013-3128 | 9.3 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2013-3894 | 9.3 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary cod
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2013-3879 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2013-3183 | 7.8 |
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote at
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
CVE-2011-3408 | 7.2 |
Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not proper
|
28-09-2020 - 12:58 | 14-12-2011 - 00:55 | |
CVE-2013-2556 | 7.5 |
Unspecified vulnerability in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 through SP1 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN
|
28-09-2020 - 12:58 | 11-03-2013 - 10:55 | |
CVE-2013-3195 | 10.0 |
The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2013-3175 | 10.0 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchron
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
CVE-2010-3974 | 7.6 |
fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, whic
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2013-3200 | 7.2 |
The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate a
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2013-3172 | 4.9 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system ha
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2013-3186 | 7.6 |
The Protected Mode feature in Microsoft Internet Explorer 7 through 10 on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly implement the Integrity Access Level (aka
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
CVE-2013-3174 | 9.3 |
DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2011-3402 | 9.3 |
Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP
|
28-09-2020 - 12:58 | 04-11-2011 - 21:55 | |
CVE-2013-3185 | 5.0 |
Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and p
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
CVE-2013-3173 | 7.2 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local u
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2013-3129 | 9.3 |
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Serv
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2012-4787 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
CVE-2011-3415 | 6.8 |
Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a
|
28-09-2020 - 12:58 | 30-12-2011 - 01:55 | |
CVE-2011-3406 | 9.0 |
Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, a
|
28-09-2020 - 12:58 | 14-12-2011 - 00:55 | |
CVE-2010-3958 | 9.3 |
The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted A
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2013-3138 | 7.1 |
Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via
|
28-09-2020 - 12:58 | 12-06-2013 - 03:30 | |
CVE-2012-4775 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-4776 | 9.3 |
The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitra
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2011-3414 | 7.8 |
The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the abili
|
28-09-2020 - 12:58 | 30-12-2011 - 01:55 | |
CVE-2013-3887 | 4.9 |
The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local user
|
28-09-2020 - 12:58 | 13-11-2013 - 00:55 | |
CVE-2012-4782 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
CVE-2012-4777 | 9.3 |
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2011-1993 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2012-2529 | 7.2 |
Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that l
|
28-09-2020 - 12:58 | 09-10-2012 - 21:55 | |
CVE-2012-1895 | 9.3 |
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XB
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-1873 | 4.3 |
Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerab
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2013-1339 | 9.0 |
The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authentica
|
28-09-2020 - 12:58 | 12-06-2013 - 03:29 | |
CVE-2013-1294 | 4.9 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
CVE-2013-1268 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1252 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-2014 | 9.0 |
The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, W
|
28-09-2020 - 12:58 | 08-11-2011 - 21:55 | |
CVE-2011-1883 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2013-1259 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-2897 | 10.0 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before
|
28-09-2020 - 12:58 | 26-09-2012 - 10:56 | |
CVE-2012-1881 | 9.3 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-1878 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-1865 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2013-1270 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1250 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-2016 | 9.3 |
Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the curr
|
28-09-2020 - 12:58 | 08-11-2011 - 21:55 | |
CVE-2011-1996 | 9.3 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1970 | 5.0 |
The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1885 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-2003 | 9.3 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2013-1283 | 6.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
CVE-2013-1265 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-1991 | 9.3 |
Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan hors
|
28-09-2020 - 12:58 | 15-09-2011 - 12:26 | |
CVE-2013-1263 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-1257 | 7.6 |
Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1242 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1236 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1880 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1995 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerabili
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2013-1286 | 7.2 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-1269 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-1232 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2012-1524 | 9.3 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2011-1238 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1239 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2012-1889 | 9.3 |
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
|
28-09-2020 - 12:58 | 13-06-2012 - 04:46 | |
CVE-2012-1864 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2011-2002 | 4.7 |
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1978 | 4.3 |
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser a
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2013-1300 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2013-1279 | 7.2 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1249 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-1523 | 9.3 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2011-1282 | 7.2 |
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not proper
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1264 | 4.3 |
Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unsp
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1256 | 9.3 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory C
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1246 | 4.3 |
Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1230 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2012-2530 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain priv
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2011-2000 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1960 | 4.3 |
Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclo
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-2001 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1985 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2013-1332 | 7.2 |
dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in m
|
28-09-2020 - 12:58 | 15-05-2013 - 03:36 | |
CVE-2013-1272 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-2551 | 5.0 |
The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereferenc
|
28-09-2020 - 12:58 | 09-10-2012 - 21:55 | |
CVE-2012-1891 | 9.3 |
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2012-1880 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-1874 | 9.3 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-1866 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-1855 | 9.3 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework applica
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2011-1977 | 4.3 |
The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HT
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1871 | 7.8 |
Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2012-1538 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-2531 | 2.1 |
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-1875 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2011-1875 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1881 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2013-1271 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1253 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-1890 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows lo
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2012-1877 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-1851 | 10.0 |
Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary
|
28-09-2020 - 12:58 | 15-08-2012 - 01:55 | |
CVE-2012-1848 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode
|
28-09-2020 - 12:58 | 09-05-2012 - 00:55 | |
CVE-2013-1340 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2011-1964 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corru
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1882 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2013-1345 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2013-1275 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-1522 | 9.3 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2012-1893 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2011-1247 | 9.3 |
Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1233 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1884 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1965 | 7.1 |
Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server,
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2013-1276 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1254 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-1258 | 4.3 |
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "D
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1251 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1237 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1225 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2012-2527 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain priv
|
28-09-2020 - 12:58 | 15-08-2012 - 01:55 | |
CVE-2011-2019 | 9.3 |
Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a d
|
28-09-2020 - 12:58 | 14-12-2011 - 00:55 | |
CVE-2011-1992 | 4.3 |
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."
|
28-09-2020 - 12:58 | 14-12-2011 - 00:55 | |
CVE-2013-1334 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 15-05-2013 - 03:36 | |
CVE-2013-1287 | 7.2 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2011-1984 | 7.2 |
WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
|
28-09-2020 - 12:58 | 15-09-2011 - 12:26 | |
CVE-2011-1963 | 9.3 |
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vu
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1874 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2013-1277 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1266 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-1271 | 5.1 |
The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access rest
|
28-09-2020 - 12:58 | 10-05-2011 - 19:55 | |
CVE-2011-1261 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory C
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1254 | 9.3 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corr
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1244 | 5.8 |
Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2011-1231 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1228 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2012-1879 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerabil
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-1876 | 9.3 |
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflo
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-1870 | 4.3 |
The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaint
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2012-1867 | 7.2 |
Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2011-1872 | 4.7 |
Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2013-1293 | 6.9 |
The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a craft
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
CVE-2013-1267 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-1528 | 9.3 |
Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileg
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-2556 | 9.3 |
The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
CVE-2012-1896 | 5.0 |
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafte
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-1882 | 4.3 |
Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerabi
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2011-1975 | 9.3 |
Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1961 | 9.3 |
The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerab
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1876 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1966 | 10.0 |
The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerabil
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1887 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2013-1281 | 7.1 |
The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1257 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1280 | 7.2 |
The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, wh
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1262 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1251 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-1284 | 7.2 |
Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1268 | 10.0 |
The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SM
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1263 | 4.3 |
Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1250 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1234 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1873 | 9.3 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers d
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2013-1274 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1264 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-1226 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1999 | 9.3 |
Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1967 | 7.2 |
Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not proper
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2013-1258 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-1539 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2011-1266 | 9.3 |
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1248 | 9.3 |
WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted
|
28-09-2020 - 12:58 | 13-05-2011 - 17:05 | |
CVE-2011-1240 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2012-2519 | 7.9 |
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-1858 | 4.3 |
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduc
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-1850 | 5.0 |
The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not pro
|
28-09-2020 - 12:58 | 15-08-2012 - 01:55 | |
CVE-2011-2013 | 10.0 |
Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a clos
|
28-09-2020 - 12:58 | 08-11-2011 - 21:55 | |
CVE-2011-1888 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2013-1285 | 7.2 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-1256 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-2549 | 5.8 |
The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerab
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
CVE-2011-1877 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application th
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2013-1248 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-2004 | 7.1 |
Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Pa
|
28-09-2020 - 12:58 | 08-11-2011 - 21:55 | |
CVE-2011-1878 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-2011 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain priv
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1998 | 9.3 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2013-1347 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
|
28-09-2020 - 12:58 | 05-05-2013 - 11:07 | |
CVE-2013-1273 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1255 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-1262 | 9.3 |
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corr
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1255 | 9.3 |
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1)
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1879 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2013-1292 | 6.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafte
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
CVE-2013-1261 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-1527 | 9.3 |
Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privile
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2011-1267 | 7.8 |
The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1249 | 7.2 |
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode inp
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1227 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1971 | 4.7 |
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kern
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1962 | 4.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Sh
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2013-1288 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-1278 | 7.2 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1260 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-1281 | 7.2 |
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not proper
|
28-09-2020 - 12:58 | 13-07-2011 - 22:55 | |
CVE-2011-1252 | 4.3 |
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1241 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2012-0148 | 7.2 |
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passe
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2013-1345 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2011-1260 | 9.3 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vuln
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1253 | 9.3 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1235 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0676 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0661 | 10.0 |
The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2013-0075 | 7.8 |
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted pack
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0020 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-0671 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2013-0093 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerabili
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2011-0663 | 9.3 |
Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2011-0670 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2013-3881 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2013-3172 | 4.9 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system ha
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2013-1332 | 7.2 |
dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in m
|
28-09-2020 - 12:58 | 15-05-2013 - 03:36 | |
CVE-2013-1283 | 6.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
CVE-2013-1273 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1263 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1254 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1248 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0087 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-0013 | 5.8 |
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle atta
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2013-0023 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0020 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-0004 | 9.3 |
Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code
|
28-09-2020 - 12:58 | 10-01-2012 - 21:55 | |
CVE-2011-0346 | 9.3 |
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM i
|
28-09-2020 - 12:58 | 07-01-2011 - 23:00 | |
CVE-2013-0022 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-0666 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2013-0075 | 7.8 |
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted pack
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0090 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2011-0672 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0657 | 7.5 |
DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2011-0660 | 9.3 |
The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SM
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2012-0152 | 4.3 |
The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial o
|
28-09-2020 - 12:58 | 13-03-2012 - 21:55 | |
CVE-2011-0675 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2012-0154 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain priv
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2013-0094 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerabilit
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-0087 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2012-0014 | 9.3 |
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2013-3200 | 7.2 |
The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate a
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2013-1334 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 15-05-2013 - 03:36 | |
CVE-2013-1277 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1249 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0030 | 9.3 |
The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0007 | 9.3 |
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-2556 | 9.3 |
The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
CVE-2012-1891 | 9.3 |
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2012-1851 | 10.0 |
Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary
|
28-09-2020 - 12:58 | 15-08-2012 - 01:55 | |
CVE-2012-0155 | 9.3 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2012-0004 | 9.3 |
Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code
|
28-09-2020 - 12:58 | 10-01-2012 - 21:55 | |
CVE-2011-3414 | 7.8 |
The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the abili
|
28-09-2020 - 12:58 | 30-12-2011 - 01:55 | |
CVE-2011-2003 | 9.3 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1967 | 7.2 |
Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not proper
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1885 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1874 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1267 | 7.8 |
The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1236 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1227 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0671 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0662 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2011-0034 | 9.3 |
Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2013-3174 | 9.3 |
DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2013-1251 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0094 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerabilit
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-0026 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0002 | 9.3 |
Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) o
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-2519 | 7.9 |
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-1866 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-0180 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode
|
28-09-2020 - 12:58 | 09-05-2012 - 00:55 | |
CVE-2012-0013 | 9.3 |
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to e
|
28-09-2020 - 12:58 | 10-01-2012 - 21:55 | |
CVE-2011-3408 | 7.2 |
Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not proper
|
28-09-2020 - 12:58 | 14-12-2011 - 00:55 | |
CVE-2011-2002 | 4.7 |
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1881 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2013-0029 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0019 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerabi
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-3167 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2013-1286 | 7.2 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-1267 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0090 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-0024 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0005 | 7.8 |
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-4777 | 9.3 |
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-2527 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain priv
|
28-09-2020 - 12:58 | 15-08-2012 - 01:55 | |
CVE-2012-1855 | 9.3 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework applica
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-0175 | 9.3 |
The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2)
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2012-0148 | 7.2 |
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passe
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2011-1966 | 10.0 |
The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerabil
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2012-0178 | 7.2 |
Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simulta
|
28-09-2020 - 12:58 | 09-05-2012 - 00:55 | |
CVE-2012-0157 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local u
|
28-09-2020 - 12:58 | 13-03-2012 - 21:55 | |
CVE-2013-0073 | 10.0 |
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code vi
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0005 | 7.8 |
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2013-3186 | 7.6 |
The Protected Mode feature in Microsoft Internet Explorer 7 through 10 on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly implement the Integrity Access Level (aka
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
CVE-2013-3138 | 7.1 |
Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via
|
28-09-2020 - 12:58 | 12-06-2013 - 03:30 | |
CVE-2013-1294 | 4.9 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
CVE-2013-1281 | 7.1 |
The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1272 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1258 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2011-0662 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2012-0150 | 9.3 |
Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerabilit
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2013-0092 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerabili
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2012-2897 | 10.0 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before
|
28-09-2020 - 12:58 | 26-09-2012 - 10:56 | |
CVE-2012-1895 | 9.3 |
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XB
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-1528 | 9.3 |
Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileg
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-0152 | 4.3 |
The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial o
|
28-09-2020 - 12:58 | 13-03-2012 - 21:55 | |
CVE-2012-0001 | 9.3 |
The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attack
|
28-09-2020 - 12:58 | 10-01-2012 - 21:55 | |
CVE-2011-2016 | 9.3 |
Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the curr
|
28-09-2020 - 12:58 | 08-11-2011 - 21:55 | |
CVE-2011-1965 | 7.1 |
Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server,
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1882 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1871 | 7.8 |
Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1284 | 7.2 |
Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1263 | 4.3 |
Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1233 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1225 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0667 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2011-0660 | 9.3 |
The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SM
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2013-0076 | 7.2 |
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference C
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0001 | 4.3 |
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML bro
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-0217 | 7.2 |
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-R
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-0173 | 9.3 |
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which a
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2011-0032 | 9.3 |
Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan
|
28-09-2020 - 12:58 | 09-03-2011 - 23:00 | |
CVE-2011-0667 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2013-1260 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-0217 | 7.2 |
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-R
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-0014 | 9.3 |
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2011-3417 | 9.3 |
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access t
|
28-09-2020 - 12:58 | 30-12-2011 - 01:55 | |
CVE-2012-0175 | 9.3 |
The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2)
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2012-0156 | 4.3 |
DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) insta
|
28-09-2020 - 12:58 | 13-03-2012 - 21:55 | |
CVE-2011-0034 | 9.3 |
Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2013-0088 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerabilit
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2012-0012 | 4.3 |
Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2012-0006 | 5.0 |
The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query,
|
28-09-2020 - 12:58 | 13-03-2012 - 21:55 | |
CVE-2013-0002 | 9.3 |
Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) o
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-0015 | 9.3 |
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET applicati
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2013-0008 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows loc
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-0002 | 9.3 |
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which a
|
28-09-2020 - 12:58 | 13-03-2012 - 21:55 | |
CVE-2013-0013 | 5.8 |
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle atta
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-0011 | 9.3 |
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2013-3894 | 9.3 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary cod
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2013-3183 | 7.8 |
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote at
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
CVE-2013-1340 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2013-1285 | 7.2 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-1276 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1268 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1259 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0029 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0008 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows loc
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-4792 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated
|
28-09-2020 - 12:58 | 30-12-2012 - 18:55 | |
CVE-2012-2551 | 5.0 |
The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereferenc
|
28-09-2020 - 12:58 | 09-10-2012 - 21:55 | |
CVE-2012-1893 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2012-1848 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode
|
28-09-2020 - 12:58 | 09-05-2012 - 00:55 | |
CVE-2012-0154 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain priv
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2012-0006 | 5.0 |
The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query,
|
28-09-2020 - 12:58 | 13-03-2012 - 21:55 | |
CVE-2011-3415 | 6.8 |
Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a
|
28-09-2020 - 12:58 | 30-12-2011 - 01:55 | |
CVE-2011-1991 | 9.3 |
Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan hors
|
28-09-2020 - 12:58 | 15-09-2011 - 12:26 | |
CVE-2011-1978 | 4.3 |
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser a
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1888 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1875 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1239 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0676 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0664 | 9.3 |
Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code vi
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2013-3888 | 7.2 |
dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerab
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2013-3173 | 7.2 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local u
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2013-1347 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
|
28-09-2020 - 12:58 | 05-05-2013 - 11:07 | |
CVE-2013-1287 | 7.2 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-1274 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1265 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1256 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1250 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0093 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerabili
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-0073 | 10.0 |
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code vi
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0022 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0003 | 9.3 |
Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP)
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-4782 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
CVE-2012-2549 | 5.8 |
The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerab
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
CVE-2012-1890 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows lo
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2012-1850 | 5.0 |
The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not pro
|
28-09-2020 - 12:58 | 15-08-2012 - 01:55 | |
CVE-2012-0178 | 7.2 |
Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simulta
|
28-09-2020 - 12:58 | 09-05-2012 - 00:55 | |
CVE-2011-2013 | 10.0 |
Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a clos
|
28-09-2020 - 12:58 | 08-11-2011 - 21:55 | |
CVE-2011-1977 | 4.3 |
The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HT
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1883 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1876 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1240 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1231 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0674 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0663 | 9.3 |
Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2010-3974 | 7.6 |
fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, whic
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2011-0677 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0665 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2013-0091 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-3175 | 10.0 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchron
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
CVE-2013-1339 | 9.0 |
The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authentica
|
28-09-2020 - 12:58 | 12-06-2013 - 03:29 | |
CVE-2013-1288 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-1264 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1253 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0088 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerabilit
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-0023 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0004 | 9.3 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (X
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-4787 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
CVE-2012-2530 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain priv
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-1889 | 9.3 |
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
|
28-09-2020 - 12:58 | 13-06-2012 - 04:46 | |
CVE-2012-1870 | 4.3 |
The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaint
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2012-1538 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-0151 | 9.3 |
The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly valida
|
28-09-2020 - 12:58 | 10-04-2012 - 21:55 | |
CVE-2012-0003 | 9.3 |
Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MI
|
28-09-2020 - 12:58 | 10-01-2012 - 21:55 | |
CVE-2011-3406 | 9.0 |
Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, a
|
28-09-2020 - 12:58 | 14-12-2011 - 00:55 | |
CVE-2011-1975 | 9.3 |
Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1887 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1880 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1282 | 7.2 |
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not proper
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1264 | 4.3 |
Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unsp
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1235 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0658 | 9.3 |
Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2013-0007 | 9.3 |
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-0003 | 9.3 |
Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MI
|
28-09-2020 - 12:58 | 10-01-2012 - 21:55 | |
CVE-2013-0004 | 9.3 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (X
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-0001 | 9.3 |
The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attack
|
28-09-2020 - 12:58 | 10-01-2012 - 21:55 | |
CVE-2013-3879 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2013-3129 | 9.3 |
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Serv
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2013-1300 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2013-1279 | 7.2 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1270 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1261 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0076 | 7.2 |
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference C
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-4774 | 9.3 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
CVE-2012-1896 | 5.0 |
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafte
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-1864 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-1522 | 9.3 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2012-0173 | 9.3 |
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which a
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-0015 | 9.3 |
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET applicati
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2011-2014 | 9.0 |
The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, W
|
28-09-2020 - 12:58 | 08-11-2011 - 21:55 | |
CVE-2011-1970 | 5.0 |
The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1872 | 4.7 |
Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2012-0180 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode
|
28-09-2020 - 12:58 | 09-05-2012 - 00:55 | |
CVE-2013-0026 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0011 | 10.0 |
The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Compone
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-0013 | 9.3 |
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to e
|
28-09-2020 - 12:58 | 10-01-2012 - 21:55 | |
CVE-2013-3887 | 4.9 |
The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local user
|
28-09-2020 - 12:58 | 13-11-2013 - 00:55 | |
CVE-2013-1275 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1266 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1257 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0092 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerabili
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-0006 | 9.3 |
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-4776 | 9.3 |
The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitra
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-2529 | 7.2 |
Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that l
|
28-09-2020 - 12:58 | 09-10-2012 - 21:55 | |
CVE-2012-1867 | 7.2 |
Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-1539 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-0157 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local u
|
28-09-2020 - 12:58 | 13-03-2012 - 21:55 | |
CVE-2011-3416 | 8.5 |
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms A
|
28-09-2020 - 12:58 | 30-12-2011 - 01:55 | |
CVE-2011-1877 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application th
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1281 | 7.2 |
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not proper
|
28-09-2020 - 12:58 | 13-07-2011 - 22:55 | |
CVE-2011-1249 | 7.2 |
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode inp
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1241 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1228 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2013-0089 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free V
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-0003 | 9.3 |
Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP)
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2013-3185 | 5.0 |
Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and p
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
CVE-2013-1292 | 6.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafte
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
CVE-2013-1278 | 7.2 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1269 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-0156 | 4.3 |
DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) insta
|
28-09-2020 - 12:58 | 13-03-2012 - 21:55 | |
CVE-2012-0002 | 9.3 |
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which a
|
28-09-2020 - 12:58 | 13-03-2012 - 21:55 | |
CVE-2011-2004 | 7.1 |
Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Pa
|
28-09-2020 - 12:58 | 08-11-2011 - 21:55 | |
CVE-2011-1984 | 7.2 |
WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
|
28-09-2020 - 12:58 | 15-09-2011 - 12:26 | |
CVE-2011-1884 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1878 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1248 | 9.3 |
WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted
|
28-09-2020 - 12:58 | 13-05-2011 - 17:05 | |
CVE-2011-1237 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1226 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0670 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2011-0661 | 10.0 |
The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2011-0674 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2013-0030 | 9.3 |
The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2012-0151 | 9.3 |
The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly valida
|
28-09-2020 - 12:58 | 10-04-2012 - 21:55 | |
CVE-2013-0024 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-3195 | 10.0 |
The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2013-2556 | 7.5 |
Unspecified vulnerability in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 through SP1 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN
|
28-09-2020 - 12:58 | 11-03-2013 - 10:55 | |
CVE-2013-1280 | 7.2 |
The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, wh
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1262 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1255 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0089 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free V
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-0011 | 10.0 |
The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Compone
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-4775 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-1865 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-1524 | 9.3 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
CVE-2011-3402 | 9.3 |
Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP
|
28-09-2020 - 12:58 | 04-11-2011 - 21:55 | |
CVE-2011-1985 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1873 | 9.3 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers d
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1271 | 5.1 |
The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access rest
|
28-09-2020 - 12:58 | 10-05-2011 - 19:55 | |
CVE-2011-1253 | 9.3 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1247 | 9.3 |
Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1238 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1232 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0677 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0672 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0665 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2011-0658 | 9.3 |
Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2010-3958 | 9.3 |
The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted A
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2013-1293 | 6.9 |
The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a craft
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
CVE-2013-1271 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-1252 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0091 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
CVE-2013-0019 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerabi
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
CVE-2013-0001 | 4.3 |
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML bro
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-1527 | 9.3 |
Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privile
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
CVE-2012-0150 | 9.3 |
Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerabilit
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2011-2011 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain priv
|
28-09-2020 - 12:58 | 12-10-2011 - 02:52 | |
CVE-2011-1971 | 4.7 |
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kern
|
28-09-2020 - 12:58 | 10-08-2011 - 21:55 | |
CVE-2011-1879 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-07-2011 - 23:55 | |
CVE-2011-1268 | 10.0 |
The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SM
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-1242 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1234 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-1230 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0675 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 20:26 | |
CVE-2011-0666 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2011-0664 | 9.3 |
Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code vi
|
28-09-2020 - 12:58 | 16-06-2011 - 20:55 | |
CVE-2011-0657 | 7.5 |
DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote
|
28-09-2020 - 12:58 | 13-04-2011 - 18:55 | |
CVE-2011-0032 | 9.3 |
Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan
|
28-09-2020 - 12:58 | 09-03-2011 - 23:00 | |
CVE-2009-1072 | 4.9 |
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash o
|
02-09-2020 - 16:01 | 25-03-2009 - 01:30 | |
CVE-2012-3961 | 10.0 |
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arb
|
28-08-2020 - 14:23 | 29-08-2012 - 10:56 | |
CVE-2012-3968 | 10.0 |
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitra
|
28-08-2020 - 14:23 | 29-08-2012 - 10:56 | |
CVE-2012-3956 | 10.0 |
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote atta
|
28-08-2020 - 14:09 | 29-08-2012 - 10:56 | |
CVE-2012-1975 | 10.0 |
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
|
28-08-2020 - 13:44 | 29-08-2012 - 10:56 | |
CVE-2012-1972 | 10.0 |
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
|
28-08-2020 - 13:33 | 29-08-2012 - 10:56 | |
CVE-2011-3659 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect Attribu
|
28-08-2020 - 13:10 | 01-02-2012 - 16:55 | |
CVE-2009-2848 | 5.9 |
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone
|
28-08-2020 - 13:10 | 18-08-2009 - 21:00 | |
CVE-2012-3963 | 10.0 |
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to
|
26-08-2020 - 20:38 | 29-08-2012 - 10:56 | |
CVE-2012-3960 | 10.0 |
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote at
|
26-08-2020 - 20:37 | 29-08-2012 - 10:56 | |
CVE-2012-3959 | 10.0 |
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attacke
|
26-08-2020 - 20:36 | 29-08-2012 - 10:56 | |
CVE-2012-1976 | 10.0 |
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote a
|
26-08-2020 - 20:36 | 29-08-2012 - 10:56 | |
CVE-2012-1974 | 10.0 |
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers
|
26-08-2020 - 20:36 | 29-08-2012 - 10:56 | |
CVE-2012-1973 | 10.0 |
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attac
|
26-08-2020 - 20:35 | 29-08-2012 - 10:56 | |
CVE-2012-5354 | 6.8 |
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks vi
|
26-08-2020 - 19:40 | 10-10-2012 - 17:55 | |
CVE-2009-0834 | 3.6 |
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass
|
26-08-2020 - 12:57 | 06-03-2009 - 11:30 | |
CVE-2009-1630 | 4.4 |
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass pe
|
21-08-2020 - 18:45 | 14-05-2009 - 17:30 | |
CVE-2012-4218 | 10.0 |
Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service
|
21-08-2020 - 18:44 | 21-11-2012 - 12:55 | |
CVE-2012-4212 | 10.0 |
Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupt
|
21-08-2020 - 18:44 | 21-11-2012 - 12:55 | |
CVE-2010-1773 | 6.8 |
Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory
|
14-08-2020 - 16:23 | 24-09-2010 - 19:00 | |
CVE-2010-1205 | 7.5 |
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
|
14-08-2020 - 15:50 | 30-06-2010 - 18:30 | |
CVE-2012-4216 | 9.3 |
Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to exe
|
13-08-2020 - 19:42 | 21-11-2012 - 12:55 | |
CVE-2012-4214 | 9.3 |
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attac
|
13-08-2020 - 19:38 | 21-11-2012 - 12:55 | |
CVE-2012-4182 | 9.3 |
Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to
|
13-08-2020 - 19:32 | 10-10-2012 - 17:55 | |
CVE-2012-3990 | 9.3 |
Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to exe
|
13-08-2020 - 19:27 | 10-10-2012 - 17:55 | |
CVE-2012-4179 | 9.3 |
Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote att
|
13-08-2020 - 18:21 | 10-10-2012 - 17:55 | |
CVE-2012-4217 | 9.3 |
Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap
|
13-08-2020 - 13:30 | 21-11-2012 - 12:55 | |
CVE-2012-4213 | 9.3 |
Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory cor
|
12-08-2020 - 20:01 | 21-11-2012 - 12:55 | |
CVE-2012-3988 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code v
|
12-08-2020 - 18:11 | 10-10-2012 - 17:55 | |
CVE-2010-2646 | 9.3 |
Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors.
|
11-08-2020 - 13:49 | 06-07-2010 - 17:17 | |
CVE-2012-4183 | 9.3 |
Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attacke
|
11-08-2020 - 13:47 | 10-10-2012 - 17:55 | |
CVE-2013-0756 | 9.3 |
Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbi
|
10-08-2020 - 21:08 | 13-01-2013 - 20:55 | |
CVE-2013-0755 | 9.3 |
Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remot
|
10-08-2020 - 21:05 | 13-01-2013 - 20:55 | |
CVE-2010-2645 | 6.8 |
Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors.
|
10-08-2020 - 17:31 | 06-07-2010 - 17:17 | |
CVE-2010-2647 | 9.3 |
Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.
|
10-08-2020 - 17:29 | 06-07-2010 - 17:17 | |
CVE-2013-0766 | 9.3 |
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and Sea
|
07-08-2020 - 18:34 | 13-01-2013 - 20:55 | |
CVE-2013-0761 | 9.3 |
Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows rem
|
07-08-2020 - 17:52 | 13-01-2013 - 20:55 | |
CVE-2010-2652 | 5.0 |
Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
|
07-08-2020 - 15:46 | 06-07-2010 - 17:17 | |
CVE-2012-4181 | 9.3 |
Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote atta
|
07-08-2020 - 15:42 | 10-10-2012 - 17:55 | |
CVE-2010-2648 | 9.3 |
The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown ve
|
07-08-2020 - 15:42 | 06-07-2010 - 17:17 | |
CVE-2010-2649 | 4.3 |
Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image.
|
07-08-2020 - 15:42 | 06-07-2010 - 17:17 | |
CVE-2010-2651 | 9.3 |
The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via
|
07-08-2020 - 15:40 | 06-07-2010 - 17:17 | |
CVE-2010-2650 | 9.3 |
Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs."
|
07-08-2020 - 15:39 | 06-07-2010 - 17:17 | |
CVE-2010-1770 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, wh
|
07-08-2020 - 15:25 | 11-06-2010 - 19:30 | |
CVE-2010-2108 | 7.5 |
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors.
|
06-08-2020 - 21:01 | 28-05-2010 - 18:30 | |
CVE-2010-2106 | 4.3 |
Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers.
|
06-08-2020 - 20:57 | 28-05-2010 - 18:30 | |
CVE-2010-2107 | 10.0 |
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality.
|
06-08-2020 - 20:57 | 28-05-2010 - 18:30 | |
CVE-2012-4215 | 9.3 |
Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote
|
06-08-2020 - 19:21 | 21-11-2012 - 12:55 | |
CVE-2010-2900 | 10.0 |
Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.
|
06-08-2020 - 18:57 | 28-07-2010 - 20:00 | |
CVE-2012-5840 | 9.3 |
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attac
|
06-08-2020 - 17:38 | 21-11-2012 - 12:55 | |
CVE-2013-0781 | 9.3 |
Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory c
|
06-08-2020 - 17:11 | 19-02-2013 - 23:55 | |
CVE-2013-0780 | 9.3 |
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote
|
06-08-2020 - 17:10 | 19-02-2013 - 23:55 | |
CVE-2013-0777 | 9.3 |
Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memo
|
06-08-2020 - 16:48 | 19-02-2013 - 23:55 | |
CVE-2013-0775 | 9.3 |
Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote
|
06-08-2020 - 16:41 | 19-02-2013 - 23:55 | |
CVE-2010-2301 | 4.3 |
Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA ele
|
06-08-2020 - 14:26 | 15-06-2010 - 18:00 | |
CVE-2010-2902 | 10.0 |
The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
05-08-2020 - 18:23 | 28-07-2010 - 20:00 | |
CVE-2010-2899 | 5.0 |
Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors.
|
05-08-2020 - 18:21 | 28-07-2010 - 20:00 | |
CVE-2010-2295 | 4.3 |
page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted H
|
05-08-2020 - 18:18 | 15-06-2010 - 18:00 | |
CVE-2010-2297 | 9.3 |
rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute
|
05-08-2020 - 18:15 | 15-06-2010 - 18:00 | |
CVE-2010-2302 | 10.0 |
Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with sh
|
05-08-2020 - 18:12 | 15-06-2010 - 18:00 | |
CVE-2010-2296 | 9.3 |
The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors.
|
05-08-2020 - 15:34 | 15-06-2010 - 18:00 | |
CVE-2010-2300 | 10.0 |
Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) vi
|
05-08-2020 - 15:31 | 15-06-2010 - 18:00 | |
CVE-2010-2299 | 10.0 |
The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute a
|
05-08-2020 - 15:30 | 15-06-2010 - 18:00 | |
CVE-2010-3116 | 10.0 |
Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of servic
|
04-08-2020 - 19:31 | 24-08-2010 - 20:00 | |
CVE-2010-2901 | 10.0 |
The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
04-08-2020 - 19:21 | 28-07-2010 - 20:00 | |
CVE-2013-0744 | 9.3 |
Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 a
|
04-08-2020 - 17:35 | 13-01-2013 - 20:55 | |
CVE-2010-3118 | 5.0 |
The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feat
|
04-08-2020 - 16:44 | 24-08-2010 - 20:00 | |
CVE-2010-3115 | 5.0 |
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.
|
04-08-2020 - 16:37 | 24-08-2010 - 20:00 | |
CVE-2010-3114 | 10.0 |
The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors related to (1) DeleteSelectionCommand.cpp, (2) Inser
|
04-08-2020 - 16:36 | 24-08-2010 - 20:00 | |
CVE-2010-3113 | 10.0 |
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related
|
04-08-2020 - 16:30 | 24-08-2010 - 20:00 | |
CVE-2013-0753 | 9.3 |
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12
|
04-08-2020 - 16:21 | 13-01-2013 - 20:55 | |
CVE-2013-0754 | 9.3 |
Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaM
|
04-08-2020 - 15:35 | 13-01-2013 - 20:55 | |
CVE-2013-0762 | 9.3 |
Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and Se
|
04-08-2020 - 15:31 | 13-01-2013 - 20:55 | |
CVE-2013-0763 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial
|
04-08-2020 - 15:29 | 13-01-2013 - 20:55 | |
CVE-2010-3119 | 10.0 |
Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
04-08-2020 - 14:05 | 24-08-2010 - 20:00 | |
CVE-2010-3112 | 10.0 |
Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
03-08-2020 - 21:17 | 24-08-2010 - 20:00 | |
CVE-2010-3120 | 10.0 |
Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
03-08-2020 - 20:49 | 24-08-2010 - 20:00 | |
CVE-2010-3117 | 10.0 |
Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors.
|
03-08-2020 - 16:04 | 24-08-2010 - 20:00 | |
CVE-2010-4042 | 7.5 |
Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."
|
31-07-2020 - 19:37 | 21-10-2010 - 19:00 | |
CVE-2010-1825 | 9.3 |
Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.
|
31-07-2020 - 19:23 | 24-09-2010 - 19:00 | |
CVE-2010-1824 | 9.3 |
Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG style
|
31-07-2020 - 19:21 | 24-09-2010 - 19:00 | |
CVE-2010-1823 | 9.3 |
Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as doc
|
31-07-2020 - 19:20 | 24-09-2010 - 19:00 | |
CVE-2010-4494 | 7.5 |
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath
|
31-07-2020 - 18:38 | 07-12-2010 - 21:00 | |
CVE-2010-4204 | 7.5 |
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified othe
|
31-07-2020 - 18:25 | 06-11-2010 - 00:00 | |
CVE-2010-4203 | 10.0 |
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
|
31-07-2020 - 18:24 | 06-11-2010 - 00:00 | |
CVE-2010-4201 | 7.5 |
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.
|
31-07-2020 - 18:21 | 06-11-2010 - 00:00 | |
CVE-2010-4199 | 6.8 |
Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SV
|
31-07-2020 - 17:54 | 06-11-2010 - 00:00 | |
CVE-2010-4197 | 7.5 |
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text
|
31-07-2020 - 17:53 | 06-11-2010 - 00:00 | |
CVE-2010-4198 | 6.8 |
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified oth
|
31-07-2020 - 17:53 | 06-11-2010 - 00:00 | |
CVE-2010-4205 | 7.5 |
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
31-07-2020 - 15:26 | 06-11-2010 - 00:00 | |
CVE-2010-4206 | 6.8 |
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service
|
31-07-2020 - 15:06 | 06-11-2010 - 00:00 | |
CVE-2010-4493 | 4.3 |
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.
|
28-07-2020 - 19:15 | 07-12-2010 - 21:00 | |
CVE-2010-4492 | 7.5 |
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.
|
28-07-2020 - 19:05 | 07-12-2010 - 21:00 | |
CVE-2009-3655 | 5.0 |
Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.
|
28-07-2020 - 14:46 | 09-10-2009 - 14:30 | |
CVE-2011-0475 | 9.3 |
Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.
|
24-07-2020 - 21:09 | 14-01-2011 - 17:00 | |
CVE-2005-3388 | 4.3 |
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
|
23-06-2020 - 03:15 | 01-11-2005 - 12:47 | |
CVE-2011-0783 | 4.3 |
Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."
|
04-06-2020 - 21:00 | 04-02-2011 - 18:00 | |
CVE-2011-0777 | 7.5 |
Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.
|
04-06-2020 - 20:41 | 04-02-2011 - 18:00 | |
CVE-2010-4008 | 4.3 |
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to ca
|
04-06-2020 - 20:31 | 17-11-2010 - 01:00 | |
CVE-2011-0982 | 10.0 |
Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces.
|
04-06-2020 - 19:33 | 10-02-2011 - 19:00 | |
CVE-2011-1124 | 7.5 |
Use-after-free vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to blocked plug-ins.
|
04-06-2020 - 19:17 | 01-03-2011 - 23:00 | |
CVE-2011-1107 | 4.3 |
Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors.
|
03-06-2020 - 19:57 | 01-03-2011 - 23:00 | |
CVE-2011-1195 | 7.5 |
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."
|
03-06-2020 - 18:42 | 11-03-2011 - 02:01 | |
CVE-2011-1191 | 7.5 |
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs.
|
03-06-2020 - 18:41 | 11-03-2011 - 02:01 | |
CVE-2011-1059 | 4.3 |
Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other
|
03-06-2020 - 14:54 | 22-02-2011 - 19:00 | |
CVE-2011-1293 | 7.5 |
Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
29-05-2020 - 21:03 | 25-03-2011 - 19:55 | |
CVE-2011-1301 | 9.3 |
Use-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.
|
29-05-2020 - 21:01 | 15-04-2011 - 19:55 | |
CVE-2011-1292 | 7.5 |
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
29-05-2020 - 20:56 | 25-03-2011 - 19:55 | |
CVE-2011-1454 | 6.8 |
Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.
|
22-05-2020 - 18:43 | 03-05-2011 - 22:55 | |
CVE-2011-1449 | 6.8 |
Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 18:28 | 03-05-2011 - 22:55 | |
CVE-2011-1440 | 6.8 |
Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.
|
22-05-2020 - 18:24 | 03-05-2011 - 22:55 | |
CVE-2011-1801 | 5.0 |
Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors.
|
22-05-2020 - 18:09 | 26-05-2011 - 16:55 | |
CVE-2011-1304 | 5.0 |
Unspecified vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to bypass the pop-up blocker via vectors related to plug-ins.
|
22-05-2020 - 17:27 | 03-05-2011 - 22:55 | |
CVE-2007-2587 | 6.3 |
The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244).
|
22-05-2020 - 17:01 | 10-05-2007 - 00:19 | |
CVE-2011-1818 | 6.8 |
Use-after-free vulnerability in the image loader in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 16:43 | 09-06-2011 - 19:55 | |
CVE-2011-1816 | 6.8 |
Use-after-free vulnerability in the developer tools in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 15:37 | 09-06-2011 - 19:55 | |
CVE-2011-1809 | 6.8 |
Use-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 14:16 | 09-06-2011 - 19:55 | |
CVE-2011-2351 | 6.8 |
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
|
21-05-2020 - 20:33 | 29-06-2011 - 17:55 | |
CVE-2011-2349 | 6.8 |
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection.
|
21-05-2020 - 20:25 | 29-06-2011 - 17:55 | |
CVE-2011-2346 | 6.8 |
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts.
|
21-05-2020 - 19:59 | 29-06-2011 - 17:55 | |
CVE-2011-1808 | 6.8 |
Use-after-free vulnerability in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to incorrect integer calculations during float handling.
|
21-05-2020 - 19:42 | 09-06-2011 - 19:55 | |
CVE-2011-2818 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.
|
21-05-2020 - 12:54 | 03-08-2011 - 00:55 | |
CVE-2011-2793 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media selectors.
|
21-05-2020 - 01:13 | 03-08-2011 - 00:55 | |
CVE-2011-2797 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching.
|
21-05-2020 - 01:12 | 03-08-2011 - 00:55 | |
CVE-2011-2796 | 6.8 |
Use-after-free vulnerability in Skia, as used in Google Chrome before 13.0.782.107, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
21-05-2020 - 01:12 | 03-08-2011 - 00:55 | |
CVE-2011-2801 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the frame loader.
|
21-05-2020 - 01:11 | 03-08-2011 - 00:55 | |
CVE-2011-2799 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling.
|
20-05-2020 - 15:26 | 03-08-2011 - 00:55 | |
CVE-2011-2790 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.
|
20-05-2020 - 01:49 | 03-08-2011 - 00:55 | |
CVE-2011-2789 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in.
|
20-05-2020 - 01:49 | 03-08-2011 - 00:55 | |
CVE-2011-2792 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.
|
20-05-2020 - 01:49 | 03-08-2011 - 00:55 | |
CVE-2011-2824 | 7.5 |
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes.
|
19-05-2020 - 13:48 | 29-08-2011 - 15:55 | |
CVE-2011-2821 | 7.5 |
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
|
19-05-2020 - 13:43 | 29-08-2011 - 15:55 | |
CVE-2011-2827 | 7.5 |
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.
|
19-05-2020 - 13:27 | 29-08-2011 - 15:55 | |
CVE-2011-2825 | 9.3 |
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.
|
19-05-2020 - 13:24 | 29-08-2011 - 15:55 | |
CVE-2011-2823 | 7.5 |
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.
|
19-05-2020 - 13:21 | 29-08-2011 - 15:55 | |
CVE-2010-3130 | 9.3 |
Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the sam
|
13-05-2020 - 17:15 | 26-08-2010 - 18:36 | |
CVE-2011-3888 | 6.8 |
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown pl
|
11-05-2020 - 17:44 | 25-10-2011 - 19:55 | |
CVE-2011-3876 | 6.8 |
Google Chrome before 15.0.874.102 does not properly handle downloading files that have whitespace characters at the end of a filename, which has unspecified impact and user-assisted remote attack vectors.
|
11-05-2020 - 16:46 | 25-10-2011 - 19:55 | |
CVE-2011-2845 | 4.3 |
Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.
|
11-05-2020 - 16:44 | 25-10-2011 - 19:55 | |
CVE-2011-2880 | 6.8 |
Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.
|
11-05-2020 - 16:29 | 04-10-2011 - 20:55 | |
CVE-2011-3885 | 7.5 |
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.
|
11-05-2020 - 16:02 | 25-10-2011 - 19:55 | |
CVE-2011-3883 | 7.5 |
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counters.
|
11-05-2020 - 15:57 | 25-10-2011 - 19:55 | |
CVE-2011-3882 | 7.5 |
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media buffers.
|
11-05-2020 - 15:56 | 25-10-2011 - 19:55 | |
CVE-2011-2876 | 6.8 |
Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a text line box.
|
08-05-2020 - 20:28 | 04-10-2011 - 20:55 | |
CVE-2011-2860 | 7.5 |
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.
|
08-05-2020 - 19:23 | 19-09-2011 - 12:02 | |
CVE-2011-2853 | 7.5 |
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling.
|
08-05-2020 - 19:11 | 19-09-2011 - 12:02 | |
CVE-2011-2834 | 6.8 |
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
|
08-05-2020 - 18:12 | 19-09-2011 - 12:02 | |
CVE-2011-2847 | 6.8 |
Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
|
08-05-2020 - 17:38 | 19-09-2011 - 12:02 | |
CVE-2011-2846 | 6.8 |
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.
|
08-05-2020 - 17:24 | 19-09-2011 - 12:02 | |
CVE-2011-2854 | 6.8 |
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."
|
08-05-2020 - 17:20 | 19-09-2011 - 12:02 | |
CVE-2011-2857 | 6.8 |
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.
|
08-05-2020 - 17:14 | 19-09-2011 - 12:02 | |
CVE-2011-3913 | 7.5 |
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.
|
08-05-2020 - 14:28 | 13-12-2011 - 21:55 | |
CVE-2011-3912 | 7.5 |
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
|
08-05-2020 - 14:25 | 13-12-2011 - 21:55 | |
CVE-2011-3897 | 6.8 |
Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.
|
08-05-2020 - 14:17 | 11-11-2011 - 11:55 | |
CVE-2011-3957 | 7.5 |
Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents.
|
08-05-2020 - 14:12 | 09-02-2012 - 04:10 | |
CVE-2011-3971 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events.
|
08-05-2020 - 14:03 | 09-02-2012 - 04:10 | |
CVE-2011-3892 | 7.5 |
Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
|
08-05-2020 - 12:57 | 11-11-2011 - 11:55 | |
CVE-2011-3921 | 7.5 |
Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving animation frames.
|
07-05-2020 - 18:44 | 07-01-2012 - 11:55 | |
CVE-2011-3924 | 7.5 |
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.
|
07-05-2020 - 18:42 | 24-01-2012 - 04:03 | |
CVE-2011-3925 | 7.5 |
Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation
|
07-05-2020 - 18:37 | 24-01-2012 - 04:03 | |
CVE-2011-3928 | 7.5 |
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
|
07-05-2020 - 18:24 | 24-01-2012 - 04:03 | |
CVE-2011-3966 | 7.5 |
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data
|
07-05-2020 - 18:20 | 09-02-2012 - 04:10 | |
CVE-2011-3967 | 5.0 |
Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate.
|
07-05-2020 - 18:15 | 09-02-2012 - 04:10 | |
CVE-2011-3904 | 7.5 |
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional text (aka bidi) handling.
|
07-05-2020 - 18:14 | 13-12-2011 - 21:55 | |
CVE-2011-3877 | 4.3 |
Cross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
07-05-2020 - 18:10 | 25-10-2011 - 19:55 | |
CVE-2011-3875 | 4.3 |
Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.
|
07-05-2020 - 18:08 | 25-10-2011 - 19:55 | |
CVE-2011-3890 | 7.5 |
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video source handling.
|
07-05-2020 - 18:06 | 25-10-2011 - 19:55 | |
CVE-2011-3968 | 4.3 |
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.
|
16-04-2020 - 17:45 | 09-02-2012 - 04:10 | |
CVE-2011-3969 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents.
|
16-04-2020 - 17:33 | 09-02-2012 - 04:10 | |
CVE-2011-3016 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.
|
16-04-2020 - 17:29 | 16-02-2012 - 20:55 | |
CVE-2011-3017 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.
|
16-04-2020 - 17:27 | 16-02-2012 - 20:55 | |
CVE-2011-3020 | 6.8 |
Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors.
|
16-04-2020 - 17:21 | 16-02-2012 - 20:55 | |
CVE-2011-3021 | 7.5 |
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.
|
16-04-2020 - 16:58 | 16-02-2012 - 20:55 | |
CVE-2011-3023 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations.
|
16-04-2020 - 16:45 | 16-02-2012 - 20:55 | |
CVE-2011-3031 | 6.8 |
Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
16-04-2020 - 16:17 | 05-03-2012 - 19:55 | |
CVE-2011-3032 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.
|
16-04-2020 - 16:16 | 05-03-2012 - 19:55 | |
CVE-2011-3034 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.
|
16-04-2020 - 16:15 | 05-03-2012 - 19:55 | |
CVE-2011-3035 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
|
16-04-2020 - 16:15 | 05-03-2012 - 19:55 | |
CVE-2011-3038 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling.
|
16-04-2020 - 16:10 | 05-03-2012 - 19:55 | |
CVE-2011-3039 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.
|
16-04-2020 - 16:08 | 05-03-2012 - 19:55 | |
CVE-2011-3042 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections.
|
16-04-2020 - 16:06 | 05-03-2012 - 19:55 | |
CVE-2011-3041 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes.
|
16-04-2020 - 16:06 | 05-03-2012 - 19:55 | |
CVE-2011-3043 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of ele
|
16-04-2020 - 16:04 | 05-03-2012 - 19:55 | |
CVE-2011-3044 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.
|
16-04-2020 - 15:59 | 05-03-2012 - 19:55 | |
CVE-2011-3046 | 10.0 |
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
|
16-04-2020 - 15:59 | 09-03-2012 - 00:55 | |
CVE-2011-3047 | 9.3 |
The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.
|
16-04-2020 - 15:58 | 10-03-2012 - 19:55 | |
CVE-2012-1845 | 9.3 |
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition
|
16-04-2020 - 15:41 | 22-03-2012 - 16:55 | |
CVE-2011-3050 | 6.8 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-lette
|
14-04-2020 - 16:06 | 22-03-2012 - 16:55 | |
CVE-2011-3045 | 6.8 |
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly exe
|
14-04-2020 - 16:06 | 22-03-2012 - 16:55 | |
CVE-2011-3051 | 6.8 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade f
|
14-04-2020 - 16:02 | 22-03-2012 - 16:55 | |
CVE-2011-3053 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.
|
14-04-2020 - 16:01 | 22-03-2012 - 16:55 | |
CVE-2011-3065 | 6.8 |
Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
14-04-2020 - 15:11 | 30-03-2012 - 22:55 | |
CVE-2011-3064 | 7.5 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.
|
14-04-2020 - 15:10 | 30-03-2012 - 22:55 | |
CVE-2011-3068 | 6.8 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.
|
14-04-2020 - 14:57 | 05-04-2012 - 22:02 | |
CVE-2011-3069 | 6.8 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.
|
14-04-2020 - 14:57 | 05-04-2012 - 22:02 | |
CVE-2011-3070 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.
|
14-04-2020 - 14:57 | 05-04-2012 - 22:02 | |
CVE-2011-3071 | 6.8 |
Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
14-04-2020 - 14:50 | 05-04-2012 - 22:02 | |
CVE-2011-3074 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.
|
14-04-2020 - 14:28 | 05-04-2012 - 22:02 | |
CVE-2011-3073 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.
|
14-04-2020 - 14:28 | 05-04-2012 - 22:02 | |
CVE-2011-3075 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.
|
14-04-2020 - 14:27 | 05-04-2012 - 22:02 | |
CVE-2011-3076 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.
|
14-04-2020 - 14:14 | 05-04-2012 - 22:02 | |
CVE-2011-3077 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a "read-after-free" issue.
|
14-04-2020 - 14:13 | 05-04-2012 - 22:02 | |
CVE-2012-1521 | 6.8 |
Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
13-04-2020 - 17:17 | 01-05-2012 - 10:12 | |
CVE-2011-3078 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011
|
13-04-2020 - 17:15 | 01-05-2012 - 10:12 | |
CVE-2011-3081 | 9.3 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011
|
13-04-2020 - 16:19 | 01-05-2012 - 10:12 | |
CVE-2004-0203 | 4.3 |
Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.
|
09-04-2020 - 13:51 | 23-11-2004 - 05:00 | |
CVE-2004-0574 | 10.0 |
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, poss
|
09-04-2020 - 13:50 | 03-11-2004 - 05:00 | |
CVE-2003-0904 | 6.0 |
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authenticatio
|
09-04-2020 - 13:49 | 20-01-2004 - 05:00 | |
CVE-2008-2248 | 4.3 |
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.
|
09-04-2020 - 13:32 | 08-07-2008 - 23:41 | |
CVE-2008-2247 | 4.3 |
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.
|
09-04-2020 - 13:32 | 08-07-2008 - 23:41 | |
CVE-2007-0220 | 6.8 |
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-enco
|
09-04-2020 - 13:30 | 08-05-2007 - 23:19 | |
CVE-2007-0039 | 7.8 |
The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MI
|
09-04-2020 - 13:30 | 08-05-2007 - 23:19 | |
CVE-2007-0213 | 10.0 |
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
|
09-04-2020 - 13:30 | 08-05-2007 - 23:19 | |
CVE-2007-0221 | 7.8 |
Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
|
09-04-2020 - 13:30 | 08-05-2007 - 23:19 | |
CVE-2006-0002 | 7.5 |
Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulatio
|
09-04-2020 - 13:29 | 10-01-2006 - 22:03 | |
CVE-2006-0027 | 7.5 |
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
|
09-04-2020 - 13:29 | 10-05-2006 - 02:10 | |
CVE-2006-1193 | 2.6 |
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsi
|
09-04-2020 - 13:29 | 13-06-2006 - 19:06 | |
CVE-2010-3937 | 4.0 |
Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
|
09-04-2020 - 13:25 | 16-12-2010 - 19:33 | |
CVE-2010-0025 | 5.0 |
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read frag
|
09-04-2020 - 13:24 | 14-04-2010 - 16:00 | |
CVE-2010-0024 | 5.0 |
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (serv
|
09-04-2020 - 13:22 | 14-04-2010 - 16:00 | |
CVE-2008-1447 | 5.0 |
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
|
24-03-2020 - 18:19 | 08-07-2008 - 23:41 | |
CVE-2003-0845 | 7.5 |
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL
|
24-03-2020 - 14:57 | 17-11-2003 - 05:00 | |
CVE-2003-0082 | 5.0 |
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its hea
|
21-01-2020 - 15:47 | 02-04-2003 - 05:00 | |
CVE-2009-4212 | 10.0 |
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly
|
21-01-2020 - 15:45 | 13-01-2010 - 19:30 | |
CVE-2007-3999 | 10.0 |
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third
|
21-01-2020 - 15:45 | 05-09-2007 - 10:17 | |
CVE-2005-1175 | 7.5 |
Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP req
|
21-01-2020 - 15:45 | 18-07-2005 - 04:00 | |
CVE-2005-0488 | 5.0 |
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
|
21-01-2020 - 15:45 | 14-06-2005 - 04:00 | |
CVE-2003-0028 | 7.5 |
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via
|
21-01-2020 - 15:45 | 25-03-2003 - 05:00 | |
CVE-2005-1174 | 5.0 |
MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
|
21-01-2020 - 15:45 | 18-07-2005 - 04:00 | |
CVE-2003-0058 | 5.0 |
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
|
21-01-2020 - 15:44 | 19-02-2003 - 05:00 | |
CVE-2004-0804 | 4.3 |
Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452
|
31-12-2019 - 19:18 | 03-11-2004 - 05:00 | |
CVE-2008-4098 | 4.6 |
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and
|
17-12-2019 - 20:26 | 18-09-2008 - 15:04 | |
CVE-2009-4028 | 6.8 |
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary
|
17-12-2019 - 20:26 | 30-11-2009 - 17:30 | |
CVE-2010-1850 | 6.0 |
Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
|
17-12-2019 - 20:26 | 08-06-2010 - 00:30 | |
CVE-2009-4019 | 4.0 |
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use
|
17-12-2019 - 20:26 | 30-11-2009 - 17:30 | |
CVE-2010-1848 | 6.5 |
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tab
|
17-12-2019 - 20:26 | 08-06-2010 - 00:30 | |
CVE-2010-1626 | 3.6 |
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
|
17-12-2019 - 20:26 | 21-05-2010 - 17:30 | |
CVE-2010-1849 | 5.0 |
The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum lengt
|
17-12-2019 - 20:26 | 08-06-2010 - 00:30 | |
CVE-2009-0819 | 4.0 |
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," wh
|
17-12-2019 - 20:23 | 05-03-2009 - 02:30 | |
CVE-2006-3469 | 4.0 |
Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_forma
|
17-12-2019 - 20:16 | 21-07-2006 - 14:03 | |
CVE-2006-2753 | 7.5 |
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properl
|
17-12-2019 - 20:16 | 01-06-2006 - 17:02 | |
CVE-2008-4456 | 2.6 |
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by
|
17-12-2019 - 19:56 | 06-10-2008 - 23:25 | |
CVE-2010-3492 | 5.0 |
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, whic
|
29-10-2019 - 00:56 | 19-10-2010 - 20:00 | |
CVE-2008-5031 | 10.0 |
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs fun
|
25-10-2019 - 11:53 | 10-11-2008 - 16:15 | |
CVE-2010-3493 | 4.3 |
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept f
|
25-10-2019 - 11:53 | 19-10-2010 - 20:00 | |
CVE-2005-0758 | 4.6 |
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
|
16-10-2019 - 20:01 | 13-05-2005 - 04:00 | |
CVE-2010-3644 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3652 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3637 | 9.3 |
An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video.
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3648 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3643 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3650 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3640 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3641 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3645 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3636 | 9.3 |
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote w
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3642 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3649 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3647 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3646 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2010-3639 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unkn
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2008-3473 | 9.3 |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive inf
|
09-10-2019 - 22:56 | 15-10-2008 - 00:12 | |
CVE-2008-2252 | 7.2 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted
|
09-10-2019 - 22:55 | 15-10-2008 - 00:12 | |
CVE-2007-3897 | 9.3 |
Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
|
09-10-2019 - 22:53 | 09-10-2007 - 22:17 | |
CVE-2003-0150 | 9.0 |
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by mod
|
07-10-2019 - 16:41 | 24-03-2003 - 05:00 | |
CVE-2003-0073 | 5.0 |
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
|
07-10-2019 - 16:41 | 19-02-2003 - 05:00 | |
CVE-2012-1516 | 9.0 |
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host
|
27-09-2019 - 18:13 | 04-05-2012 - 16:55 | |
CVE-2012-5376 | 9.3 |
The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerabili
|
27-09-2019 - 17:19 | 11-10-2012 - 10:51 | |
CVE-2011-1265 | 8.3 |
The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary
|
27-09-2019 - 17:05 | 13-07-2011 - 22:55 | |
CVE-2009-1690 | 9.3 |
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary c
|
26-09-2019 - 17:05 | 10-06-2009 - 14:30 | |
CVE-2006-6737 | 4.3 |
Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attack
|
01-08-2019 - 12:20 | 26-12-2006 - 23:28 | |
CVE-2006-6736 | 4.3 |
Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attack
|
01-08-2019 - 12:20 | 26-12-2006 - 23:28 | |
CVE-2008-1193 | 9.3 |
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.
|
31-07-2019 - 12:41 | 06-03-2008 - 21:44 | |
CVE-2008-1190 | 9.3 |
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-200
|
31-07-2019 - 12:40 | 06-03-2008 - 21:44 | |
CVE-2008-1195 | 9.3 |
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via uns
|
31-07-2019 - 12:38 | 06-03-2008 - 21:44 | |
CVE-2008-1192 | 6.8 |
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "exe
|
31-07-2019 - 12:36 | 06-03-2008 - 21:44 | |
CVE-2008-1185 | 9.3 |
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted applicatio
|
31-07-2019 - 12:35 | 06-03-2008 - 21:44 | |
CVE-2008-1186 | 9.3 |
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a differen
|
31-07-2019 - 12:35 | 06-03-2008 - 21:44 | |
CVE-2012-4791 | 3.5 |
Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
|
01-06-2019 - 00:29 | 12-12-2012 - 00:55 | |
CVE-2013-3918 | 9.3 |
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold
|
14-05-2019 - 14:24 | 12-11-2013 - 14:35 | |
CVE-2013-3869 | 5.0 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a de
|
14-05-2019 - 14:22 | 13-11-2013 - 00:55 | |
CVE-2013-3940 | 9.3 |
Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and W
|
14-05-2019 - 14:19 | 13-11-2013 - 00:55 | |
CVE-2006-6696 | 6.9 |
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Serv
|
30-04-2019 - 14:27 | 22-12-2006 - 02:28 | |
CVE-2006-3443 | 7.2 |
Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulner
|
30-04-2019 - 14:27 | 09-08-2006 - 01:04 | |
CVE-2009-1928 | 7.8 |
Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active D
|
30-04-2019 - 14:27 | 11-11-2009 - 19:30 | |
CVE-2002-1258 | 5.0 |
Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in
|
30-04-2019 - 14:27 | 23-12-2002 - 05:00 | |
CVE-2006-2380 | 4.3 |
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
|
30-04-2019 - 14:27 | 13-06-2006 - 19:06 | |
CVE-2009-1924 | 9.3 |
Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability.
|
30-04-2019 - 14:27 | 12-08-2009 - 17:30 | |
CVE-2006-2371 | 7.5 |
Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via cer
|
30-04-2019 - 14:27 | 13-06-2006 - 19:06 | |
CVE-2007-3901 | 8.5 |
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.
|
30-04-2019 - 14:27 | 12-12-2007 - 00:46 | |
CVE-2006-2379 | 9.3 |
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
|
30-04-2019 - 14:27 | 13-06-2006 - 19:06 | |
CVE-2007-3028 | 5.0 |
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP r
|
30-04-2019 - 14:27 | 10-07-2007 - 22:30 | |
CVE-2009-1923 | 9.3 |
Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buf
|
30-04-2019 - 14:27 | 12-08-2009 - 17:30 | |
CVE-2006-2370 | 7.5 |
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC
|
30-04-2019 - 14:27 | 13-06-2006 - 19:06 | |
CVE-2006-3444 | 7.5 |
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
|
30-04-2019 - 14:27 | 09-08-2006 - 00:04 | |
CVE-2005-0048 | 7.5 |
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Valid
|
30-04-2019 - 14:27 | 02-05-2005 - 04:00 | |
CVE-2006-0032 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, w
|
30-04-2019 - 14:27 | 12-09-2006 - 23:07 | |
CVE-2004-0894 | 7.2 |
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
|
30-04-2019 - 14:27 | 10-01-2005 - 05:00 | |
CVE-2009-1138 | 10.0 |
The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memor
|
30-04-2019 - 14:27 | 10-06-2009 - 18:00 | |
CVE-2005-1218 | 5.0 |
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
|
30-04-2019 - 14:27 | 10-08-2005 - 04:00 | |
CVE-2010-0035 | 6.3 |
The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of ser
|
30-04-2019 - 14:27 | 10-02-2010 - 18:30 | |
CVE-2005-0047 | 7.2 |
Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
|
30-04-2019 - 14:27 | 02-05-2005 - 04:00 | |
CVE-2001-0879 | 5.0 |
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
|
30-04-2019 - 14:27 | 20-12-2001 - 05:00 | |
CVE-2006-0034 | 7.5 |
Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code v
|
30-04-2019 - 14:27 | 10-05-2006 - 02:14 | |
CVE-2006-1313 | 6.8 |
Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary
|
30-04-2019 - 14:27 | 13-06-2006 - 19:06 | |
CVE-2007-1748 | 10.0 |
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name conta
|
30-04-2019 - 14:27 | 13-04-2007 - 18:19 | |
CVE-2005-2827 | 7.2 |
The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the
|
30-04-2019 - 14:27 | 14-12-2005 - 01:03 | |
CVE-2005-1191 | 5.0 |
The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View co
|
30-04-2019 - 14:27 | 02-05-2005 - 04:00 | |
CVE-2010-0478 | 9.3 |
Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Med
|
30-04-2019 - 14:27 | 14-04-2010 - 16:00 | |
CVE-2005-1981 | 2.1 |
Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
|
30-04-2019 - 14:27 | 10-08-2005 - 04:00 | |
CVE-2004-1319 | 5.0 |
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the par
|
30-04-2019 - 14:27 | 15-12-2004 - 05:00 | |
CVE-2004-0568 | 10.0 |
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious
|
30-04-2019 - 14:27 | 10-01-2005 - 05:00 | |
CVE-2005-0057 | 7.5 |
The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.
|
30-04-2019 - 14:27 | 02-05-2005 - 04:00 | |
CVE-2008-0088 | 6.8 |
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted
|
30-04-2019 - 14:27 | 12-02-2008 - 21:00 | |
CVE-2005-0063 | 7.5 |
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML App
|
30-04-2019 - 14:27 | 02-05-2005 - 04:00 | |
CVE-2005-1982 | 3.6 |
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain control
|
30-04-2019 - 14:27 | 10-08-2005 - 04:00 | |
CVE-2004-1080 | 10.0 |
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS re
|
30-04-2019 - 14:27 | 10-01-2005 - 05:00 | |
CVE-2005-0803 | 5.0 |
The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be
|
30-04-2019 - 14:27 | 02-05-2005 - 04:00 | |
CVE-2005-0061 | 7.2 |
The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
|
30-04-2019 - 14:27 | 02-05-2005 - 04:00 | |
CVE-2005-0045 | 7.5 |
The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2)
|
30-04-2019 - 14:27 | 02-05-2005 - 04:00 | |
CVE-2006-0012 | 5.1 |
Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "
|
30-04-2019 - 14:27 | 12-04-2006 - 00:02 | |
CVE-2005-1214 | 5.1 |
Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.
|
30-04-2019 - 14:27 | 14-06-2005 - 04:00 | |
CVE-2004-0571 | 10.0 |
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability
|
30-04-2019 - 14:27 | 10-01-2005 - 05:00 | |
CVE-2005-2118 | 5.1 |
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the use
|
30-04-2019 - 14:27 | 21-10-2005 - 18:02 | |
CVE-2005-0044 | 7.5 |
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validat
|
30-04-2019 - 14:27 | 02-05-2005 - 04:00 | |
CVE-2006-0005 | 9.3 |
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML
|
30-04-2019 - 14:27 | 14-02-2006 - 19:06 | |
CVE-2006-1184 | 5.0 |
Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of
|
30-04-2019 - 14:27 | 10-05-2006 - 02:14 | |
CVE-2009-1139 | 7.8 |
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (m
|
30-04-2019 - 14:27 | 10-06-2009 - 18:00 | |
CVE-2004-0893 | 7.2 |
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges,
|
30-04-2019 - 14:27 | 10-01-2005 - 05:00 | |
CVE-2005-2122 | 10.0 |
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Serve
|
30-04-2019 - 14:27 | 21-10-2005 - 18:02 | |
CVE-2003-0661 | 5.0 |
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
|
30-04-2019 - 14:27 | 20-10-2003 - 04:00 | |
CVE-2003-0605 | 7.5 |
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject int
|
30-04-2019 - 14:27 | 27-08-2003 - 04:00 | |
CVE-2004-0901 | 10.0 |
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site,
|
30-04-2019 - 14:27 | 10-01-2005 - 05:00 | |
CVE-2003-0350 | 4.6 |
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility M
|
30-04-2019 - 14:27 | 18-08-2003 - 04:00 | |
CVE-2007-0040 | 10.0 |
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a
|
30-04-2019 - 14:27 | 10-07-2007 - 22:30 | |
CVE-2005-0050 | 10.0 |
The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) a
|
30-04-2019 - 14:27 | 02-05-2005 - 04:00 | |
CVE-2006-0010 | 9.3 |
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded
|
30-04-2019 - 14:27 | 10-01-2006 - 22:03 | |
CVE-2006-2373 | 10.0 |
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEIT
|
26-03-2019 - 19:17 | 13-06-2006 - 19:06 | |
CVE-2012-0022 | 5.0 |
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters
|
25-03-2019 - 11:33 | 19-01-2012 - 04:01 | |
CVE-2007-5461 | 3.5 |
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write reque
|
25-03-2019 - 11:29 | 15-10-2007 - 18:17 | |
CVE-2007-1358 | 2.6 |
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform
|
25-03-2019 - 11:29 | 10-05-2007 - 00:19 | |
CVE-2009-0555 | 9.3 |
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute ar
|
28-02-2019 - 01:20 | 14-10-2009 - 10:30 | |
CVE-2008-0085 | 5.0 |
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memor
|
28-02-2019 - 00:59 | 08-07-2008 - 23:41 | |
CVE-2007-2223 | 9.3 |
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
|
27-02-2019 - 16:00 | 14-08-2007 - 21:17 | |
CVE-2009-0075 | 9.3 |
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document o
|
27-02-2019 - 14:07 | 10-02-2009 - 22:30 | |
CVE-2008-4261 | 9.3 |
Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers t
|
26-02-2019 - 14:04 | 10-12-2008 - 14:00 | |
CVE-2011-3397 | 9.3 |
The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Mic
|
26-02-2019 - 14:04 | 14-12-2011 - 00:55 | |
CVE-2008-4036 | 7.2 |
Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, r
|
26-02-2019 - 14:04 | 15-10-2008 - 00:12 | |
CVE-2010-3963 | 7.2 |
Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service
|
26-02-2019 - 14:04 | 16-12-2010 - 19:33 | |
CVE-2008-4114 | 7.1 |
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact vi
|
26-02-2019 - 14:04 | 16-09-2008 - 23:00 | |
CVE-2008-4038 | 10.0 |
Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a cr
|
26-02-2019 - 14:04 | 15-10-2008 - 00:12 | |
CVE-2010-3942 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which all
|
26-02-2019 - 14:04 | 16-12-2010 - 19:33 | |
CVE-2010-3940 | 7.2 |
Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via
|
26-02-2019 - 14:04 | 16-12-2010 - 19:33 | |
CVE-2013-3181 | 9.3 |
usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerabili
|
26-02-2019 - 14:04 | 14-08-2013 - 11:10 | |
CVE-2011-3400 | 9.3 |
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
|
26-02-2019 - 14:04 | 14-12-2011 - 00:55 | |
CVE-2008-4029 | 4.3 |
Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external
|
26-02-2019 - 14:04 | 12-11-2008 - 23:30 | |
CVE-2010-3970 | 9.3 |
Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and
|
26-02-2019 - 14:04 | 22-12-2010 - 21:00 | |
CVE-2010-3941 | 7.2 |
Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a cr
|
26-02-2019 - 14:04 | 16-12-2010 - 19:33 | |
CVE-2010-3956 | 9.3 |
The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain pr
|
26-02-2019 - 14:04 | 16-12-2010 - 19:33 | |
CVE-2008-4260 | 8.5 |
Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
|
26-02-2019 - 14:04 | 10-12-2008 - 14:00 | |
CVE-2008-4258 | 8.5 |
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Paramet
|
26-02-2019 - 14:04 | 10-12-2008 - 14:00 | |
CVE-2010-3965 | 9.3 |
Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL
|
26-02-2019 - 14:04 | 16-12-2010 - 19:33 | |
CVE-2013-3863 | 9.3 |
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via a crafted OLE object in a file, aka "OLE Property Vulnerability."
|
26-02-2019 - 14:04 | 11-09-2013 - 14:03 | |
CVE-2010-3939 | 7.2 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors r
|
26-02-2019 - 14:04 | 16-12-2010 - 19:33 | |
CVE-2008-4834 | 10.0 |
Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Tra
|
26-02-2019 - 14:04 | 14-01-2009 - 22:30 | |
CVE-2010-3943 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gai
|
26-02-2019 - 14:04 | 16-12-2010 - 19:33 | |
CVE-2008-4259 | 9.3 |
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file wit
|
26-02-2019 - 14:04 | 10-12-2008 - 14:00 | |
CVE-2008-4835 | 10.0 |
SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets
|
26-02-2019 - 14:04 | 14-01-2009 - 22:30 | |
CVE-2010-3959 | 6.9 |
The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType
|
26-02-2019 - 14:04 | 16-12-2010 - 19:33 | |
CVE-2010-3957 | 6.9 |
Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a craf
|
26-02-2019 - 14:04 | 16-12-2010 - 19:33 | |
CVE-2010-2550 | 10.0 |
The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute
|
26-02-2019 - 14:04 | 11-08-2010 - 18:47 | |
CVE-2010-2567 | 9.3 |
The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a m
|
26-02-2019 - 14:04 | 15-09-2010 - 19:00 | |
CVE-2009-2529 | 9.3 |
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnera
|
26-02-2019 - 14:04 | 14-10-2009 - 10:30 | |
CVE-2010-1882 | 9.3 |
Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a craft
|
26-02-2019 - 14:04 | 11-08-2010 - 18:47 | |
CVE-2009-1922 | 6.9 |
The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users
|
26-02-2019 - 14:04 | 12-08-2009 - 17:30 | |
CVE-2009-2516 | 6.9 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that trigg
|
26-02-2019 - 14:04 | 14-10-2009 - 10:30 | |
CVE-2010-1885 | 9.3 |
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist
|
26-02-2019 - 14:04 | 15-06-2010 - 14:04 | |
CVE-2008-2251 | 7.2 |
Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multipl
|
26-02-2019 - 14:04 | 15-10-2008 - 00:12 | |
CVE-2010-1891 | 6.9 |
The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows lo
|
26-02-2019 - 14:04 | 15-09-2010 - 19:00 | |
CVE-2009-2515 | 7.2 |
Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncati
|
26-02-2019 - 14:04 | 14-10-2009 - 10:30 | |
CVE-2011-1968 | 7.1 |
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP p
|
26-02-2019 - 14:04 | 10-08-2011 - 21:55 | |
CVE-2010-1897 | 7.2 |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback para
|
26-02-2019 - 14:04 | 11-08-2010 - 18:47 | |
CVE-2007-3034 | 9.3 |
Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length va
|
26-02-2019 - 14:04 | 14-08-2007 - 21:17 | |
CVE-2009-1920 | 9.3 |
The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a
|
26-02-2019 - 14:04 | 08-09-2009 - 22:30 | |
CVE-2010-1896 | 7.2 |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows l
|
26-02-2019 - 14:04 | 11-08-2010 - 18:47 | |
CVE-2010-1894 | 7.2 |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exceptio
|
26-02-2019 - 14:04 | 11-08-2010 - 18:47 | |
CVE-2010-3222 | 7.2 |
Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to
|
26-02-2019 - 14:04 | 13-10-2010 - 19:00 | |
CVE-2009-3672 | 9.3 |
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName
|
26-02-2019 - 14:04 | 02-12-2009 - 11:30 | |
CVE-2008-1544 | 7.1 |
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers t
|
26-02-2019 - 14:04 | 28-03-2008 - 23:44 | |
CVE-2011-1870 | 7.2 |
Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a
|
26-02-2019 - 14:04 | 13-07-2011 - 23:55 | |
CVE-2010-3228 | 9.3 |
The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework
|
26-02-2019 - 14:04 | 13-10-2010 - 19:00 | |
CVE-2008-3477 | 9.3 |
Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel fil
|
26-02-2019 - 14:04 | 15-10-2008 - 00:12 | |
CVE-2010-2741 | 7.2 |
The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font
|
26-02-2019 - 14:04 | 13-10-2010 - 19:00 | |
CVE-2010-2729 | 9.3 |
The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permis
|
26-02-2019 - 14:04 | 15-09-2010 - 19:00 | |
CVE-2010-2566 | 9.3 |
The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary co
|
26-02-2019 - 14:04 | 11-08-2010 - 18:47 | |
CVE-2009-2506 | 9.3 |
Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC
|
26-02-2019 - 14:04 | 09-12-2009 - 18:30 | |
CVE-2009-2497 | 9.3 |
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser appl
|
26-02-2019 - 14:04 | 14-10-2009 - 10:30 | |
CVE-2011-2005 | 7.2 |
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary F
|
26-02-2019 - 14:04 | 12-10-2011 - 02:52 | |
CVE-2009-2531 | 9.3 |
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corru
|
26-02-2019 - 14:04 | 14-10-2009 - 10:30 | |
CVE-2009-2508 | 6.9 |
The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate
|
26-02-2019 - 14:04 | 09-12-2009 - 18:30 | |
CVE-2010-1887 | 4.4 |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument,
|
26-02-2019 - 14:04 | 11-08-2010 - 18:47 | |
CVE-2009-3677 | 10.0 |
The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol
|
26-02-2019 - 14:04 | 09-12-2009 - 18:30 | |
CVE-2009-2494 | 10.0 |
The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operation
|
26-02-2019 - 14:04 | 12-08-2009 - 17:30 | |
CVE-2009-2530 | 9.3 |
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corru
|
26-02-2019 - 14:04 | 14-10-2009 - 10:30 | |
CVE-2009-2509 | 9.0 |
Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request
|
26-02-2019 - 14:04 | 09-12-2009 - 18:30 | |
CVE-2010-2745 | 9.3 |
Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka
|
26-02-2019 - 14:04 | 13-10-2010 - 19:00 | |
CVE-2008-3009 | 10.0 |
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which all
|
26-02-2019 - 14:04 | 10-12-2008 - 14:00 | |
CVE-2011-1894 | 4.3 |
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embe
|
26-02-2019 - 14:04 | 16-06-2011 - 20:55 | |
CVE-2011-1869 | 7.8 |
The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a d
|
26-02-2019 - 14:04 | 16-06-2011 - 20:55 | |
CVE-2009-2498 | 9.3 |
Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1)
|
26-02-2019 - 14:04 | 08-09-2009 - 22:30 | |
CVE-2011-1868 | 10.0 |
The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Me
|
26-02-2019 - 14:04 | 16-06-2011 - 20:55 | |
CVE-2008-3472 | 9.3 |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive inf
|
26-02-2019 - 14:04 | 15-10-2008 - 00:12 | |
CVE-2009-1547 | 9.3 |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."
|
26-02-2019 - 14:04 | 14-10-2009 - 10:30 | |
CVE-2013-0810 | 9.3 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulner
|
26-02-2019 - 14:04 | 11-09-2013 - 14:03 | |
CVE-2011-1283 | 7.2 |
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has
|
26-02-2019 - 14:04 | 13-07-2011 - 23:55 | |
CVE-2010-1883 | 9.3 |
Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary cod
|
26-02-2019 - 14:04 | 13-10-2010 - 19:00 | |
CVE-2010-3147 | 9.3 |
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to
|
26-02-2019 - 14:04 | 27-08-2010 - 19:00 | |
CVE-2008-3476 | 9.3 |
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulner
|
26-02-2019 - 14:04 | 15-10-2008 - 00:12 | |
CVE-2010-3144 | 9.3 |
Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demon
|
26-02-2019 - 14:04 | 27-08-2010 - 19:00 | |
CVE-2010-2738 | 9.3 |
The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly
|
26-02-2019 - 14:04 | 15-09-2010 - 19:00 | |
CVE-2009-1925 | 10.0 |
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and th
|
26-02-2019 - 14:04 | 08-09-2009 - 22:30 | |
CVE-2013-1295 | 7.2 |
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "
|
26-02-2019 - 14:04 | 09-04-2013 - 22:55 | |
CVE-2009-1539 | 9.3 |
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files,
|
26-02-2019 - 14:04 | 15-07-2009 - 15:30 | |
CVE-2008-3474 | 4.3 |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML
|
26-02-2019 - 14:04 | 15-10-2008 - 00:12 | |
CVE-2010-2568 | 9.3 |
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not prope
|
26-02-2019 - 14:04 | 22-07-2010 - 05:43 | |
CVE-2010-1895 | 7.2 |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a
|
26-02-2019 - 14:04 | 11-08-2010 - 18:47 | |
CVE-2009-2525 | 9.3 |
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote atta
|
26-02-2019 - 14:04 | 14-10-2009 - 10:30 | |
CVE-2011-1974 | 7.2 |
NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka
|
26-02-2019 - 14:04 | 10-08-2011 - 21:55 | |
CVE-2010-2740 | 7.2 |
The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font P
|
26-02-2019 - 14:04 | 13-10-2010 - 19:00 | |
CVE-2008-2250 | 7.2 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which all
|
26-02-2019 - 14:04 | 15-10-2008 - 00:12 | |
CVE-2010-2746 | 7.6 |
Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer i
|
26-02-2019 - 14:04 | 13-10-2010 - 19:00 | |
CVE-2009-1538 | 9.3 |
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data val
|
26-02-2019 - 14:04 | 15-07-2009 - 15:30 | |
CVE-2010-2744 | 7.2 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges b
|
26-02-2019 - 14:04 | 13-10-2010 - 19:00 | |
CVE-2009-1926 | 7.8 |
Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small o
|
26-02-2019 - 14:04 | 08-09-2009 - 22:30 | |
CVE-2010-2743 | 7.2 |
The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated
|
26-02-2019 - 14:04 | 20-01-2011 - 21:00 | |
CVE-2009-2519 | 9.3 |
The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system
|
26-02-2019 - 14:04 | 08-09-2009 - 22:30 | |
CVE-2010-2742 | 5.4 |
The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC
|
26-02-2019 - 14:04 | 16-12-2010 - 19:33 | |
CVE-2010-2563 | 9.3 |
The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted
|
26-02-2019 - 14:04 | 15-09-2010 - 19:00 | |
CVE-2009-2511 | 7.5 |
Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to s
|
26-02-2019 - 14:04 | 14-10-2009 - 10:30 | |
CVE-2009-2499 | 8.5 |
Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory
|
26-02-2019 - 14:04 | 08-09-2009 - 22:30 | |
CVE-2010-0483 | 7.6 |
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (
|
26-02-2019 - 14:04 | 03-03-2010 - 19:30 | |
CVE-2010-0238 | 4.9 |
Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel
|
26-02-2019 - 14:04 | 14-04-2010 - 16:00 | |
CVE-2013-0077 | 9.3 |
Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Offi
|
26-02-2019 - 14:04 | 13-02-2013 - 12:04 | |
CVE-2008-1436 | 9.0 |
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service
|
26-02-2019 - 14:04 | 21-04-2008 - 17:05 | |
CVE-2010-0487 | 9.3 |
The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Se
|
26-02-2019 - 14:04 | 14-04-2010 - 16:00 | |
CVE-2009-0081 | 9.3 |
The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote
|
26-02-2019 - 14:04 | 10-03-2009 - 20:30 | |
CVE-2011-0027 | 9.3 |
Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a
|
26-02-2019 - 14:04 | 12-01-2011 - 01:00 | |
CVE-2010-0812 | 6.4 |
Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka
|
26-02-2019 - 14:04 | 14-04-2010 - 16:00 | |
CVE-2009-0088 | 9.3 |
The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via
|
26-02-2019 - 14:04 | 15-04-2009 - 08:00 | |
CVE-2011-0029 | 9.3 |
Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contain
|
26-02-2019 - 14:04 | 09-03-2011 - 23:00 | |
CVE-2009-0086 | 10.0 |
Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in
|
26-02-2019 - 14:04 | 15-04-2009 - 08:00 | |
CVE-2010-0028 | 9.3 |
Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
|
26-02-2019 - 14:04 | 10-02-2010 - 18:30 | |
CVE-2010-0816 | 9.3 |
Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 a
|
26-02-2019 - 14:04 | 12-05-2010 - 11:46 | |
CVE-2011-0088 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users t
|
26-02-2019 - 14:04 | 09-02-2011 - 01:00 | |
CVE-2010-0269 | 10.0 |
The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows re
|
26-02-2019 - 14:04 | 14-04-2010 - 16:00 | |
CVE-2011-0654 | 10.0 |
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and S
|
26-02-2019 - 14:04 | 16-02-2011 - 01:00 | |
CVE-2008-0107 | 9.0 |
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allo
|
26-02-2019 - 14:04 | 08-07-2008 - 23:41 | |
CVE-2011-0028 | 9.3 |
WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
|
26-02-2019 - 14:04 | 13-04-2011 - 18:55 | |
CVE-2009-0232 | 9.3 |
Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name ta
|
26-02-2019 - 14:04 | 15-07-2009 - 15:30 | |
CVE-2010-0480 | 9.3 |
Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a craft
|
26-02-2019 - 14:04 | 14-04-2010 - 16:00 | |
CVE-2008-1454 | 9.4 |
Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the
|
26-02-2019 - 14:04 | 08-07-2008 - 23:41 | |
CVE-2009-1125 | 7.2 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted a
|
26-02-2019 - 14:04 | 10-06-2009 - 18:30 | |
CVE-2010-0818 | 9.3 |
The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attacker
|
26-02-2019 - 14:04 | 15-09-2010 - 19:00 | |
CVE-2010-0486 | 9.3 |
The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows
|
26-02-2019 - 14:04 | 14-04-2010 - 16:00 | |
CVE-2009-0090 | 9.3 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application
|
26-02-2019 - 14:04 | 14-10-2009 - 10:30 | |
CVE-2009-0089 | 5.8 |
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a differe
|
26-02-2019 - 14:04 | 15-04-2009 - 08:00 | |
CVE-2012-0005 | 6.9 |
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory d
|
26-02-2019 - 14:04 | 10-01-2012 - 21:55 | |
CVE-2009-1133 | 9.3 |
Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unsp
|
26-02-2019 - 14:04 | 12-08-2009 - 17:30 | |
CVE-2011-0087 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted applicat
|
26-02-2019 - 14:04 | 09-02-2011 - 01:00 | |
CVE-2010-0232 | 7.2 |
The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabl
|
26-02-2019 - 14:04 | 21-01-2010 - 19:30 | |
CVE-2009-1124 | 7.2 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a
|
26-02-2019 - 14:04 | 10-06-2009 - 18:30 | |
CVE-2009-0551 | 9.3 |
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP docum
|
26-02-2019 - 14:04 | 15-04-2009 - 08:00 | |
CVE-2009-0078 | 7.2 |
The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the
|
26-02-2019 - 14:04 | 15-04-2009 - 08:00 | |
CVE-2010-0820 | 9.0 |
Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP S
|
26-02-2019 - 14:04 | 15-09-2010 - 19:00 | |
CVE-2010-0236 | 7.2 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafte
|
26-02-2019 - 14:04 | 14-04-2010 - 16:00 | |
CVE-2010-0234 | 4.7 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a de
|
26-02-2019 - 14:04 | 14-04-2010 - 16:00 | |
CVE-2009-0554 | 9.3 |
Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page
|
26-02-2019 - 14:04 | 15-04-2009 - 08:00 | |
CVE-2011-0086 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users t
|
26-02-2019 - 14:04 | 09-02-2011 - 01:00 | |
CVE-2009-0233 | 5.8 |
The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which mak
|
26-02-2019 - 14:04 | 11-03-2009 - 14:19 | |
CVE-2011-0026 | 9.3 |
Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long s
|
26-02-2019 - 14:04 | 12-01-2011 - 01:00 | |
CVE-2009-0083 | 7.2 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invali
|
26-02-2019 - 14:04 | 10-03-2009 - 20:30 | |
CVE-2011-0096 | 4.3 |
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for cont
|
26-02-2019 - 14:04 | 31-01-2011 - 20:00 | |
CVE-2010-0235 | 4.7 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted applicati
|
26-02-2019 - 14:04 | 14-04-2010 - 16:00 | |
CVE-2009-0082 | 7.2 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified
|
26-02-2019 - 14:04 | 10-03-2009 - 20:30 | |
CVE-2009-0093 | 3.5 |
Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-
|
26-02-2019 - 14:04 | 11-03-2009 - 14:19 | |
CVE-2009-0079 | 6.9 |
The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account,
|
26-02-2019 - 14:04 | 15-04-2009 - 08:00 | |
CVE-2009-0094 | 5.5 |
The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra
|
26-02-2019 - 14:04 | 11-03-2009 - 14:19 | |
CVE-2012-0149 | 7.2 |
afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elev
|
26-02-2019 - 14:04 | 14-02-2012 - 22:55 | |
CVE-2011-0090 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users t
|
26-02-2019 - 14:04 | 09-02-2011 - 01:00 | |
CVE-2009-0085 | 7.1 |
The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's k
|
26-02-2019 - 14:04 | 10-03-2009 - 20:30 | |
CVE-2011-0089 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users t
|
26-02-2019 - 14:04 | 09-02-2011 - 01:00 | |
CVE-2009-0239 | 4.3 |
Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a sea
|
26-02-2019 - 14:04 | 10-06-2009 - 18:00 | |
CVE-2009-0091 | 9.3 |
Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a craf
|
26-02-2019 - 14:04 | 14-10-2009 - 10:30 | |
CVE-2010-0016 | 9.3 |
The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted respo
|
26-02-2019 - 14:04 | 10-02-2010 - 18:30 | |
CVE-2009-0076 | 9.3 |
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a
|
26-02-2019 - 14:04 | 10-02-2009 - 22:30 | |
CVE-2011-0041 | 9.3 |
Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF i
|
26-02-2019 - 14:04 | 13-04-2011 - 18:55 | |
CVE-2009-1123 | 7.2 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted appli
|
26-02-2019 - 14:04 | 10-06-2009 - 18:30 | |
CVE-2009-0234 | 6.4 |
The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transacti
|
26-02-2019 - 14:04 | 11-03-2009 - 14:19 | |
CVE-2011-0033 | 9.3 |
The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts,
|
26-02-2019 - 14:04 | 10-02-2011 - 16:00 | |
CVE-2009-1126 | 7.2 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted ap
|
26-02-2019 - 14:04 | 10-06-2009 - 18:30 | |
CVE-2010-0476 | 10.0 |
The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption an
|
26-02-2019 - 14:04 | 14-04-2010 - 16:00 | |
CVE-2009-0084 | 9.3 |
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is
|
26-02-2019 - 14:04 | 15-04-2009 - 08:00 | |
CVE-2011-0043 | 7.2 |
Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Ker
|
26-02-2019 - 14:04 | 10-02-2011 - 16:00 | |
CVE-2012-0009 | 9.3 |
Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as dem
|
26-02-2019 - 14:04 | 10-01-2012 - 21:55 | |
CVE-2008-2249 | 9.3 |
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffe
|
26-02-2019 - 14:02 | 10-12-2008 - 14:00 | |
CVE-2008-3465 | 9.3 |
Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WM
|
26-02-2019 - 14:02 | 10-12-2008 - 14:00 | |
CVE-2012-0635 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:09 | 08-03-2012 - 22:55 | |
CVE-2012-0591 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:09 | 08-03-2012 - 22:55 | |
CVE-2012-0633 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:09 | 08-03-2012 - 22:55 | |
CVE-2012-0629 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:08 | 08-03-2012 - 22:55 | |
CVE-2012-0632 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:08 | 08-03-2012 - 22:55 | |
CVE-2012-0631 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:08 | 08-03-2012 - 22:55 | |
CVE-2012-0630 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:08 | 08-03-2012 - 22:55 | |
CVE-2012-0627 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:07 | 08-03-2012 - 22:55 | |
CVE-2012-0628 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:07 | 08-03-2012 - 22:55 | |
CVE-2012-0626 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:06 | 08-03-2012 - 22:55 | |
CVE-2012-0625 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:05 | 08-03-2012 - 22:55 | |
CVE-2012-0607 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:05 | 08-03-2012 - 22:55 | |
CVE-2012-0609 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:04 | 08-03-2012 - 22:55 | |
CVE-2012-0606 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:04 | 08-03-2012 - 22:55 | |
CVE-2012-0608 | 6.8 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:04 | 08-03-2012 - 22:55 | |
CVE-2012-0613 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:03 | 08-03-2012 - 22:55 | |
CVE-2012-0612 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:03 | 08-03-2012 - 22:55 | |
CVE-2012-0611 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:03 | 08-03-2012 - 22:55 | |
CVE-2012-0610 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:03 | 08-03-2012 - 22:55 | |
CVE-2012-0616 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:02 | 08-03-2012 - 22:55 | |
CVE-2012-0617 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:02 | 08-03-2012 - 22:55 | |
CVE-2012-0615 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:02 | 08-03-2012 - 22:55 | |
CVE-2012-0614 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:02 | 08-03-2012 - 22:55 | |
CVE-2012-0618 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:01 | 08-03-2012 - 22:55 | |
CVE-2012-0619 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 19:00 | 08-03-2012 - 22:55 | |
CVE-2012-0622 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:59 | 08-03-2012 - 22:55 | |
CVE-2012-0623 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:59 | 08-03-2012 - 22:55 | |
CVE-2012-0621 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:59 | 08-03-2012 - 22:55 | |
CVE-2012-0620 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:59 | 08-03-2012 - 22:55 | |
CVE-2012-0594 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:58 | 08-03-2012 - 22:55 | |
CVE-2012-0593 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:58 | 08-03-2012 - 22:55 | |
CVE-2012-0592 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:58 | 08-03-2012 - 22:55 | |
CVE-2012-0624 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:58 | 08-03-2012 - 22:55 | |
CVE-2012-0596 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:57 | 08-03-2012 - 22:55 | |
CVE-2012-0598 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:57 | 08-03-2012 - 22:55 | |
CVE-2012-0597 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:57 | 08-03-2012 - 22:55 | |
CVE-2012-0595 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:57 | 08-03-2012 - 22:55 | |
CVE-2012-0601 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:56 | 08-03-2012 - 22:55 | |
CVE-2012-0599 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:56 | 08-03-2012 - 22:55 | |
CVE-2012-0600 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:56 | 08-03-2012 - 22:55 | |
CVE-2012-0604 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:55 | 08-03-2012 - 22:55 | |
CVE-2012-0603 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:55 | 08-03-2012 - 22:55 | |
CVE-2012-0602 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:55 | 08-03-2012 - 22:55 | |
CVE-2012-0605 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 18:54 | 08-03-2012 - 22:55 | |
CVE-2011-2455 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:41 | 11-11-2011 - 16:55 | |
CVE-2011-2453 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:40 | 11-11-2011 - 16:55 | |
CVE-2011-2454 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:40 | 11-11-2011 - 16:55 | |
CVE-2011-2452 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:39 | 11-11-2011 - 16:55 | |
CVE-2011-2459 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:38 | 11-11-2011 - 16:55 | |
CVE-2011-2451 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:38 | 11-11-2011 - 16:55 | |
CVE-2011-2460 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:38 | 11-11-2011 - 16:55 | |
CVE-2011-2445 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:36 | 11-11-2011 - 16:55 | |
CVE-2011-2873 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 14:43 | 08-03-2012 - 22:55 | |
CVE-2011-2872 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 14:42 | 08-03-2012 - 22:55 | |
CVE-2011-2871 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 14:42 | 08-03-2012 - 22:55 | |
CVE-2011-2870 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 14:41 | 08-03-2012 - 22:55 | |
CVE-2011-2869 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 14:40 | 08-03-2012 - 22:55 | |
CVE-2011-2868 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 14:39 | 08-03-2012 - 22:55 | |
CVE-2011-2867 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 14:39 | 08-03-2012 - 22:55 | |
CVE-2011-2833 | 9.3 |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
|
29-11-2018 - 14:38 | 08-03-2012 - 22:55 | |
CVE-2010-3187 | 10.0 |
Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.
|
28-11-2018 - 17:12 | 30-08-2010 - 20:00 | |
CVE-2010-0159 | 10.0 |
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute
|
16-11-2018 - 15:56 | 22-02-2010 - 13:00 | |
CVE-2009-4538 | 10.0 |
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a r
|
16-11-2018 - 15:53 | 12-01-2010 - 17:30 | |
CVE-2009-4537 | 7.8 |
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via
|
16-11-2018 - 15:52 | 12-01-2010 - 17:30 | |
CVE-2009-4536 | 7.8 |
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypas
|
16-11-2018 - 15:51 | 12-01-2010 - 17:30 | |
CVE-2009-1633 | 7.1 |
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to U
|
08-11-2018 - 20:29 | 28-05-2009 - 20:30 | |
CVE-2009-0143 | 4.3 |
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
|
08-11-2018 - 20:21 | 14-03-2009 - 18:30 | |
CVE-2009-0322 | 4.9 |
drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size
|
08-11-2018 - 20:20 | 28-01-2009 - 18:30 | |
CVE-2012-1856 | 9.3 |
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1
|
07-11-2018 - 11:29 | 15-08-2012 - 01:55 | |
CVE-2009-0689 | 6.8 |
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD
|
02-11-2018 - 10:29 | 01-07-2009 - 13:00 | |
CVE-2008-4067 | 4.3 |
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash)
|
01-11-2018 - 16:22 | 24-09-2008 - 20:37 | |
CVE-2008-4068 | 7.8 |
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive inf
|
01-11-2018 - 15:15 | 24-09-2008 - 20:37 | |
CVE-2009-3676 | 7.1 |
The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that co
|
30-10-2018 - 16:28 | 13-11-2009 - 15:30 | |
CVE-2010-0017 | 9.3 |
Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, an
|
30-10-2018 - 16:28 | 10-02-2010 - 18:30 | |
CVE-2013-6621 | 7.5 |
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.
|
30-10-2018 - 16:27 | 13-11-2013 - 15:55 | |
CVE-2013-2927 | 6.8 |
Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspeci
|
30-10-2018 - 16:27 | 16-10-2013 - 20:55 | |
CVE-2012-5139 | 10.0 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to visibility events.
|
30-10-2018 - 16:27 | 12-12-2012 - 11:38 | |
CVE-2012-5150 | 7.5 |
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2013-2487 | 7.8 |
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted in
|
30-10-2018 - 16:27 | 07-03-2013 - 15:55 | |
CVE-2012-5147 | 7.5 |
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-5135 | 7.5 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.
|
30-10-2018 - 16:27 | 28-11-2012 - 01:55 | |
CVE-2013-3154 | 6.9 |
The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level direct
|
30-10-2018 - 16:27 | 10-07-2013 - 03:46 | |
CVE-2012-5140 | 10.0 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader.
|
30-10-2018 - 16:27 | 12-12-2012 - 11:38 | |
CVE-2011-3401 | 9.3 |
ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memo
|
30-10-2018 - 16:27 | 14-12-2011 - 00:55 | |
CVE-2012-5137 | 10.0 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API.
|
30-10-2018 - 16:27 | 04-12-2012 - 06:05 | |
CVE-2010-3944 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
|
30-10-2018 - 16:27 | 16-12-2010 - 19:33 | |
CVE-2012-5133 | 7.5 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
|
30-10-2018 - 16:27 | 28-11-2012 - 01:55 | |
CVE-2012-4049 | 2.9 |
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.
|
30-10-2018 - 16:27 | 24-07-2012 - 19:55 | |
CVE-2010-3961 | 7.2 |
The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to ga
|
30-10-2018 - 16:27 | 16-12-2010 - 19:33 | |
CVE-2012-5145 | 7.5 |
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2010-3966 | 9.3 |
Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that c
|
30-10-2018 - 16:27 | 16-12-2010 - 19:33 | |
CVE-2012-2885 | 7.5 |
Double free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to application exit.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2012-2878 | 7.5 |
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2010-3338 | 7.2 |
The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted app
|
30-10-2018 - 16:27 | 16-12-2010 - 19:33 | |
CVE-2012-2886 | 4.3 |
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Universal XSS (UXSS)."
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2012-2553 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted app
|
30-10-2018 - 16:27 | 14-11-2012 - 00:55 | |
CVE-2010-2554 | 6.8 |
The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and
|
30-10-2018 - 16:27 | 11-08-2010 - 18:47 | |
CVE-2009-3678 | 9.3 |
Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot
|
30-10-2018 - 16:27 | 14-05-2010 - 19:30 | |
CVE-2010-2551 | 7.8 |
The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via
|
30-10-2018 - 16:27 | 11-08-2010 - 18:47 | |
CVE-2010-2552 | 7.8 |
Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request
|
30-10-2018 - 16:27 | 11-08-2010 - 18:47 | |
CVE-2007-2926 | 4.3 |
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query i
|
30-10-2018 - 16:27 | 24-07-2007 - 17:30 | |
CVE-2011-2009 | 9.3 |
Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current wor
|
30-10-2018 - 16:27 | 12-10-2011 - 02:52 | |
CVE-2013-1846 | 4.0 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. Per http://lists.o
|
30-10-2018 - 16:27 | 02-05-2013 - 14:55 | |
CVE-2013-2088 | 7.1 |
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
|
30-10-2018 - 16:27 | 31-07-2013 - 13:20 | |
CVE-2010-2553 | 9.3 |
The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vul
|
30-10-2018 - 16:27 | 11-08-2010 - 18:47 | |
CVE-2013-0835 | 5.0 |
Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-2883 | 7.5 |
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2874
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2011-2018 | 7.2 |
The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted applicatio
|
30-10-2018 - 16:27 | 14-12-2011 - 00:55 | |
CVE-2010-1890 | 4.6 |
The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "
|
30-10-2018 - 16:27 | 11-08-2010 - 18:47 | |
CVE-2012-2888 | 7.5 |
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text references.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2010-3225 | 7.6 |
Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use Af
|
30-10-2018 - 16:27 | 13-10-2010 - 19:00 | |
CVE-2013-0831 | 7.5 |
Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-2887 | 7.5 |
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2010-3229 | 7.1 |
The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which
|
30-10-2018 - 16:27 | 13-10-2010 - 19:00 | |
CVE-2012-2874 | 7.5 |
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2012-2872 | 4.3 |
Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
30-10-2018 - 16:27 | 31-08-2012 - 19:55 | |
CVE-2013-1845 | 2.1 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a
|
30-10-2018 - 16:27 | 02-05-2013 - 14:55 | |
CVE-2009-2510 | 6.8 |
The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does
|
30-10-2018 - 16:27 | 14-10-2009 - 10:30 | |
CVE-2013-2112 | 7.8 |
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
|
30-10-2018 - 16:27 | 31-07-2013 - 13:20 | |
CVE-2009-2524 | 7.8 |
Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and
|
30-10-2018 - 16:27 | 14-10-2009 - 10:30 | |
CVE-2010-1255 | 6.8 |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related
|
30-10-2018 - 16:27 | 08-06-2010 - 22:30 | |
CVE-2013-0832 | 7.5 |
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2010-1892 | 7.8 |
The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple craft
|
30-10-2018 - 16:27 | 11-08-2010 - 18:47 | |
CVE-2010-1893 | 6.8 |
Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows N
|
30-10-2018 - 16:27 | 11-08-2010 - 18:47 | |
CVE-2010-2555 | 6.8 |
The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a de
|
30-10-2018 - 16:27 | 11-08-2010 - 18:47 | |
CVE-2013-1968 | 5.5 |
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
|
30-10-2018 - 16:27 | 31-07-2013 - 13:20 | |
CVE-2011-0091 | 6.4 |
Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES
|
30-10-2018 - 16:27 | 10-02-2011 - 16:00 | |
CVE-2010-0477 | 10.0 |
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that ca
|
30-10-2018 - 16:27 | 14-04-2010 - 16:00 | |
CVE-2010-0020 | 9.0 |
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fie
|
30-10-2018 - 16:27 | 10-02-2010 - 18:30 | |
CVE-2010-0265 | 9.3 |
Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." Per:
|
30-10-2018 - 16:27 | 10-03-2010 - 22:30 | |
CVE-2010-0481 | 4.7 |
The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot)
|
30-10-2018 - 16:27 | 14-04-2010 - 16:00 | |
CVE-2010-0811 | 9.3 |
Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, an
|
30-10-2018 - 16:27 | 08-06-2010 - 22:30 | |
CVE-2010-0250 | 9.3 |
Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Win
|
30-10-2018 - 16:27 | 10-02-2010 - 18:30 | |
CVE-2010-0018 | 9.3 |
Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows re
|
30-10-2018 - 16:27 | 13-01-2010 - 19:30 | |
CVE-2010-0021 | 7.1 |
Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a craft
|
30-10-2018 - 16:27 | 10-02-2010 - 18:30 | |
CVE-2010-0270 | 10.0 |
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (m
|
30-10-2018 - 16:27 | 14-04-2010 - 16:00 | |
CVE-2013-0420 | 2.4 |
Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the Januar
|
30-10-2018 - 16:27 | 17-01-2013 - 01:55 | |
CVE-2010-0252 | 9.3 |
The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2
|
30-10-2018 - 16:27 | 10-02-2010 - 18:30 | |
CVE-2010-0482 | 4.7 |
The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnera
|
30-10-2018 - 16:27 | 14-04-2010 - 16:00 | |
CVE-2010-0231 | 10.0 |
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of en
|
30-10-2018 - 16:27 | 10-02-2010 - 18:30 | |
CVE-2011-0042 | 9.3 |
SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack fo
|
30-10-2018 - 16:27 | 09-03-2011 - 23:00 | |
CVE-2010-0022 | 7.8 |
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share a
|
30-10-2018 - 16:27 | 10-02-2010 - 18:30 | |
CVE-2010-0819 | 7.2 |
Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code v
|
30-10-2018 - 16:27 | 08-06-2010 - 20:30 | |
CVE-2009-1364 | 7.5 |
Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. <a href="http://cwe.mitre.org/dat
|
30-10-2018 - 16:27 | 01-05-2009 - 17:30 | |
CVE-2012-0454 | 7.5 |
Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to caus
|
30-10-2018 - 16:27 | 14-03-2012 - 19:55 | |
CVE-2011-0031 | 4.3 |
The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obt
|
30-10-2018 - 16:27 | 09-02-2011 - 01:00 | |
CVE-2010-0485 | 6.8 |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a
|
30-10-2018 - 16:27 | 08-06-2010 - 22:30 | |
CVE-2013-5599 | 10.0 |
Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderb
|
30-10-2018 - 16:26 | 30-10-2013 - 10:55 | |
CVE-2013-5722 | 4.3 |
Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
|
30-10-2018 - 16:26 | 16-09-2013 - 13:01 | |
CVE-2013-5601 | 10.0 |
Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey bef
|
30-10-2018 - 16:26 | 30-10-2013 - 10:55 | |
CVE-2013-5597 | 10.0 |
Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22
|
30-10-2018 - 16:26 | 30-10-2013 - 10:55 | |
CVE-2013-5603 | 10.0 |
Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitr
|
30-10-2018 - 16:26 | 30-10-2013 - 10:55 | |
CVE-2013-5591 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application c
|
30-10-2018 - 16:26 | 30-10-2013 - 10:55 | |
CVE-2013-5600 | 10.0 |
Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonke
|
30-10-2018 - 16:26 | 30-10-2013 - 10:55 | |
CVE-2010-4699 | 5.0 |
The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an i
|
30-10-2018 - 16:26 | 18-01-2011 - 20:00 | |
CVE-2010-3975 | 9.3 |
Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file th
|
30-10-2018 - 16:26 | 19-10-2010 - 21:00 | |
CVE-2007-5240 | 5.0 |
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circum
|
30-10-2018 - 16:26 | 06-10-2007 - 00:17 | |
CVE-2010-4454 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and ava
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-4450 | 3.7 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux all
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-3569 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-4466 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remot
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-3572 | 10.0 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-4448 | 2.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java ap
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-3562 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the pr
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3571 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the pr
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2008-4037 | 9.3 |
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as
|
30-10-2018 - 16:26 | 12-11-2008 - 23:30 | |
CVE-2010-4469 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2008-5814 | 2.6 |
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear
|
30-10-2018 - 16:26 | 02-01-2009 - 18:11 | |
CVE-2010-4473 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and ava
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-4462 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and ava
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-4447 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-4475 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-3565 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inf
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3556 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://w
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-4697 | 6.8 |
Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of _
|
30-10-2018 - 16:26 | 18-01-2011 - 20:00 | |
CVE-2010-3559 | 10.0 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3557 | 6.8 |
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3554 | 10.0 |
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2006-7243 | 5.0 |
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argum
|
30-10-2018 - 16:26 | 18-01-2011 - 20:00 | |
CVE-2010-4465 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-3568 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3541 | 5.1 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3396 | 7.2 |
Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.
|
30-10-2018 - 16:26 | 15-09-2010 - 18:00 | |
CVE-2010-3553 | 10.0 |
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2009-3876 | 5.0 |
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consum
|
30-10-2018 - 16:26 | 05-11-2009 - 16:30 | |
CVE-2010-3551 | 5.0 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2008-3004 | 9.3 |
Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute a
|
30-10-2018 - 16:26 | 12-08-2008 - 23:41 | |
CVE-2011-2425 | 10.0 |
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2009-3877 | 5.0 |
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consum
|
30-10-2018 - 16:26 | 05-11-2009 - 16:30 | |
CVE-2006-5215 | 2.6 |
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a sy
|
30-10-2018 - 16:26 | 10-10-2006 - 04:06 | |
CVE-2008-3006 | 9.3 |
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 a
|
30-10-2018 - 16:26 | 12-08-2008 - 23:41 | |
CVE-2011-2416 | 10.0 |
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2008-3112 | 10.0 |
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the Ca
|
30-10-2018 - 16:26 | 09-07-2008 - 23:41 | |
CVE-2002-0678 | 7.2 |
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
|
30-10-2018 - 16:26 | 23-07-2002 - 04:00 | |
CVE-2010-2215 | 4.3 |
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.
|
30-10-2018 - 16:26 | 11-08-2010 - 18:47 | |
CVE-2008-3005 | 9.3 |
Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array
|
30-10-2018 - 16:26 | 12-08-2008 - 23:41 | |
CVE-2011-2107 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors
|
30-10-2018 - 16:26 | 09-06-2011 - 02:38 | |
CVE-2007-3029 | 9.3 |
Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
|
30-10-2018 - 16:26 | 10-07-2007 - 22:30 | |
CVE-2011-2140 | 10.0 |
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2010-2884 | 9.3 |
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS
|
30-10-2018 - 16:26 | 15-09-2010 - 18:00 | |
CVE-2009-3799 | 9.3 |
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers me
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2008-3114 | 5.0 |
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an u
|
30-10-2018 - 16:26 | 09-07-2008 - 23:41 | |
CVE-2011-2136 | 10.0 |
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2011-2414 | 10.0 |
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2011-2138 | 10.0 |
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2002-0573 | 7.5 |
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command canno
|
30-10-2018 - 16:26 | 03-07-2002 - 04:00 | |
CVE-2010-3548 | 5.0 |
Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the p
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2009-3266 | 4.3 |
Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds
|
30-10-2018 - 16:26 | 18-09-2009 - 22:30 | |
CVE-2009-3796 | 9.3 |
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2011-2137 | 10.0 |
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
|
30-10-2018 - 16:26 | 10-08-2011 - 21:55 | |
CVE-2011-2417 | 10.0 |
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2009-3951 | 7.1 |
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exis
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2011-2135 | 10.0 |
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2009-3794 | 9.3 |
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2010-3549 | 6.8 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2006-3664 | 5.0 |
Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.
|
30-10-2018 - 16:26 | 18-07-2006 - 15:47 | |
CVE-2002-0796 | 10.0 |
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
|
30-10-2018 - 16:26 | 12-08-2002 - 04:00 | |
CVE-2008-1455 | 6.8 |
A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arb
|
30-10-2018 - 16:26 | 13-08-2008 - 00:41 | |
CVE-2009-4072 | 10.0 |
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
|
30-10-2018 - 16:26 | 24-11-2009 - 17:30 | |
CVE-2007-2688 | 7.8 |
The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
|
30-10-2018 - 16:26 | 16-05-2007 - 01:19 | |
CVE-2007-3899 | 9.3 |
Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
|
30-10-2018 - 16:26 | 09-10-2007 - 22:17 | |
CVE-2011-2130 | 10.0 |
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
|
30-10-2018 - 16:26 | 10-08-2011 - 21:55 | |
CVE-2009-3728 | 5.0 |
Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local Internation
|
30-10-2018 - 16:26 | 09-11-2009 - 19:30 | |
CVE-2002-0797 | 10.0 |
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
|
30-10-2018 - 16:26 | 12-08-2002 - 04:00 | |
CVE-2009-3798 | 9.3 |
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2010-2216 | 9.3 |
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-020
|
30-10-2018 - 16:26 | 11-08-2010 - 18:47 | |
CVE-2002-1199 | 5.0 |
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
|
30-10-2018 - 16:26 | 28-10-2002 - 05:00 | |
CVE-2002-0677 | 7.5 |
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the
|
30-10-2018 - 16:26 | 23-07-2002 - 04:00 | |
CVE-2011-2415 | 10.0 |
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2002-0084 | 7.2 |
Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.
|
30-10-2018 - 16:26 | 15-03-2002 - 05:00 | |
CVE-2008-3113 | 10.0 |
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.
|
30-10-2018 - 16:26 | 09-07-2008 - 23:41 | |
CVE-2009-3292 | 7.5 |
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
|
30-10-2018 - 16:26 | 22-09-2009 - 10:30 | |
CVE-2008-3008 | 9.3 |
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Me
|
30-10-2018 - 16:26 | 11-09-2008 - 01:11 | |
CVE-2011-2134 | 10.0 |
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
|
30-10-2018 - 16:26 | 10-08-2011 - 21:55 | |
CVE-2010-2214 | 9.3 |
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-020
|
30-10-2018 - 16:26 | 11-08-2010 - 18:47 | |
CVE-2002-1296 | 7.2 |
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.
|
30-10-2018 - 16:26 | 23-12-2002 - 05:00 | |
CVE-2002-0679 | 10.0 |
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
|
30-10-2018 - 16:26 | 05-09-2002 - 04:00 | |
CVE-2006-4319 | 7.2 |
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.
|
30-10-2018 - 16:26 | 24-08-2006 - 01:04 | |
CVE-2008-3107 | 10.0 |
Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via
|
30-10-2018 - 16:26 | 09-07-2008 - 23:41 | |
CVE-2011-2444 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to
|
30-10-2018 - 16:26 | 22-09-2011 - 03:38 | |
CVE-2011-2430 | 9.3 |
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."
|
30-10-2018 - 16:26 | 22-09-2011 - 03:38 | |
CVE-2001-1076 | 7.2 |
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.
|
30-10-2018 - 16:26 | 05-07-2001 - 04:00 | |
CVE-2010-0842 | 7.5 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2011-0755 | 5.0 |
Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandma
|
30-10-2018 - 16:26 | 02-02-2011 - 22:00 | |
CVE-2011-0560 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2011-0608 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2011-0578 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a constructor for an unspecified ActionScript3 object and improper type checking, a d
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2006-0227 | 2.6 |
Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.
|
30-10-2018 - 16:26 | 17-01-2006 - 20:07 | |
CVE-2008-0080 | 10.0 |
Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
|
30-10-2018 - 16:26 | 12-02-2008 - 23:00 | |
CVE-2011-0752 | 5.0 |
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions b
|
30-10-2018 - 16:26 | 02-02-2011 - 22:00 | |
CVE-2010-0186 | 6.8 |
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain r
|
30-10-2018 - 16:26 | 15-02-2010 - 18:30 | |
CVE-2003-0851 | 5.0 |
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
|
30-10-2018 - 16:26 | 01-12-2003 - 05:00 | |
CVE-2007-0035 | 9.3 |
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the
|
30-10-2018 - 16:26 | 08-05-2007 - 22:19 | |
CVE-2001-0779 | 10.0 |
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
|
30-10-2018 - 16:26 | 18-10-2001 - 04:00 | |
CVE-2011-0866 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2011-0864 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2011-0626 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0577 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2010-0849 | 7.5 |
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: t
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2011-0559 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a d
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2004-1360 | 2.1 |
Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.
|
30-10-2018 - 16:26 | 27-02-2004 - 05:00 | |
CVE-2011-0607 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2010-0087 | 7.5 |
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unkn
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2011-0619 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2004-0790 | 5.0 |
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have
|
30-10-2018 - 16:26 | 12-04-2005 - 04:00 | |
CVE-2008-0104 | 9.3 |
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
|
30-10-2018 - 16:26 | 12-02-2008 - 23:00 | |
CVE-2010-0084 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-1999-0689 | 7.2 |
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
|
30-10-2018 - 16:26 | 13-09-1999 - 04:00 | |
CVE-2010-0847 | 7.5 |
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: t
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2011-0571 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0572, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2010-0846 | 7.5 |
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: t
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2010-0839 | 7.5 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http:
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2011-0865 | 2.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2004-2686 | 7.2 |
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but
|
30-10-2018 - 16:26 | 31-12-2004 - 05:00 | |
CVE-2011-0624 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0575 | 6.9 |
Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Sea
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2004-1767 | 7.2 |
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
|
30-10-2018 - 16:26 | 31-12-2004 - 05:00 | |
CVE-2010-0848 | 7.5 |
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: htt
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2010-0844 | 7.5 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2003-0027 | 5.0 |
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
|
30-10-2018 - 16:26 | 07-02-2003 - 05:00 | |
CVE-2003-0669 | 1.2 |
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
|
30-10-2018 - 16:26 | 27-08-2003 - 04:00 | |
CVE-2007-1270 | 5.0 |
Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.
|
30-10-2018 - 16:26 | 06-04-2007 - 00:19 | |
CVE-2011-0753 | 4.3 |
Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.
|
30-10-2018 - 16:26 | 02-02-2011 - 22:00 | |
CVE-2010-0088 | 6.8 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2010-0841 | 7.5 |
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previou
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2011-0871 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2010-0840 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2007-1756 | 9.3 |
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vu
|
30-10-2018 - 16:26 | 10-07-2007 - 22:30 | |
CVE-2010-0209 | 9.3 |
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-221
|
30-10-2018 - 16:26 | 11-08-2010 - 18:47 | |
CVE-2004-1351 | 10.0 |
Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.
|
30-10-2018 - 16:26 | 07-12-2004 - 05:00 | |
CVE-2011-0625 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0815 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2011-0802 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2010-0089 | 5.0 |
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. Per: http://www.oracle.com/te
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2010-0091 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2003-0567 | 7.8 |
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
|
30-10-2018 - 16:26 | 18-08-2003 - 04:00 | |
CVE-2010-0082 | 5.1 |
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. P
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2004-0714 | 5.0 |
Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memo
|
30-10-2018 - 16:26 | 27-07-2004 - 04:00 | |
CVE-2005-0136 | 2.1 |
The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761
|
30-10-2018 - 16:26 | 31-12-2005 - 05:00 | |
CVE-2011-0561 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2004-0791 | 5.0 |
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench a
|
30-10-2018 - 16:26 | 12-04-2005 - 04:00 | |
CVE-2011-0814 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2011-0754 | 4.4 |
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform d
|
30-10-2018 - 16:26 | 02-02-2011 - 22:00 | |
CVE-2010-0095 | 6.8 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2011-0867 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2011-0622 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0609 | 9.3 |
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9
|
30-10-2018 - 16:26 | 15-03-2011 - 17:55 | |
CVE-2011-0574 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2011-0621 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0573 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2010-0085 | 5.1 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2011-0623 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0572 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2010-0093 | 5.1 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a
|
30-10-2018 - 16:26 | 01-04-2010 - 16:30 | |
CVE-2011-0620 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2010-0187 | 4.3 |
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
|
30-10-2018 - 16:26 | 15-02-2010 - 18:30 | |
CVE-2010-3630 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Per: http://www.adobe.com/suppor
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-4031 | 9.3 |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Ma
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2007-5422 | 4.9 |
Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors.
|
30-10-2018 - 16:25 | 12-10-2007 - 21:17 | |
CVE-2010-3621 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-4030 | 9.3 |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers t
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2010-3656 | 4.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657. Per: http://www.adobe
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-4837 | 9.3 |
Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 a
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2008-4025 | 9.3 |
Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2010-3658 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3622 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-4026 | 9.3 |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2010-4091 | 9.3 |
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF
|
30-10-2018 - 16:25 | 07-11-2010 - 22:00 | |
CVE-2006-6275 | 4.7 |
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.
|
30-10-2018 - 16:25 | 04-12-2006 - 11:28 | |
CVE-2010-3629 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620. Per: http://www.adobe.co
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2007-5225 | 4.9 |
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
|
30-10-2018 - 16:25 | 05-10-2007 - 00:17 | |
CVE-2010-3628 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3625 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." Per: http://www.adobe.com/support/security
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3626 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889. Per: http://www.adobe.com
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3627 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-21.html
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3657 | 4.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656. Per: http://www.adobe
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3619 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-4027 | 9.3 |
Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2007-5348 | 9.3 |
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerP
|
30-10-2018 - 16:25 | 11-09-2008 - 01:01 | |
CVE-2010-3632 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-4024 | 9.3 |
Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2006-7140 | 5.8 |
The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed
|
30-10-2018 - 16:25 | 07-03-2007 - 20:19 | |
CVE-2007-5921 | 4.7 |
Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346.
|
30-10-2018 - 16:25 | 10-11-2007 - 02:46 | |
CVE-2010-3620 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629.
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-4028 | 9.3 |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Ma
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2010-3624 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image. Per: http://www.adobe.com/support/security/bulletins/apsb10-21.html
'This update
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3227 | 9.3 |
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows
|
30-10-2018 - 16:25 | 26-10-2010 - 22:00 | |
CVE-2009-3954 | 10.0 |
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." Per: http://www.adobe.com
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
CVE-2006-4694 | 9.3 |
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Explo
|
30-10-2018 - 16:25 | 27-09-2006 - 19:07 | |
CVE-2010-2889 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626. Per: http://www.adobe.com
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-3012 | 9.3 |
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint
|
30-10-2018 - 16:25 | 11-09-2008 - 01:11 | |
CVE-2007-3223 | 7.8 |
Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk
|
30-10-2018 - 16:25 | 14-06-2007 - 23:30 | |
CVE-2008-3666 | 7.1 |
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrat
|
30-10-2018 - 16:25 | 13-08-2008 - 17:41 | |
CVE-2010-2176 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2006-4306 | 7.2 |
Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile.
|
30-10-2018 - 16:25 | 23-08-2006 - 19:04 | |
CVE-2002-1180 | 7.5 |
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access
|
30-10-2018 - 16:25 | 12-11-2002 - 05:00 | |
CVE-2009-1929 | 9.3 |
Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code v
|
30-10-2018 - 16:25 | 12-08-2009 - 17:30 | |
CVE-2009-2532 | 10.0 |
Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a
|
30-10-2018 - 16:25 | 14-10-2009 - 10:30 | |
CVE-2010-2201 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2187 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2175 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2164 | 9.3 |
Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a c
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2013-1000 | 9.3 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2013-0994 | 6.8 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2007-3717 | 6.9 |
rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue
|
30-10-2018 - 16:25 | 12-07-2007 - 16:30 | |
CVE-2013-1007 | 9.3 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2013-0992 | 6.8 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2010-2883 | 9.3 |
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF documen
|
30-10-2018 - 16:25 | 09-09-2010 - 22:00 | |
CVE-2010-2206 | 9.3 |
Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and tri
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2177 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2006-5073 | 7.8 |
Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.
|
30-10-2018 - 16:25 | 29-09-2006 - 00:07 | |
CVE-2013-0996 | 6.8 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2002-0033 | 10.0 |
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
|
30-10-2018 - 16:25 | 29-05-2002 - 04:00 | |
CVE-2009-1544 | 9.0 |
Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted
|
30-10-2018 - 16:25 | 12-08-2009 - 17:30 | |
CVE-2013-1005 | 9.3 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2013-0998 | 6.8 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2008-2384 | 7.5 |
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encodin
|
30-10-2018 - 16:25 | 22-01-2009 - 18:30 | |
CVE-2010-2184 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2171 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2168 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerabil
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2013-0995 | 6.8 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2013-1008 | 9.3 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2013-1002 | 9.3 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2010-1295 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2009-3956 | 10.0 |
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerabi
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
CVE-2009-3872 | 9.3 |
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges
|
30-10-2018 - 16:25 | 05-11-2009 - 16:30 | |
CVE-2009-3675 | 6.8 |
LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request ove
|
30-10-2018 - 16:25 | 09-12-2009 - 18:30 | |
CVE-2009-2989 | 9.3 |
Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html
This up
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2006-3606 | 5.0 |
Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library.
|
30-10-2018 - 16:25 | 18-07-2006 - 15:46 | |
CVE-2010-2210 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2181 | 9.3 |
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2013-1010 | 9.3 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2008-1778 | 6.6 |
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknow
|
30-10-2018 - 16:25 | 14-04-2008 - 16:05 | |
CVE-2006-2387 | 5.1 |
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS
|
30-10-2018 - 16:25 | 10-10-2006 - 22:07 | |
CVE-2006-3435 | 9.3 |
PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which trig
|
30-10-2018 - 16:25 | 10-10-2006 - 21:07 | |
CVE-2010-2185 | 9.3 |
Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2002-1323 | 4.6 |
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
|
30-10-2018 - 16:25 | 11-12-2002 - 05:00 | |
CVE-2006-4307 | 7.2 |
Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than
|
30-10-2018 - 16:25 | 23-08-2006 - 19:04 | |
CVE-2007-3094 | 9.0 |
Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.
|
30-10-2018 - 16:25 | 06-06-2007 - 21:30 | |
CVE-2009-2526 | 7.8 |
Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server se
|
30-10-2018 - 16:25 | 14-10-2009 - 10:30 | |
CVE-2010-2161 | 9.3 |
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code." Per: http://www.adobe.com/support/secu
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2013-1004 | 9.3 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2013-1001 | 9.3 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2009-3958 | 10.0 |
Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
CVE-2007-2882 | 5.0 |
Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.
|
30-10-2018 - 16:25 | 30-05-2007 - 01:30 | |
CVE-2010-2207 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2173 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator,
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2013-0997 | 6.8 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2009-1546 | 8.5 |
Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP
|
30-10-2018 - 16:25 | 12-08-2009 - 17:30 | |
CVE-2006-5214 | 1.2 |
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is perf
|
30-10-2018 - 16:25 | 10-10-2006 - 04:06 | |
CVE-2009-3869 | 9.3 |
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and S
|
30-10-2018 - 16:25 | 05-11-2009 - 16:30 | |
CVE-2009-3793 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2205 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb1
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2183 | 9.3 |
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2202 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2189 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute a
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-3957 | 5.0 |
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-02
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
CVE-2009-3871 | 9.3 |
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and
|
30-10-2018 - 16:25 | 05-11-2009 - 16:30 | |
CVE-2010-2188 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 conn
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2013-1003 | 9.3 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2009-4324 | 9.3 |
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZL
|
30-10-2018 - 16:25 | 15-12-2009 - 02:30 | |
CVE-2007-2509 | 2.6 |
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
|
30-10-2018 - 16:25 | 09-05-2007 - 00:19 | |
CVE-2010-1285 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that trigge
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2009-3953 | 10.0 |
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMe
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
CVE-2009-3874 | 9.3 |
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary co
|
30-10-2018 - 16:25 | 05-11-2009 - 16:30 | |
CVE-2009-3959 | 10.0 |
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. Per: http://www.adobe.com/support/secur
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
CVE-2006-3650 | 9.3 |
Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that
|
30-10-2018 - 16:25 | 10-10-2006 - 22:07 | |
CVE-2010-2174 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operat
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2166 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-2203 | 9.3 |
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.
|
30-10-2018 - 16:25 | 10-09-2009 - 21:30 | |
CVE-2013-0993 | 6.8 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2006-4534 | 9.3 |
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with name
|
30-10-2018 - 16:25 | 05-09-2006 - 17:04 | |
CVE-2010-2178 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2008-2246 | 7.8 |
Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypas
|
30-10-2018 - 16:25 | 13-08-2008 - 00:41 | |
CVE-2013-0991 | 6.8 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2009-3955 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer si
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
CVE-2010-2180 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2204 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Per: http://www.adobe.com/supp
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2170 | 9.3 |
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2162 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calcula
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2013-1006 | 9.3 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2009-1834 | 4.3 |
Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whites
|
30-10-2018 - 16:25 | 12-06-2009 - 21:30 | |
CVE-2007-2045 | 5.0 |
Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments.
|
30-10-2018 - 16:25 | 16-04-2007 - 22:19 | |
CVE-2010-2890 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2006-3876 | 9.3 |
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vuln
|
30-10-2018 - 16:25 | 10-10-2006 - 21:07 | |
CVE-2010-2208 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/suppo
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2160 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumente
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-1930 | 10.0 |
The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of
|
30-10-2018 - 16:25 | 12-08-2009 - 17:30 | |
CVE-2007-3093 | 10.0 |
Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.
|
30-10-2018 - 16:25 | 06-06-2007 - 21:30 | |
CVE-2006-3651 | 9.3 |
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
|
30-10-2018 - 16:25 | 10-10-2006 - 22:07 | |
CVE-2010-2211 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-1799 | 9.3 |
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
|
30-10-2018 - 16:25 | 16-08-2010 - 18:39 | |
CVE-2009-2798 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
|
30-10-2018 - 16:25 | 10-09-2009 - 21:30 | |
CVE-2008-2710 | 7.2 |
Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones vi
|
30-10-2018 - 16:25 | 16-06-2008 - 20:41 | |
CVE-2010-2165 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2007-2529 | 7.2 |
Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.
|
30-10-2018 - 16:25 | 09-05-2007 - 00:19 | |
CVE-2013-1011 | 6.8 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2013-0999 | 9.3 |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
|
30-10-2018 - 16:25 | 20-05-2013 - 14:44 | |
CVE-2008-3450 | 7.2 |
Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.
|
30-10-2018 - 16:25 | 04-08-2008 - 18:41 | |
CVE-2009-2988 | 4.3 |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-1
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2010-2182 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-1545 | 9.3 |
Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbit
|
30-10-2018 - 16:25 | 12-08-2009 - 17:30 | |
CVE-2008-3014 | 9.3 |
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 20
|
30-10-2018 - 16:25 | 11-09-2008 - 01:11 | |
CVE-2010-2209 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2186 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. P
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2008-2253 | 9.3 |
Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Samp
|
30-10-2018 - 16:25 | 11-09-2008 - 01:10 | |
CVE-2006-3868 | 5.1 |
Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
|
30-10-2018 - 16:25 | 10-10-2006 - 22:07 | |
CVE-2009-2527 | 9.3 |
Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability."
|
30-10-2018 - 16:25 | 14-10-2009 - 10:30 | |
CVE-2010-2212 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a cra
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2005-3883 | 5.0 |
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
|
30-10-2018 - 16:25 | 29-11-2005 - 11:03 | |
CVE-2011-0600 | 9.3 |
The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorre
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2004-1355 | 2.1 |
Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
|
30-10-2018 - 16:25 | 26-04-2004 - 04:00 | |
CVE-2011-0570 | 6.9 |
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0178 | 7.6 |
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript wit
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2010-0169 | 5.0 |
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings i
|
30-10-2018 - 16:25 | 25-03-2010 - 21:00 | |
CVE-2000-0778 | 5.0 |
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
|
30-10-2018 - 16:25 | 20-10-2000 - 04:00 | |
CVE-2010-0182 | 4.3 |
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2007-0043 | 9.3 |
The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer,
|
30-10-2018 - 16:25 | 10-07-2007 - 22:30 | |
CVE-2010-0204 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194,
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2010-0196 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2010-0201 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194,
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2010-0177 | 9.3 |
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to ex
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2008-1457 | 9.0 |
The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a cr
|
30-10-2018 - 16:25 | 13-08-2008 - 12:42 | |
CVE-2005-3398 | 4.3 |
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data fro
|
30-10-2018 - 16:25 | 01-11-2005 - 12:47 | |
CVE-2008-0964 | 9.3 |
Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.
|
30-10-2018 - 16:25 | 08-08-2008 - 18:41 | |
CVE-2010-0233 | 7.2 |
Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double
|
30-10-2018 - 16:25 | 10-02-2010 - 18:30 | |
CVE-2006-1092 | 2.1 |
Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena
|
30-10-2018 - 16:25 | 09-03-2006 - 13:06 | |
CVE-2007-0165 | 7.8 |
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
|
30-10-2018 - 16:25 | 10-01-2007 - 00:28 | |
CVE-2009-0003 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.
|
30-10-2018 - 16:25 | 21-01-2009 - 20:30 | |
CVE-2009-0001 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.
|
30-10-2018 - 16:25 | 21-01-2009 - 20:30 | |
CVE-2008-1456 | 9.0 |
Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription req
|
30-10-2018 - 16:25 | 13-08-2008 - 12:42 | |
CVE-2009-0838 | 4.9 |
The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function.
|
30-10-2018 - 16:25 | 06-03-2009 - 18:30 | |
CVE-1999-1587 | 2.1 |
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
|
30-10-2018 - 16:25 | 31-12-1999 - 05:00 | |
CVE-2011-0591 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, r
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2008-1451 | 7.2 |
The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
|
30-10-2018 - 16:25 | 12-06-2008 - 02:32 | |
CVE-2008-1095 | 6.8 |
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets
|
30-10-2018 - 16:25 | 29-02-2008 - 11:44 | |
CVE-2010-0198 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2011-0592 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, r
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2008-0269 | 4.9 |
Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.
|
30-10-2018 - 16:25 | 15-01-2008 - 20:00 | |
CVE-2009-1303 | 5.0 |
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGE
|
30-10-2018 - 16:25 | 22-04-2009 - 18:30 | |
CVE-2008-0960 | 10.0 |
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Dat
|
30-10-2018 - 16:25 | 10-06-2008 - 18:32 | |
CVE-2009-1244 | 6.8 |
Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; V
|
30-10-2018 - 16:25 | 13-04-2009 - 16:30 | |
CVE-2011-0602 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2007-1718 | 7.8 |
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of
|
30-10-2018 - 16:25 | 28-03-2007 - 00:19 | |
CVE-2006-1494 | 2.6 |
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.
|
30-10-2018 - 16:25 | 10-04-2006 - 19:02 | |
CVE-2010-0810 | 4.7 |
The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Ke
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2008-0965 | 9.3 |
Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
|
30-10-2018 - 16:25 | 08-08-2008 - 18:41 | |
CVE-2011-0593 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0202 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2004-1348 | 5.0 |
Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).
|
30-10-2018 - 16:25 | 06-09-2004 - 04:00 | |
CVE-2011-0585 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0191 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2008-1083 | 9.3 |
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a mal
|
30-10-2018 - 16:25 | 08-04-2008 - 23:05 | |
CVE-2007-0042 | 7.8 |
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechani
|
30-10-2018 - 16:25 | 10-07-2007 - 22:30 | |
CVE-2011-0562 | 6.9 |
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2006-1780 | 2.1 |
The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files. Apply patches.
|
30-10-2018 - 16:25 | 13-04-2006 - 10:02 | |
CVE-2009-1132 | 9.3 |
Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless
|
30-10-2018 - 16:25 | 08-09-2009 - 22:30 | |
CVE-2011-0598 | 9.3 |
Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0192 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2011-0590 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CV
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0175 | 9.3 |
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of se
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2006-0161 | 4.6 |
Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2004-0780.
|
30-10-2018 - 16:25 | 10-01-2006 - 19:03 | |
CVE-2011-0594 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0563 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0595 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0567 | 9.3 |
AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that tri
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2007-0895 | 2.6 |
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level
|
30-10-2018 - 16:25 | 13-02-2007 - 01:28 | |
CVE-2010-0176 | 9.3 |
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2004-1356 | 2.1 |
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
|
30-10-2018 - 16:25 | 23-04-2004 - 04:00 | |
CVE-2011-0603 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerabili
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0564 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors.
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0193 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2004-1353 | 7.2 |
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.
|
30-10-2018 - 16:25 | 19-10-2004 - 04:00 | |
CVE-2004-0800 | 4.6 |
Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.
|
30-10-2018 - 16:25 | 24-08-2004 - 04:00 | |
CVE-2009-0005 | 9.3 |
Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption.
|
30-10-2018 - 16:25 | 21-01-2009 - 20:30 | |
CVE-2006-0008 | 7.2 |
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and cl
|
30-10-2018 - 16:25 | 14-02-2006 - 19:06 | |
CVE-2004-0573 | 7.5 |
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
|
30-10-2018 - 16:25 | 28-09-2004 - 04:00 | |
CVE-2011-0586 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2007-0041 | 9.3 |
The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths
|
30-10-2018 - 16:25 | 10-07-2007 - 22:30 | |
CVE-2010-0203 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2010-0179 | 5.1 |
Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2004-1354 | 5.0 |
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information
|
30-10-2018 - 16:25 | 14-05-2004 - 04:00 | |
CVE-2011-0599 | 9.3 |
The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointe
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0199 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2010-0171 | 4.3 |
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) at
|
30-10-2018 - 16:25 | 25-03-2010 - 21:00 | |
CVE-2009-0004 | 9.3 |
Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file.
|
30-10-2018 - 16:25 | 21-01-2009 - 20:30 | |
CVE-2007-0064 | 9.3 |
Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a c
|
30-10-2018 - 16:25 | 12-12-2007 - 00:46 | |
CVE-2011-0596 | 9.3 |
The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0589 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0197 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194,
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2004-0082 | 7.5 |
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable pas
|
30-10-2018 - 16:25 | 03-03-2004 - 05:00 | |
CVE-2007-0910 | 10.0 |
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
|
30-10-2018 - 16:25 | 13-02-2007 - 23:28 | |
CVE-2010-0190 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2006-1782 | 2.1 |
Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including
|
30-10-2018 - 16:25 | 13-04-2006 - 10:02 | |
CVE-2011-0587 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a differen
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2009-0002 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.
|
30-10-2018 - 16:25 | 21-01-2009 - 20:30 | |
CVE-2001-0507 | 7.2 |
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.
|
30-10-2018 - 16:25 | 20-09-2001 - 04:00 | |
CVE-2011-0604 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a differen
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0565 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0195 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors.
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2009-1311 | 4.3 |
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during
|
30-10-2018 - 16:25 | 22-04-2009 - 18:30 | |
CVE-2011-0588 | 6.9 |
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0568 | 6.8 |
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0194 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197,
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2006-0901 | 7.2 |
Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code.
|
30-10-2018 - 16:25 | 27-02-2006 - 19:06 | |
CVE-2007-0503 | 6.9 |
Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.
|
30-10-2018 - 16:25 | 25-01-2007 - 21:28 | |
CVE-2003-1024 | 7.2 |
Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges.
|
30-10-2018 - 16:25 | 20-01-2004 - 05:00 | |
CVE-2009-0087 | 9.3 |
Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to exe
|
30-10-2018 - 16:25 | 15-04-2009 - 08:00 | |
CVE-2011-0566 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerabili
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0181 | 4.3 |
Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial o
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2004-1154 | 10.0 |
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of securit
|
30-10-2018 - 16:25 | 10-01-2005 - 05:00 | |
CVE-2009-0229 | 4.9 |
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerabi
|
30-10-2018 - 16:25 | 10-06-2009 - 18:00 | |
CVE-2007-6242 | 6.8 |
Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
|
26-10-2018 - 14:18 | 20-12-2007 - 01:46 | |
CVE-2007-4632 | 4.3 |
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authent
|
26-10-2018 - 14:04 | 31-08-2007 - 23:17 | |
CVE-2007-2138 | 6.0 |
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the p
|
19-10-2018 - 18:54 | 24-04-2007 - 20:19 | |
CVE-2006-0745 | 7.2 |
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute ar
|
19-10-2018 - 15:46 | 21-03-2006 - 02:06 | |
CVE-2006-0748 | 9.3 |
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that
|
19-10-2018 - 15:46 | 14-04-2006 - 10:02 | |
CVE-2006-0749 | 9.3 |
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via
|
19-10-2018 - 15:46 | 14-04-2006 - 10:02 | |
CVE-2006-0576 | 7.2 |
Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not ru
|
19-10-2018 - 15:45 | 08-02-2006 - 00:06 | |
CVE-2006-0300 | 5.1 |
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
|
19-10-2018 - 15:44 | 24-02-2006 - 00:02 | |
CVE-2006-0294 | 7.5 |
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to o
|
19-10-2018 - 15:43 | 02-02-2006 - 20:06 | |
CVE-2006-0225 | 4.6 |
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
|
19-10-2018 - 15:43 | 25-01-2006 - 11:03 | |
CVE-2006-0296 | 5.0 |
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf fil
|
19-10-2018 - 15:43 | 02-02-2006 - 20:06 | |
CVE-2006-0295 | 5.1 |
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory
|
19-10-2018 - 15:43 | 02-02-2006 - 20:06 | |
CVE-2006-0049 | 5.0 |
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report
|
19-10-2018 - 15:42 | 13-03-2006 - 21:06 | |
CVE-2006-0015 | 6.8 |
Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute
|
19-10-2018 - 15:42 | 11-04-2006 - 23:02 | |
CVE-2006-0082 | 5.1 |
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric fo
|
19-10-2018 - 15:42 | 04-01-2006 - 23:03 | |
CVE-2005-4826 | 6.1 |
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different iss
|
19-10-2018 - 15:41 | 31-12-2005 - 05:00 | |
CVE-2005-4667 | 3.7 |
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses
|
19-10-2018 - 15:41 | 31-12-2005 - 05:00 | |
CVE-2005-4560 | 7.5 |
The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows P
|
19-10-2018 - 15:41 | 28-12-2005 - 19:03 | |
CVE-2006-0001 | 9.3 |
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
|
19-10-2018 - 15:41 | 12-09-2006 - 23:07 | |
CVE-2006-0007 | 9.3 |
Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when i
|
19-10-2018 - 15:41 | 11-07-2006 - 21:05 | |
CVE-2006-0003 | 5.1 |
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown att
|
19-10-2018 - 15:41 | 12-04-2006 - 00:02 | |
CVE-2006-0014 | 5.1 |
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
|
19-10-2018 - 15:41 | 12-04-2006 - 00:02 | |
CVE-2005-4436 | 7.8 |
Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) m
|
19-10-2018 - 15:40 | 21-12-2005 - 01:03 | |
CVE-2005-4437 | 7.5 |
MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message
|
19-10-2018 - 15:40 | 21-12-2005 - 01:03 | |
CVE-2005-3962 | 4.6 |
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an int
|
19-10-2018 - 15:39 | 01-12-2005 - 17:03 | |
CVE-2005-3921 | 2.6 |
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memor
|
19-10-2018 - 15:39 | 30-11-2005 - 11:03 | |
CVE-2005-2872 | 5.0 |
The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force, which leads t
|
19-10-2018 - 15:34 | 09-09-2005 - 19:07 | |
CVE-2005-2641 | 7.5 |
Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate
|
19-10-2018 - 15:33 | 23-08-2005 - 04:00 | |
CVE-2005-2628 | 5.1 |
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
|
19-10-2018 - 15:33 | 05-11-2005 - 11:02 | |
CVE-2005-2798 | 5.0 |
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
|
19-10-2018 - 15:33 | 06-09-2005 - 17:03 | |
CVE-2005-2495 | 5.1 |
Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.
|
19-10-2018 - 15:33 | 15-09-2005 - 20:03 | |
CVE-2005-1918 | 2.6 |
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probabl
|
19-10-2018 - 15:32 | 31-12-2005 - 05:00 | |
CVE-2005-1993 | 3.7 |
Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
|
19-10-2018 - 15:32 | 20-06-2005 - 04:00 | |
CVE-2005-1264 | 7.2 |
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2
|
19-10-2018 - 15:31 | 17-05-2005 - 04:00 | |
CVE-2005-0237 | 5.0 |
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from o
|
19-10-2018 - 15:31 | 02-05-2005 - 04:00 | |
CVE-2005-0473 | 5.0 |
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
|
19-10-2018 - 15:31 | 14-03-2005 - 05:00 | |
CVE-2005-1410 | 2.1 |
The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause
|
19-10-2018 - 15:31 | 03-05-2005 - 04:00 | |
CVE-2005-0100 | 7.5 |
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
|
19-10-2018 - 15:31 | 07-02-2005 - 05:00 | |
CVE-2005-0953 | 3.7 |
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
|
19-10-2018 - 15:31 | 02-05-2005 - 04:00 | |
CVE-2005-0688 | 5.0 |
Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence o
|
19-10-2018 - 15:31 | 05-03-2005 - 05:00 | |
CVE-2005-1409 | 7.5 |
PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."
|
19-10-2018 - 15:31 | 03-05-2005 - 04:00 | |
CVE-2005-1046 | 7.5 |
Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
|
19-10-2018 - 15:31 | 02-05-2005 - 04:00 | |
CVE-2004-1060 | 5.0 |
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment w
|
19-10-2018 - 15:30 | 12-04-2004 - 04:00 | |
CVE-2004-0230 | 5.0 |
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that u
|
19-10-2018 - 15:30 | 18-08-2004 - 04:00 | |
CVE-2004-0750 | 7.5 |
Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied.
|
19-10-2018 - 15:30 | 20-10-2004 - 04:00 | |
CVE-2004-0057 | 5.0 |
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be
|
19-10-2018 - 15:29 | 17-02-2004 - 05:00 | |
CVE-2003-0131 | 7.5 |
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKC
|
19-10-2018 - 15:29 | 24-03-2003 - 05:00 | |
CVE-2003-0147 | 5.0 |
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the us
|
19-10-2018 - 15:29 | 31-03-2003 - 05:00 | |
CVE-2003-0139 | 7.5 |
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-p
|
19-10-2018 - 15:29 | 24-03-2003 - 05:00 | |
CVE-2003-0138 | 7.5 |
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
|
19-10-2018 - 15:29 | 24-03-2003 - 05:00 | |
CVE-2003-0086 | 1.2 |
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
|
19-10-2018 - 15:29 | 31-03-2003 - 05:00 | |
CVE-2003-0989 | 7.5 |
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.
|
19-10-2018 - 15:29 | 17-02-2004 - 05:00 | |
CVE-2006-3590 | 5.1 |
mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different is
|
18-10-2018 - 16:48 | 14-07-2006 - 18:05 | |
CVE-2006-3627 | 5.0 |
Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors. This vulnerability is addressed in the following product release
|
18-10-2018 - 16:48 | 21-07-2006 - 14:03 | |
CVE-2006-3631 | 5.0 |
Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. This vulnerability is addressed in the following product rele
|
18-10-2018 - 16:48 | 21-07-2006 - 14:03 | |
CVE-2006-3629 | 7.8 |
Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Ethereal) 0.9.4 to 0.99.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. This vulnerability is addressed in the following product r
|
18-10-2018 - 16:48 | 21-07-2006 - 14:03 | |
CVE-2006-3647 | 9.3 |
Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Co
|
18-10-2018 - 16:48 | 10-10-2006 - 22:07 | |
CVE-2006-3442 | 7.6 |
Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. Successful exploitation requires that the MSMQ (Microsoft Messag
|
18-10-2018 - 16:47 | 12-09-2006 - 23:07 | |
CVE-2006-3449 | 7.5 |
Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue
|
18-10-2018 - 16:47 | 09-08-2006 - 00:04 | |
CVE-2006-3434 | 9.3 |
Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
|
18-10-2018 - 16:47 | 10-10-2006 - 22:07 | |
CVE-2006-3431 | 7.5 |
Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document o
|
18-10-2018 - 16:47 | 07-07-2006 - 18:05 | |
CVE-2006-3445 | 7.5 |
Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which resu
|
18-10-2018 - 16:47 | 14-11-2006 - 21:07 | |
CVE-2006-3436 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
|
18-10-2018 - 16:47 | 10-10-2006 - 21:07 | |
CVE-2006-3448 | 9.3 |
Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl
|
18-10-2018 - 16:47 | 13-02-2007 - 20:28 | |
CVE-2006-3451 | 7.5 |
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via uns
|
18-10-2018 - 16:47 | 08-08-2006 - 23:04 | |
CVE-2006-3311 | 5.1 |
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
|
18-10-2018 - 16:46 | 12-09-2006 - 23:07 | |
CVE-2006-3117 | 7.6 |
Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw,
|
18-10-2018 - 16:45 | 30-06-2006 - 18:05 | |
CVE-2006-3016 | 9.3 |
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-
|
18-10-2018 - 16:45 | 14-06-2006 - 23:02 | |
CVE-2006-3059 | 9.3 |
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
|
18-10-2018 - 16:45 | 17-06-2006 - 13:18 | |
CVE-2006-3086 | 9.3 |
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as
|
18-10-2018 - 16:45 | 19-06-2006 - 19:02 | |
CVE-2006-2781 | 6.4 |
Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 charact
|
18-10-2018 - 16:42 | 02-06-2006 - 19:02 | |
CVE-2006-2786 | 2.6 |
HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites
|
18-10-2018 - 16:42 | 02-06-2006 - 20:02 | |
CVE-2006-2785 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute
|
18-10-2018 - 16:42 | 02-06-2006 - 19:02 | |
CVE-2006-2372 | 10.0 |
Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
|
18-10-2018 - 16:39 | 11-07-2006 - 21:05 | |
CVE-2006-2386 | 6.8 |
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. If a end user is logged on with administrative user rights, an a
|
18-10-2018 - 16:39 | 13-12-2006 - 01:28 | |
CVE-2006-2388 | 9.3 |
Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
|
18-10-2018 - 16:39 | 13-07-2006 - 21:05 | |
CVE-2006-2199 | 7.6 |
Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice docu
|
18-10-2018 - 16:38 | 30-06-2006 - 18:05 | |
CVE-2006-2111 | 4.3 |
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cr
|
18-10-2018 - 16:38 | 01-05-2006 - 19:06 | |
CVE-2006-1990 | 5.0 |
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer ov
|
18-10-2018 - 16:37 | 24-04-2006 - 23:02 | |
CVE-2006-1864 | 4.6 |
Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.
|
18-10-2018 - 16:36 | 26-04-2006 - 18:06 | |
CVE-2006-1738 | 5.0 |
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (
|
18-10-2018 - 16:35 | 14-04-2006 - 18:02 | |
CVE-2006-1727 | 7.6 |
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to t
|
18-10-2018 - 16:34 | 14-04-2006 - 10:02 | |
CVE-2006-1732 | 4.3 |
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS)
|
18-10-2018 - 16:34 | 14-04-2006 - 10:02 | |
CVE-2006-1724 | 7.5 |
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via atta
|
18-10-2018 - 16:34 | 14-04-2006 - 10:02 | |
CVE-2006-1728 | 9.3 |
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypt
|
18-10-2018 - 16:34 | 14-04-2006 - 10:02 | |
CVE-2006-1730 | 9.3 |
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing prop
|
18-10-2018 - 16:34 | 14-04-2006 - 10:02 | |
CVE-2006-1540 | 9.3 |
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a
|
18-10-2018 - 16:33 | 30-03-2006 - 11:02 | |
CVE-2006-1315 | 5.0 |
The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are
|
18-10-2018 - 16:32 | 11-07-2006 - 21:05 | |
CVE-2006-1305 | 4.3 |
Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) lar
|
18-10-2018 - 16:32 | 31-12-2006 - 05:00 | |
CVE-2006-1306 | 9.3 |
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerabil
|
18-10-2018 - 16:32 | 13-07-2006 - 21:05 | |
CVE-2006-1304 | 9.3 |
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
|
18-10-2018 - 16:32 | 13-07-2006 - 21:05 | |
CVE-2006-1314 | 7.5 |
Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages th
|
18-10-2018 - 16:32 | 11-07-2006 - 21:05 | |
CVE-2006-1302 | 9.3 |
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnera
|
18-10-2018 - 16:31 | 13-07-2006 - 21:05 | |
CVE-2006-6797 | 6.6 |
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a differe
|
17-10-2018 - 21:49 | 28-12-2006 - 15:28 | |
CVE-2006-6502 | 7.1 |
Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown
|
17-10-2018 - 21:48 | 20-12-2006 - 01:28 | |
CVE-2006-6501 | 6.8 |
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.
|
17-10-2018 - 21:48 | 20-12-2006 - 01:28 | |
CVE-2006-6456 | 9.3 |
Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than
|
17-10-2018 - 21:48 | 11-12-2006 - 17:28 | |
CVE-2006-6235 | 10.0 |
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated s
|
17-10-2018 - 21:47 | 07-12-2006 - 11:28 | |
CVE-2006-5994 | 9.3 |
Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string
|
17-10-2018 - 21:46 | 06-12-2006 - 20:28 | |
CVE-2006-6134 | 7.5 |
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application cra
|
17-10-2018 - 21:46 | 28-11-2006 - 01:07 | |
CVE-2006-6133 | 7.6 |
Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote att
|
17-10-2018 - 21:46 | 28-11-2006 - 01:07 | |
CVE-2006-5794 | 7.5 |
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed th
|
17-10-2018 - 21:45 | 08-11-2006 - 20:07 | |
CVE-2006-5740 | 5.0 |
Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet.
|
17-10-2018 - 21:44 | 27-10-2006 - 23:07 | |
CVE-2006-5747 | 7.5 |
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.
|
17-10-2018 - 21:44 | 08-11-2006 - 21:07 | |
CVE-2006-5758 | 7.2 |
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read
|
17-10-2018 - 21:44 | 06-11-2006 - 20:07 | |
CVE-2006-5585 | 7.2 |
The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
|
17-10-2018 - 21:43 | 13-12-2006 - 01:28 | |
CVE-2006-5583 | 10.0 |
Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerabilit
|
17-10-2018 - 21:43 | 12-12-2006 - 20:28 | |
CVE-2006-5469 | 5.0 |
Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference.
|
17-10-2018 - 21:43 | 28-10-2006 - 00:07 | |
CVE-2006-5468 | 5.0 |
Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors.
|
17-10-2018 - 21:43 | 27-10-2006 - 23:07 | |
CVE-2006-5463 | 7.5 |
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object whi
|
17-10-2018 - 21:43 | 08-11-2006 - 22:07 | |
CVE-2006-5584 | 7.5 |
The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
|
17-10-2018 - 21:43 | 13-12-2006 - 01:28 | |
CVE-2006-5577 | 4.3 |
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure V
|
17-10-2018 - 21:43 | 12-12-2006 - 20:28 | |
CVE-2006-5578 | 2.6 |
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulne
|
17-10-2018 - 21:43 | 12-12-2006 - 20:28 | |
CVE-2006-5586 | 7.2 |
The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability.
|
17-10-2018 - 21:43 | 04-04-2007 - 16:19 | |
CVE-2006-5330 | 5.0 |
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client request
|
17-10-2018 - 21:42 | 17-10-2006 - 21:07 | |
CVE-2006-5052 | 5.0 |
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
|
17-10-2018 - 21:40 | 27-09-2006 - 23:07 | |
CVE-2006-4924 | 7.8 |
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack d
|
17-10-2018 - 21:40 | 27-09-2006 - 01:07 | |
CVE-2006-4686 | 7.5 |
Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
|
17-10-2018 - 21:39 | 10-10-2006 - 22:07 | |
CVE-2006-4777 | 7.6 |
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary cod
|
17-10-2018 - 21:39 | 14-09-2006 - 00:07 | |
CVE-2006-4685 | 2.6 |
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
|
17-10-2018 - 21:39 | 10-10-2006 - 22:07 | |
CVE-2006-4704 | 6.8 |
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code
|
17-10-2018 - 21:39 | 01-11-2006 - 15:07 | |
CVE-2006-4691 | 10.0 |
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
|
17-10-2018 - 21:39 | 14-11-2006 - 21:07 | |
CVE-2006-4696 | 9.0 |
Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
|
17-10-2018 - 21:39 | 10-10-2006 - 22:07 | |
CVE-2006-4688 | 7.5 |
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerabil
|
17-10-2018 - 21:39 | 14-11-2006 - 22:07 | |
CVE-2006-4702 | 6.8 |
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. A
|
17-10-2018 - 21:39 | 13-12-2006 - 01:28 | |
CVE-2006-4842 | 3.6 |
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrar
|
17-10-2018 - 21:39 | 12-10-2006 - 00:07 | |
CVE-2006-4689 | 5.0 |
Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors,
|
17-10-2018 - 21:39 | 14-11-2006 - 22:07 | |
CVE-2006-4624 | 2.6 |
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
|
17-10-2018 - 21:38 | 07-09-2006 - 19:04 | |
CVE-2006-4650 | 2.6 |
Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect
|
17-10-2018 - 21:38 | 09-09-2006 - 00:04 | |
CVE-2006-4655 | 4.6 |
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable v
|
17-10-2018 - 21:38 | 09-09-2006 - 00:04 | |
CVE-2006-4446 | 5.0 |
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first
|
17-10-2018 - 21:37 | 30-08-2006 - 01:04 | |
CVE-2006-4330 | 4.3 |
Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors.
|
17-10-2018 - 21:34 | 24-08-2006 - 20:04 | |
CVE-2006-4335 | 7.5 |
Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code v
|
17-10-2018 - 21:34 | 19-09-2006 - 21:07 | |
CVE-2006-4334 | 5.0 |
Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
|
17-10-2018 - 21:34 | 19-09-2006 - 21:07 | |
CVE-2006-4019 | 6.4 |
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. This vulnerability is addressed
|
17-10-2018 - 21:32 | 11-08-2006 - 21:04 | |
CVE-2006-3867 | 5.1 |
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and
|
17-10-2018 - 21:32 | 10-10-2006 - 22:07 | |
CVE-2006-3942 | 7.8 |
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, w
|
17-10-2018 - 21:32 | 31-07-2006 - 23:04 | |
CVE-2006-3877 | 9.3 |
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerabil
|
17-10-2018 - 21:32 | 10-10-2006 - 22:07 | |
CVE-2006-3875 | 5.1 |
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2
|
17-10-2018 - 21:32 | 10-10-2006 - 22:07 | |
CVE-2006-3864 | 9.3 |
Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file
|
17-10-2018 - 21:32 | 10-10-2006 - 22:07 | |
CVE-2006-3810 | 6.8 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.
|
17-10-2018 - 21:31 | 27-07-2006 - 20:04 | |
CVE-2006-3745 | 7.2 |
Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown at
|
17-10-2018 - 21:29 | 23-08-2006 - 19:04 | |
CVE-2007-3468 | 7.8 |
input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.
|
16-10-2018 - 16:49 | 27-06-2007 - 22:30 | |
CVE-2007-3386 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases paramet
|
16-10-2018 - 16:48 | 14-08-2007 - 22:17 | |
CVE-2007-3037 | 4.0 |
Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-
|
16-10-2018 - 16:47 | 14-08-2007 - 21:17 | |
CVE-2007-3038 | 7.8 |
The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Wi
|
16-10-2018 - 16:47 | 10-07-2007 - 22:30 | |
CVE-2007-3039 | 9.0 |
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call
|
16-10-2018 - 16:47 | 12-12-2007 - 00:46 | |
CVE-2007-3035 | 7.6 |
Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Wind
|
16-10-2018 - 16:47 | 14-08-2007 - 21:17 | |
CVE-2007-3040 | 9.3 |
Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agen
|
16-10-2018 - 16:47 | 12-09-2007 - 01:17 | |
CVE-2007-2953 | 6.8 |
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, relat
|
16-10-2018 - 16:46 | 31-07-2007 - 10:17 | |
CVE-2007-2930 | 4.3 |
The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote
|
16-10-2018 - 16:46 | 12-09-2007 - 01:17 | |
CVE-2007-2581 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string)
|
16-10-2018 - 16:44 | 09-05-2007 - 21:19 | |
CVE-2007-2225 | 4.3 |
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer
|
16-10-2018 - 16:42 | 12-06-2007 - 20:30 | |
CVE-2007-2217 | 9.3 |
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF)
|
16-10-2018 - 16:42 | 09-10-2007 - 22:17 | |
CVE-2007-2224 | 9.3 |
Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextN
|
16-10-2018 - 16:42 | 14-08-2007 - 21:17 | |
CVE-2007-2219 | 9.3 |
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
|
16-10-2018 - 16:42 | 12-06-2007 - 20:30 | |
CVE-2007-2231 | 4.3 |
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
|
16-10-2018 - 16:42 | 25-04-2007 - 15:19 | |
CVE-2007-2228 | 7.8 |
rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of serv
|
16-10-2018 - 16:42 | 09-10-2007 - 22:17 | |
CVE-2007-2229 | 7.2 |
Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permis
|
16-10-2018 - 16:42 | 12-06-2007 - 19:30 | |
CVE-2007-2218 | 9.3 |
Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that a
|
16-10-2018 - 16:42 | 12-06-2007 - 19:30 | |
CVE-2007-2227 | 4.3 |
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domai
|
16-10-2018 - 16:42 | 12-06-2007 - 21:30 | |
CVE-2007-1754 | 9.3 |
PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, wh
|
16-10-2018 - 16:40 | 10-07-2007 - 22:30 | |
CVE-2007-1681 | 7.5 |
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspe
|
16-10-2018 - 16:40 | 19-04-2007 - 10:19 | |
CVE-2007-1711 | 6.8 |
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was in
|
16-10-2018 - 16:40 | 27-03-2007 - 01:19 | |
CVE-2007-1747 | 9.3 |
Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
|
16-10-2018 - 16:40 | 08-05-2007 - 23:19 | |
CVE-2007-1667 | 9.3 |
Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive inf
|
16-10-2018 - 16:40 | 24-03-2007 - 21:19 | |
CVE-2007-1658 | 9.3 |
Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at
|
16-10-2018 - 16:39 | 24-03-2007 - 19:19 | |
CVE-2007-1466 | 6.8 |
Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary
|
16-10-2018 - 16:38 | 16-03-2007 - 21:19 | |
CVE-2007-1499 | 4.3 |
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the locatio
|
16-10-2018 - 16:38 | 17-03-2007 - 10:19 | |
CVE-2007-1212 | 6.6 |
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.
|
16-10-2018 - 16:37 | 04-04-2007 - 16:19 | |
CVE-2007-1203 | 9.3 |
Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corr
|
16-10-2018 - 16:37 | 08-05-2007 - 22:19 | |
CVE-2007-1205 | 9.3 |
Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
|
16-10-2018 - 16:37 | 10-04-2007 - 21:19 | |
CVE-2007-1209 | 7.2 |
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and clo
|
16-10-2018 - 16:37 | 10-04-2007 - 21:19 | |
CVE-2007-1206 | 7.2 |
The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which a
|
16-10-2018 - 16:37 | 10-04-2007 - 21:19 | |
CVE-2007-1215 | 7.2 |
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.
|
16-10-2018 - 16:37 | 04-04-2007 - 16:19 | |
CVE-2007-1202 | 6.8 |
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attacker
|
16-10-2018 - 16:37 | 08-05-2007 - 23:19 | |
CVE-2007-1204 | 6.8 |
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger mem
|
16-10-2018 - 16:37 | 10-04-2007 - 21:19 | |
CVE-2007-1214 | 6.8 |
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
|
16-10-2018 - 16:37 | 08-05-2007 - 22:19 | |
CVE-2007-1211 | 7.1 |
Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image tha
|
16-10-2018 - 16:37 | 04-04-2007 - 16:19 | |
CVE-2007-1002 | 6.8 |
Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifie
|
16-10-2018 - 16:36 | 21-03-2007 - 22:19 | |
CVE-2007-0936 | 9.3 |
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging
|
16-10-2018 - 16:35 | 12-06-2007 - 19:30 | |
CVE-2007-0938 | 10.0 |
Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
|
16-10-2018 - 16:35 | 10-04-2007 - 21:19 | |
CVE-2007-0939 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Sc
|
16-10-2018 - 16:35 | 10-04-2007 - 21:19 | |
CVE-2007-0940 | 9.3 |
Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, a
|
16-10-2018 - 16:35 | 08-05-2007 - 23:19 | |
CVE-2007-0934 | 9.3 |
Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
|
16-10-2018 - 16:35 | 12-06-2007 - 19:30 | |
CVE-2007-0779 | 6.4 |
GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot
|
16-10-2018 - 16:34 | 26-02-2007 - 20:28 | |
CVE-2007-0800 | 4.3 |
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocke
|
16-10-2018 - 16:34 | 07-02-2007 - 11:28 | |
CVE-2007-0870 | 7.6 |
Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS0
|
16-10-2018 - 16:34 | 11-02-2007 - 21:28 | |
CVE-2007-0099 | 9.3 |
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in
|
16-10-2018 - 16:31 | 08-01-2007 - 20:28 | |
CVE-2007-0069 | 9.3 |
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that t
|
16-10-2018 - 16:31 | 08-01-2008 - 20:46 | |
CVE-2007-0215 | 7.6 |
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
|
16-10-2018 - 16:31 | 08-05-2007 - 22:19 | |
CVE-2007-0033 | 9.3 |
Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
|
16-10-2018 - 16:30 | 09-01-2007 - 23:28 | |
CVE-2007-0027 | 9.3 |
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
|
16-10-2018 - 16:30 | 09-01-2007 - 22:28 | |
CVE-2007-0028 | 9.3 |
Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Im
|
16-10-2018 - 16:30 | 09-01-2007 - 23:28 | |
CVE-2007-0038 | 9.3 |
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) a
|
16-10-2018 - 16:30 | 30-03-2007 - 20:19 | |
CVE-2007-0030 | 9.3 |
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary
|
16-10-2018 - 16:30 | 09-01-2007 - 23:28 | |
CVE-2007-0031 | 9.3 |
Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of en
|
16-10-2018 - 16:30 | 09-01-2007 - 23:28 | |
CVE-2007-0034 | 9.3 |
Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka
|
16-10-2018 - 16:30 | 09-01-2007 - 23:28 | |
CVE-2007-0046 | 7.5 |
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML,
|
16-10-2018 - 16:30 | 03-01-2007 - 21:28 | |
CVE-2007-0029 | 9.3 |
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
|
16-10-2018 - 16:30 | 09-01-2007 - 23:28 | |
CVE-2008-0597 | 5.0 |
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
|
15-10-2018 - 22:01 | 26-02-2008 - 00:44 | |
CVE-2008-0417 | 4.3 |
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.
|
15-10-2018 - 22:00 | 08-02-2008 - 22:00 | |
CVE-2008-0418 | 4.3 |
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome:
|
15-10-2018 - 22:00 | 08-02-2008 - 22:00 | |
CVE-2008-0106 | 9.0 |
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
|
15-10-2018 - 21:57 | 08-07-2008 - 23:41 | |
CVE-2008-0116 | 9.3 |
Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerabilit
|
15-10-2018 - 21:57 | 11-03-2008 - 23:44 | |
CVE-2008-0082 | 10.0 |
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or
|
15-10-2018 - 21:57 | 13-08-2008 - 00:41 | |
CVE-2008-0109 | 9.3 |
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation err
|
15-10-2018 - 21:57 | 12-02-2008 - 23:00 | |
CVE-2008-0119 | 9.3 |
Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corrupt
|
15-10-2018 - 21:57 | 13-05-2008 - 22:20 | |
CVE-2008-0086 | 9.0 |
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
|
15-10-2018 - 21:57 | 08-07-2008 - 23:41 | |
CVE-2008-0113 | 9.3 |
Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," ak
|
15-10-2018 - 21:57 | 11-03-2008 - 23:44 | |
CVE-2008-0072 | 6.8 |
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.
|
15-10-2018 - 21:57 | 06-03-2008 - 00:44 | |
CVE-2007-6698 | 4.0 |
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerabilit
|
15-10-2018 - 21:56 | 01-02-2008 - 22:00 | |
CVE-2008-0003 | 10.0 |
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute a
|
15-10-2018 - 21:56 | 08-01-2008 - 20:46 | |
CVE-2007-6441 | 3.3 |
The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms."
|
15-10-2018 - 21:54 | 19-12-2007 - 22:46 | |
CVE-2007-6451 | 4.3 |
Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory.
|
15-10-2018 - 21:54 | 19-12-2007 - 22:46 | |
CVE-2007-6352 | 6.8 |
Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.
|
15-10-2018 - 21:52 | 20-12-2007 - 02:46 | |
CVE-2007-6262 | 6.8 |
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized p
|
15-10-2018 - 21:51 | 06-12-2007 - 02:46 | |
CVE-2007-6115 | 10.0 |
Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.
|
15-10-2018 - 21:50 | 23-11-2007 - 20:46 | |
CVE-2007-6120 | 5.0 |
The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
|
15-10-2018 - 21:50 | 23-11-2007 - 20:46 | |
CVE-2007-6119 | 7.8 |
The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
|
15-10-2018 - 21:50 | 23-11-2007 - 20:46 | |
CVE-2007-6116 | 5.0 |
The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors.
|
15-10-2018 - 21:50 | 23-11-2007 - 20:46 | |
CVE-2007-6117 | 5.0 |
Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages.
|
15-10-2018 - 21:50 | 23-11-2007 - 20:46 | |
CVE-2007-6026 | 9.3 |
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing
|
15-10-2018 - 21:49 | 20-11-2007 - 00:46 | |
CVE-2007-6067 | 6.8 |
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of se
|
15-10-2018 - 21:49 | 09-01-2008 - 21:46 | |
CVE-2007-6112 | 10.0 |
Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
|
15-10-2018 - 21:49 | 23-11-2007 - 20:46 | |
CVE-2007-5971 | 6.9 |
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. Information from Apple: http://docs.info.apple.com/article.html?artnum=307562
|
15-10-2018 - 21:48 | 06-12-2007 - 02:46 | |
CVE-2007-5958 | 5.0 |
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
|
15-10-2018 - 21:47 | 18-01-2008 - 23:00 | |
CVE-2007-5587 | 6.9 |
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory loc
|
15-10-2018 - 21:45 | 19-10-2007 - 21:17 | |
CVE-2007-5378 | 4.3 |
Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is sm
|
15-10-2018 - 21:44 | 12-10-2007 - 01:17 | |
CVE-2007-5351 | 10.0 |
Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnera
|
15-10-2018 - 21:43 | 12-12-2007 - 00:46 | |
CVE-2007-5352 | 7.2 |
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
|
15-10-2018 - 21:43 | 08-01-2008 - 20:46 | |
CVE-2007-5350 | 7.2 |
Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."
|
15-10-2018 - 21:43 | 12-12-2007 - 00:46 | |
CVE-2007-5135 | 6.8 |
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue wa
|
15-10-2018 - 21:40 | 27-09-2007 - 20:17 | |
CVE-2007-4782 | 5.0 |
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanie
|
15-10-2018 - 21:38 | 10-09-2007 - 21:17 | |
CVE-2007-4286 | 9.3 |
Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.
|
15-10-2018 - 21:34 | 09-08-2007 - 21:17 | |
CVE-2007-4324 | 5.0 |
ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (S
|
15-10-2018 - 21:34 | 14-08-2007 - 00:17 | |
CVE-2007-4131 | 6.8 |
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
|
15-10-2018 - 21:33 | 25-08-2007 - 00:17 | |
CVE-2007-4134 | 6.8 |
Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
|
15-10-2018 - 21:33 | 30-08-2007 - 22:17 | |
CVE-2007-3895 | 9.3 |
Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.
|
15-10-2018 - 21:31 | 12-12-2007 - 00:46 | |
CVE-2007-3736 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probab
|
15-10-2018 - 21:30 | 18-07-2007 - 17:30 | |
CVE-2013-3916 | 9.3 |
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
CVE-2013-3910 | 9.3 |
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
CVE-2013-3912 | 9.3 |
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
CVE-2013-3908 | 4.3 |
Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that is not properly handled during a print-preview acti
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
CVE-2013-3895 | 6.8 |
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3911 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
CVE-2013-3891 | 9.3 |
Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3875 | 9.3 |
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3914 | 9.3 |
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
CVE-2013-3882 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3897 | 9.3 |
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that us
|
12-10-2018 - 22:05 | 09-10-2013 - 14:54 | |
CVE-2013-3860 | 7.8 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML d
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3885 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3866 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privil
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3855 | 9.3 |
Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerab
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3909 | 4.3 |
Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences, aka "Internet Explorer Information Disclosure Vulnerabilit
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
CVE-2013-3890 | 9.3 |
Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3898 | 7.9 |
Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, does not ensure memory-address validity, which allows guest OS users to execute arbitrary code in all guest OS instances, and allows guest OS users to cause a denial of service (host
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
CVE-2013-3870 | 9.3 |
Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability."
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3852 | 9.3 |
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corrupti
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3874 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3853 | 9.3 |
Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3889 | 9.3 |
Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Serve
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3865 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privil
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3854 | 9.3 |
Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3872 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3861 | 7.8 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3858 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3896 | 4.3 |
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability.
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3886 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3871 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3857 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attacker
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3873 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3851 | 9.3 |
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "W
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3915 | 9.3 |
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
CVE-2013-3880 | 3.5 |
The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan h
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3864 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privil
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3917 | 9.3 |
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
CVE-2013-3892 | 9.3 |
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3856 | 9.3 |
Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3125 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
CVE-2013-3198 | 7.2 |
The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory add
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3142 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
CVE-2013-3188 | 9.3 |
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3178 | 9.3 |
Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer V
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3153 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3117 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
CVE-2013-3112 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
CVE-2013-3191 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3162 | 9.3 |
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3202 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3209 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3159 | 4.3 |
Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an en
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3150 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3122 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
CVE-2013-3206 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3194 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3133 | 9.3 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafte
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3123 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
CVE-2013-3205 | 9.3 |
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3189 | 9.3 |
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3171 | 9.3 |
The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser a
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3145 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3201 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3190 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3179 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3160 | 5.0 |
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XM
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3203 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3132 | 9.3 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBA
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3127 | 9.3 |
The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafte
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3847 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3156 | 9.3 |
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access File Format Memory Corruption Vulnerab
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3116 | 9.3 |
Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
CVE-2013-3207 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3187 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3164 | 9.3 |
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3660 | 6.9 |
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does
|
12-10-2018 - 22:04 | 24-05-2013 - 20:55 | |
CVE-2013-3161 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3139 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
CVE-2013-3119 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
CVE-2013-3140 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted CMarkup object, aka "Internet Explorer Use After Free Vulnerability."
|
12-10-2018 - 22:04 | 16-12-2013 - 15:14 | |
CVE-2013-3113 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
CVE-2013-3124 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
CVE-2013-3199 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3147 | 9.3 |
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3115 | 9.3 |
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3849 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3196 | 7.2 |
The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory add
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3180 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3146 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3197 | 7.2 |
The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory add
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3155 | 9.3 |
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a di
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3149 | 9.3 |
Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3848 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3208 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3163 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3144 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3148 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3134 | 9.3 |
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework ap
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3120 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
CVE-2013-3111 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
CVE-2013-2551 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSe
|
12-10-2018 - 22:04 | 11-03-2013 - 10:55 | |
CVE-2013-3850 | 9.3 |
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3152 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3141 | 9.3 |
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
CVE-2013-3114 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
CVE-2013-3845 | 9.3 |
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3204 | 9.3 |
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3193 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3184 | 9.3 |
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3158 | 9.3 |
Microsoft Excel 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3136 | 4.4 |
The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to ob
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
CVE-2013-3121 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
CVE-2013-3192 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3182 | 7.8 |
The Windows NAT Driver (aka winnat) service in Microsoft Windows Server 2012 does not properly validate memory addresses during the processing of ICMP packets, which allows remote attackers to cause a denial of service (memory corruption and system h
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
CVE-2013-3166 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scro
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3157 | 9.3 |
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a di
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3143 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3118 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
CVE-2013-3151 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3131 | 9.3 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a craf
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3126 | 9.3 |
Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
CVE-2013-3110 | 9.3 |
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
CVE-2013-1310 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1284 | 4.9 |
Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
CVE-2013-1291 | 7.1 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenT
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
CVE-2013-1337 | 7.5 |
Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authenti
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1329 | 9.3 |
Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1335 | 9.3 |
Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1318 | 10.0 |
Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1306 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnera
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1324 | 9.3 |
Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Stack Buffer Overwrite Vulnerability."
|
12-10-2018 - 22:04 | 13-11-2013 - 00:55 | |
CVE-2013-1330 | 10.0 |
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-1290 | 3.5 |
Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
CVE-2013-1282 | 5.0 |
The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
CVE-2013-1343 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privil
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-1325 | 9.3 |
Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnerability."
|
12-10-2018 - 22:04 | 13-11-2013 - 00:55 | |
CVE-2013-1308 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a differ
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1331 | 9.3 |
Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
CVE-2013-1333 | 7.2 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1323 | 9.3 |
Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1327 | 9.3 |
Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1301 | 4.3 |
Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1320 | 10.0 |
Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1309 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a differ
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1341 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 allows local users to gain privileges via a crafted application, a
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-1336 | 5.0 |
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve s
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1317 | 9.3 |
Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1307 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different v
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1289 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
CVE-2013-1296 | 9.3 |
The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a d
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
CVE-2013-1319 | 10.0 |
Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1305 | 7.8 |
HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1297 | 4.3 |
Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1342 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privil
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-1338 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a differ
|
12-10-2018 - 22:04 | 02-05-2013 - 03:31 | |
CVE-2013-1302 | 9.3 |
Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lyn
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1316 | 9.3 |
Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1321 | 9.3 |
Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1304 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a differ
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
CVE-2013-1344 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privil
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-1313 | 9.3 |
Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability."
|
12-10-2018 - 22:04 | 13-02-2013 - 12:04 | |
CVE-2013-1328 | 9.3 |
Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1312 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1322 | 10.0 |
Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1303 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a differ
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
CVE-2012-4786 | 10.0 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute
|
12-10-2018 - 22:03 | 12-12-2012 - 00:55 | |
CVE-2012-3214 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
|
12-10-2018 - 22:03 | 17-10-2012 - 00:55 | |
CVE-2012-4781 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability."
|
12-10-2018 - 22:03 | 12-12-2012 - 00:55 | |
CVE-2012-3217 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK. Per: http://www.oracle.com/technetwork/topic
|
12-10-2018 - 22:03 | 17-10-2012 - 10:54 | |
CVE-2012-2521 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability."
|
12-10-2018 - 22:03 | 15-08-2012 - 01:55 | |
CVE-2012-2539 | 9.3 |
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RT
|
12-10-2018 - 22:03 | 12-12-2012 - 00:55 | |
CVE-2012-2523 | 9.3 |
Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Ov
|
12-10-2018 - 22:03 | 15-08-2012 - 01:55 | |
CVE-2012-2528 | 9.3 |
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote atta
|
12-10-2018 - 22:03 | 09-10-2012 - 21:55 | |
CVE-2012-2522 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corru
|
12-10-2018 - 22:03 | 15-08-2012 - 01:55 | |
CVE-2012-2543 | 9.3 |
Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack O
|
12-10-2018 - 22:03 | 14-11-2012 - 00:55 | |
CVE-2012-2536 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulne
|
12-10-2018 - 22:03 | 11-09-2012 - 18:55 | |
CVE-2012-2557 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."
|
12-10-2018 - 22:03 | 21-09-2012 - 21:55 | |
CVE-2012-2526 | 9.3 |
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, ak
|
12-10-2018 - 22:03 | 15-08-2012 - 01:55 | |
CVE-2013-0811 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different v
|
12-10-2018 - 22:03 | 15-05-2013 - 03:36 | |
CVE-2012-2548 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability."
|
12-10-2018 - 22:03 | 21-09-2012 - 21:55 | |
CVE-2012-2552 | 4.3 |
Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or H
|
12-10-2018 - 22:03 | 09-10-2012 - 21:55 | |
CVE-2012-1894 | 6.9 |
Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these
|
12-10-2018 - 22:03 | 10-07-2012 - 21:55 | |
CVE-2012-2546 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability."
|
12-10-2018 - 22:03 | 21-09-2012 - 21:55 | |
CVE-2012-2520 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0
|
12-10-2018 - 22:03 | 09-10-2012 - 21:55 | |
CVE-2012-2524 | 9.3 |
Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerabilit
|
12-10-2018 - 22:03 | 15-08-2012 - 01:55 | |
CVE-2013-0084 | 7.5 |
Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Direct
|
12-10-2018 - 22:03 | 13-03-2013 - 00:55 | |
CVE-2013-0418 | 6.8 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability t
|
12-10-2018 - 22:03 | 17-01-2013 - 01:55 | |
CVE-2013-0393 | 6.8 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability t
|
12-10-2018 - 22:03 | 17-01-2013 - 01:55 | |
CVE-2013-0080 | 7.5 |
Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
|
12-10-2018 - 22:03 | 13-03-2013 - 00:55 | |
CVE-2013-0085 | 7.8 |
Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
|
12-10-2018 - 22:03 | 13-03-2013 - 00:55 | |
CVE-2013-0079 | 9.3 |
Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
|
12-10-2018 - 22:03 | 13-03-2013 - 00:55 | |
CVE-2013-0027 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerabil
|
12-10-2018 - 22:03 | 13-02-2013 - 12:04 | |
CVE-2013-0015 | 4.3 |
Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scroll
|
12-10-2018 - 22:03 | 13-02-2013 - 12:04 | |
CVE-2013-0096 | 6.8 |
Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." Per: http://technet.microsof
|
12-10-2018 - 22:03 | 15-05-2013 - 03:36 | |
CVE-2013-0025 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
|
12-10-2018 - 22:03 | 13-02-2013 - 12:04 | |
CVE-2013-0081 | 5.0 |
Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka
|
12-10-2018 - 22:03 | 11-09-2013 - 14:03 | |
CVE-2013-0010 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerabili
|
12-10-2018 - 22:03 | 09-01-2013 - 18:09 | |
CVE-2013-0095 | 5.0 |
Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 ele
|
12-10-2018 - 22:03 | 13-03-2013 - 00:55 | |
CVE-2013-0086 | 5.0 |
Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
|
12-10-2018 - 22:03 | 13-03-2013 - 00:55 | |
CVE-2013-0028 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerabil
|
12-10-2018 - 22:03 | 13-02-2013 - 12:04 | |
CVE-2013-0082 | 9.3 |
Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability."
|
12-10-2018 - 22:03 | 13-11-2013 - 00:55 | |
CVE-2013-0078 | 7.2 |
The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerabi
|
12-10-2018 - 22:03 | 09-04-2013 - 22:55 | |
CVE-2013-0009 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerabili
|
12-10-2018 - 22:03 | 09-01-2013 - 18:09 | |
CVE-2013-0018 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability.
|
12-10-2018 - 22:03 | 13-02-2013 - 12:04 | |
CVE-2012-1868 | 6.9 |
Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability."
|
12-10-2018 - 22:02 | 12-06-2012 - 22:55 | |
CVE-2012-1847 | 9.3 |
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execu
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-1885 | 9.3 |
Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Se
|
12-10-2018 - 22:02 | 14-11-2012 - 00:55 | |
CVE-2012-1888 | 9.3 |
Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
|
12-10-2018 - 22:02 | 15-08-2012 - 01:55 | |
CVE-2012-1515 | 8.3 |
VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtu
|
12-10-2018 - 22:02 | 02-04-2012 - 10:46 | |
CVE-2012-1863 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafte
|
12-10-2018 - 22:02 | 10-07-2012 - 21:55 | |
CVE-2012-1862 | 6.8 |
Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
|
12-10-2018 - 22:02 | 10-07-2012 - 21:55 | |
CVE-2012-1860 | 5.5 |
Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive informati
|
12-10-2018 - 22:02 | 10-07-2012 - 21:55 | |
CVE-2012-1859 | 4.3 |
Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTM
|
12-10-2018 - 22:02 | 10-07-2012 - 21:55 | |
CVE-2012-1853 | 10.0 |
Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Admini
|
12-10-2018 - 22:02 | 15-08-2012 - 01:55 | |
CVE-2012-1852 | 10.0 |
Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote
|
12-10-2018 - 22:02 | 15-08-2012 - 01:55 | |
CVE-2012-1529 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use Af
|
12-10-2018 - 22:02 | 21-09-2012 - 21:55 | |
CVE-2012-1887 | 9.3 |
Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vuln
|
12-10-2018 - 22:02 | 14-11-2012 - 00:55 | |
CVE-2012-1526 | 9.3 |
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability
|
12-10-2018 - 22:02 | 15-08-2012 - 01:55 | |
CVE-2012-1861 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaS
|
12-10-2018 - 22:02 | 10-07-2012 - 21:55 | |
CVE-2012-1854 | 6.9 |
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain pr
|
12-10-2018 - 22:02 | 10-07-2012 - 21:55 | |
CVE-2012-1849 | 9.3 |
Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file,
|
12-10-2018 - 22:02 | 12-06-2012 - 22:55 | |
CVE-2012-1537 | 9.3 |
Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012
|
12-10-2018 - 22:02 | 12-12-2012 - 00:55 | |
CVE-2012-1892 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
|
12-10-2018 - 22:02 | 11-09-2012 - 18:55 | |
CVE-2012-1886 | 9.3 |
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel
|
12-10-2018 - 22:02 | 14-11-2012 - 00:55 | |
CVE-2012-0167 | 9.3 |
Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0147 | 5.0 |
Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Defa
|
12-10-2018 - 22:02 | 10-04-2012 - 21:55 | |
CVE-2012-0145 | 4.3 |
Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in
|
12-10-2018 - 22:02 | 14-02-2012 - 22:55 | |
CVE-2012-0146 | 5.8 |
Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vu
|
12-10-2018 - 22:02 | 10-04-2012 - 21:55 | |
CVE-2012-0165 | 9.3 |
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, a
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0142 | 9.3 |
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitr
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0016 | 9.3 |
Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory
|
12-10-2018 - 22:02 | 13-03-2012 - 21:55 | |
CVE-2012-0183 | 9.3 |
Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mis
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0158 | 9.3 |
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005
|
12-10-2018 - 22:02 | 10-04-2012 - 21:55 | |
CVE-2012-0185 | 9.3 |
Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0144 | 4.3 |
Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a
|
12-10-2018 - 22:02 | 14-02-2012 - 22:55 | |
CVE-2012-0138 | 9.3 |
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability
|
12-10-2018 - 22:02 | 14-02-2012 - 22:55 | |
CVE-2012-0181 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard L
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0162 | 9.3 |
Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Alloc
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0020 | 9.3 |
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability
|
12-10-2018 - 22:02 | 14-02-2012 - 22:55 | |
CVE-2012-0184 | 9.3 |
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execu
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0164 | 5.0 |
Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Co
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0141 | 9.3 |
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitr
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0176 | 9.3 |
Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability."
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0160 | 9.3 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0136 | 9.3 |
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability
|
12-10-2018 - 22:02 | 14-02-2012 - 22:55 | |
CVE-2012-0179 | 7.2 |
Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0161 | 9.3 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrar
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0159 | 9.3 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 bef
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0174 | 1.7 |
Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potenti
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0137 | 9.3 |
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability
|
12-10-2018 - 22:02 | 14-02-2012 - 22:55 | |
CVE-2012-0019 | 9.3 |
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability
|
12-10-2018 - 22:02 | 14-02-2012 - 22:55 | |
CVE-2012-0017 | 4.3 |
Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
|
12-10-2018 - 22:02 | 14-02-2012 - 22:55 | |
CVE-2012-0177 | 9.3 |
Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Ov
|
12-10-2018 - 22:02 | 10-04-2012 - 21:55 | |
CVE-2012-0018 | 9.3 |
Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0182 | 9.3 |
Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
|
12-10-2018 - 22:02 | 09-10-2012 - 21:55 | |
CVE-2012-0163 | 9.3 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted AS
|
12-10-2018 - 22:02 | 10-04-2012 - 21:55 | |
CVE-2012-0143 | 9.3 |
Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes V
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2011-3403 | 9.3 |
Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
|
12-10-2018 - 22:01 | 14-12-2011 - 00:55 | |
CVE-2011-3413 | 9.3 |
Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory
|
12-10-2018 - 22:01 | 14-12-2011 - 00:55 | |
CVE-2011-3396 | 9.3 |
Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability." Per: http://technet.
|
12-10-2018 - 22:01 | 14-12-2011 - 00:55 | |
CVE-2011-3412 | 9.3 |
Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
|
12-10-2018 - 22:01 | 14-12-2011 - 00:55 | |
CVE-2011-3411 | 9.3 |
Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
|
12-10-2018 - 22:01 | 14-12-2011 - 00:55 | |
CVE-2011-5046 | 9.3 |
The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly valida
|
12-10-2018 - 22:01 | 30-12-2011 - 19:55 | |
CVE-2011-1969 | 9.3 |
Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified
|
12-10-2018 - 22:01 | 12-10-2011 - 02:52 | |
CVE-2011-1982 | 9.3 |
Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1987 | 9.3 |
Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Offic
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1976 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer C
|
12-10-2018 - 22:01 | 10-08-2011 - 21:55 | |
CVE-2011-1890 | 4.3 |
Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerabilit
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1972 | 9.3 |
Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
|
12-10-2018 - 22:01 | 10-08-2011 - 21:55 | |
CVE-2011-1886 | 2.1 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer derefer
|
12-10-2018 - 22:01 | 13-07-2011 - 23:55 | |
CVE-2011-1893 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoi
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1986 | 9.3 |
Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-2007 | 5.0 |
Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
|
12-10-2018 - 22:01 | 12-10-2011 - 02:52 | |
CVE-2011-2008 | 5.0 |
Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
|
12-10-2018 - 22:01 | 12-10-2011 - 02:52 | |
CVE-2011-1988 | 9.3 |
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not proper
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1891 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1889 | 10.0 |
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulne
|
12-10-2018 - 22:01 | 16-06-2011 - 20:55 | |
CVE-2011-1990 | 9.3 |
Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an uns
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1896 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS
|
12-10-2018 - 22:01 | 12-10-2011 - 02:52 | |
CVE-2011-1989 | 9.3 |
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1983 | 9.3 |
Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
|
12-10-2018 - 22:01 | 14-12-2011 - 00:55 | |
CVE-2011-1895 | 4.3 |
CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XS
|
12-10-2018 - 22:01 | 12-10-2011 - 02:52 | |
CVE-2011-1979 | 9.3 |
Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
|
12-10-2018 - 22:01 | 10-08-2011 - 21:55 | |
CVE-2011-1897 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vul
|
12-10-2018 - 22:01 | 12-10-2011 - 02:52 | |
CVE-2011-1892 | 4.0 |
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1980 | 9.3 |
Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2012-0007 | 4.3 |
The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) a
|
12-10-2018 - 22:01 | 10-01-2012 - 21:55 | |
CVE-2012-0008 | 6.9 |
Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." Per: http://technet.mic
|
12-10-2018 - 22:01 | 13-03-2012 - 21:55 | |
CVE-2011-1275 | 9.3 |
Microsoft Excel 2002 SP3; Office 2004, 2008, and 2011 for Mac; and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cau
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-1272 | 9.3 |
Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate rec
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-1274 | 9.3 |
Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate rec
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-1270 | 9.3 |
Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
|
12-10-2018 - 22:00 | 13-05-2011 - 17:05 | |
CVE-2011-1508 | 9.3 |
Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer
|
12-10-2018 - 22:00 | 14-12-2011 - 00:55 | |
CVE-2011-1273 | 9.3 |
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-1278 | 9.3 |
Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-1280 | 4.3 |
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entitie
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-1277 | 9.3 |
Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of s
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-1269 | 9.3 |
Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during fi
|
12-10-2018 - 22:00 | 13-05-2011 - 17:05 | |
CVE-2011-1279 | 9.3 |
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-1276 | 9.3 |
Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows re
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-1243 | 9.3 |
The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnera
|
12-10-2018 - 22:00 | 13-04-2011 - 18:55 | |
CVE-2010-3973 | 9.3 |
The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef met
|
12-10-2018 - 21:59 | 23-12-2010 - 18:00 | |
CVE-2010-5082 | 9.3 |
Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory,
|
12-10-2018 - 21:59 | 17-01-2012 - 19:55 | |
CVE-2010-4398 | 7.2 |
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain
|
12-10-2018 - 21:59 | 06-12-2010 - 13:44 | |
CVE-2011-0656 | 9.3 |
Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint V
|
12-10-2018 - 21:59 | 13-04-2011 - 18:55 | |
CVE-2011-0104 | 9.3 |
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel f
|
12-10-2018 - 21:59 | 13-04-2011 - 18:55 | |
CVE-2011-0093 | 9.3 |
ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Da
|
12-10-2018 - 21:59 | 10-02-2011 - 16:00 | |
CVE-2011-0107 | 9.3 |
Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx f
|
12-10-2018 - 21:59 | 13-04-2011 - 18:55 | |
CVE-2011-0092 | 9.3 |
The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler
|
12-10-2018 - 21:59 | 10-02-2011 - 16:00 | |
CVE-2011-0978 | 9.3 |
Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary c
|
12-10-2018 - 21:59 | 10-02-2011 - 19:00 | |
CVE-2011-0040 | 5.0 |
The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a c
|
12-10-2018 - 21:59 | 09-02-2011 - 01:00 | |
CVE-2011-0101 | 9.3 |
Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, double-byte characters, and an incorrect pointer calculation, a
|
12-10-2018 - 21:59 | 13-04-2011 - 18:55 | |
CVE-2011-0103 | 9.3 |
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Exc
|
12-10-2018 - 21:59 | 13-04-2011 - 18:55 | |
CVE-2011-0976 | 9.3 |
Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not proper
|
12-10-2018 - 21:59 | 10-02-2011 - 19:00 | |
CVE-2011-0655 | 9.3 |
Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and P
|
12-10-2018 - 21:59 | 13-04-2011 - 18:55 | |
CVE-2011-0030 | 4.7 |
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted applicatio
|
12-10-2018 - 21:59 | 09-02-2011 - 01:00 | |
CVE-2011-0045 | 7.2 |
The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain pr
|
12-10-2018 - 21:59 | 09-02-2011 - 01:00 | |
CVE-2011-0977 | 9.3 |
Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Offi
|
12-10-2018 - 21:59 | 10-02-2011 - 19:00 | |
CVE-2011-0673 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability." Per: http://cwe.mitre.or
|
12-10-2018 - 21:59 | 13-04-2011 - 20:26 | |
CVE-2011-0653 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerabilit
|
12-10-2018 - 21:59 | 15-09-2011 - 12:26 | |
CVE-2011-0980 | 9.3 |
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointe
|
12-10-2018 - 21:59 | 10-02-2011 - 19:00 | |
CVE-2011-0039 | 7.2 |
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LS
|
12-10-2018 - 21:59 | 09-02-2011 - 01:00 | |
CVE-2011-0098 | 9.3 |
Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Format
|
12-10-2018 - 21:59 | 13-04-2011 - 18:55 | |
CVE-2011-0979 | 9.3 |
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, wh
|
12-10-2018 - 21:59 | 10-02-2011 - 19:00 | |
CVE-2011-0105 | 9.3 |
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary c
|
12-10-2018 - 21:59 | 13-04-2011 - 18:55 | |
CVE-2011-0097 | 9.3 |
Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 a
|
12-10-2018 - 21:59 | 13-04-2011 - 18:55 | |
CVE-2010-3946 | 9.3 |
Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Im
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3954 | 9.3 |
Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3960 | 4.9 |
Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3967 | 9.3 |
Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3936 | 4.3 |
Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS i
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-3952 | 9.3 |
The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Offic
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3950 | 9.3 |
The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3955 | 9.3 |
pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Inde
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3964 | 7.5 |
Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3951 | 9.3 |
Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Con
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3947 | 9.3 |
Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3945 | 9.3 |
Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3949 | 9.3 |
Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffe
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3240 | 9.3 |
Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a cr
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3237 | 9.3 |
Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3218 | 9.3 |
Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3215 | 9.3 |
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "W
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3233 | 9.3 |
Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-2572 | 9.3 |
Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-3241 | 9.3 |
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3238 | 9.3 |
Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerabili
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3221 | 9.3 |
Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memor
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-2747 | 9.3 |
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Wo
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3334 | 9.3 |
Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing a
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-3242 | 9.3 |
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Ty
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3138 | 9.3 |
Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player o
|
12-10-2018 - 21:58 | 27-08-2010 - 19:00 | |
CVE-2010-2750 | 9.3 |
Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3337 | 9.3 |
Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-3333 | 9.3 |
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-3230 | 9.3 |
Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-2732 | 5.8 |
Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspeci
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-3336 | 9.3 |
Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-3235 | 9.3 |
Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3216 | 9.3 |
Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-2733 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "U
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-2573 | 9.3 |
Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corrupt
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-2734 | 4.3 |
Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-3217 | 9.3 |
Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3236 | 9.3 |
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ou
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-2748 | 9.3 |
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-2728 | 9.3 |
Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in O
|
12-10-2018 - 21:58 | 15-09-2010 - 19:00 | |
CVE-2010-2571 | 9.3 |
Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3335 | 9.3 |
Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-3231 | 9.3 |
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Pa
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3239 | 9.3 |
Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3220 | 9.3 |
Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3146 | 9.3 |
Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contai
|
12-10-2018 - 21:58 | 27-08-2010 - 19:00 | |
CVE-2010-3214 | 9.3 |
Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer;
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3145 | 9.3 |
Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working
|
12-10-2018 - 21:58 | 27-08-2010 - 19:00 | |
CVE-2010-3232 | 9.3 |
Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record informa
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3234 | 9.3 |
Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3223 | 7.5 |
The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to re
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3219 | 9.3 |
Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3148 | 9.3 |
Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file
|
12-10-2018 - 21:58 | 27-08-2010 - 19:00 | |
CVE-2010-2570 | 9.3 |
Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka
|
12-10-2018 - 21:57 | 16-12-2010 - 19:33 | |
CVE-2010-2562 | 9.3 |
Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-1903 | 9.3 |
Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corrup
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-1263 | 9.3 |
Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do n
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-1246 | 9.3 |
Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-1902 | 9.3 |
Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File For
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-1250 | 9.3 |
Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-1252 | 9.3 |
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-2564 | 9.3 |
Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-2569 | 9.3 |
pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a
|
12-10-2018 - 21:57 | 16-12-2010 - 19:33 | |
CVE-2010-1901 | 9.3 |
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not pro
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-1247 | 9.3 |
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a differe
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-2561 | 9.3 |
Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Han
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-1881 | 9.3 |
The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows
|
12-10-2018 - 21:57 | 15-07-2010 - 12:57 | |
CVE-2010-1253 | 9.3 |
Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-1245 | 9.3 |
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) reco
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-1264 | 4.0 |
Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-1900 | 9.3 |
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 d
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-1888 | 6.8 |
Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability."
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-1880 | 9.3 |
Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "M
|
12-10-2018 - 21:57 | 08-06-2010 - 22:30 | |
CVE-2010-1249 | 9.3 |
Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, ak
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-1879 | 9.3 |
Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data,
|
12-10-2018 - 21:57 | 08-06-2010 - 22:30 | |
CVE-2010-1251 | 9.3 |
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-1898 | 9.3 |
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and deleg
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-1889 | 7.2 |
Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Window
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-1248 | 9.3 |
Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-0822 | 9.3 |
Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record,
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-0814 | 9.3 |
The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to
|
12-10-2018 - 21:57 | 15-07-2010 - 12:57 | |
CVE-2010-0824 | 9.3 |
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a diffe
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-0815 | 9.3 |
VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allow
|
12-10-2018 - 21:57 | 12-05-2010 - 11:46 | |
CVE-2010-0821 | 9.3 |
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-0817 | 4.3 |
Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via
|
12-10-2018 - 21:57 | 29-04-2010 - 21:30 | |
CVE-2010-0823 | 9.3 |
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-0239 | 10.0 |
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arb
|
12-10-2018 - 21:56 | 10-02-2010 - 18:30 | |
CVE-2010-0268 | 9.3 |
Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remo
|
12-10-2018 - 21:56 | 14-04-2010 - 16:00 | |
CVE-2010-0484 | 6.8 |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to ex
|
12-10-2018 - 21:56 | 08-06-2010 - 22:30 | |
CVE-2010-0257 | 9.3 |
Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
|
12-10-2018 - 21:56 | 10-03-2010 - 22:30 | |
CVE-2010-0032 | 9.3 |
Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
|
12-10-2018 - 21:56 | 10-02-2010 - 18:30 | |
CVE-2010-0030 | 9.3 |
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
|
12-10-2018 - 21:56 | 10-02-2010 - 18:30 | |
CVE-2010-0242 | 7.8 |
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, ak
|
12-10-2018 - 21:56 | 10-02-2010 - 18:30 | |
CVE-2010-0479 | 9.3 |
Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow
|
12-10-2018 - 21:56 | 14-04-2010 - 16:00 | |
CVE-2010-0256 | 7.6 |
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memo
|
12-10-2018 - 21:56 | 14-04-2010 - 16:00 | |
CVE-2010-0263 | 9.3 |
Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Serv
|
12-10-2018 - 21:56 | 10-03-2010 - 22:30 | |
CVE-2010-0031 | 9.3 |
Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invali
|
12-10-2018 - 21:56 | 10-02-2010 - 18:30 | |
CVE-2010-0266 | 9.3 |
Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a c
|
12-10-2018 - 21:56 | 15-07-2010 - 12:57 | |
CVE-2010-0264 | 9.3 |
Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft O
|
12-10-2018 - 21:56 | 10-03-2010 - 22:30 | |
CVE-2010-0023 | 6.9 |
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted
|
12-10-2018 - 21:56 | 10-02-2010 - 18:30 | |
CVE-2010-0033 | 9.3 |
Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
|
12-10-2018 - 21:56 | 10-02-2010 - 18:30 | |
CVE-2010-0262 | 9.3 |
Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, ak
|
12-10-2018 - 21:56 | 10-03-2010 - 22:30 | |
CVE-2010-0034 | 9.3 |
Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
|
12-10-2018 - 21:56 | 10-02-2010 - 18:30 | |
CVE-2010-0029 | 9.3 |
Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
|
12-10-2018 - 21:56 | 10-02-2010 - 18:30 | |
CVE-2010-0241 | 10.0 |
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitr
|
12-10-2018 - 21:56 | 10-02-2010 - 18:30 | |
CVE-2010-0260 | 9.3 |
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via
|
12-10-2018 - 21:56 | 10-03-2010 - 22:30 | |
CVE-2010-0240 | 10.0 |
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which a
|
12-10-2018 - 21:56 | 10-02-2010 - 18:30 | |
CVE-2010-0261 | 9.3 |
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a
|
12-10-2018 - 21:56 | 10-03-2010 - 22:30 | |
CVE-2010-0237 | 6.9 |
The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
|
12-10-2018 - 21:56 | 14-04-2010 - 16:00 | |
CVE-2010-0026 | 4.0 |
The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructi
|
12-10-2018 - 21:56 | 10-02-2010 - 18:30 | |
CVE-2010-0254 | 7.6 |
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulner
|
12-10-2018 - 21:56 | 14-04-2010 - 16:00 | |
CVE-2009-3130 | 9.3 |
Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka
|
12-10-2018 - 21:52 | 11-11-2009 - 20:30 | |
CVE-2009-3127 | 9.3 |
Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code
|
12-10-2018 - 21:52 | 11-11-2009 - 19:30 | |
CVE-2009-2528 | 9.3 |
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vu
|
12-10-2018 - 21:52 | 14-10-2009 - 10:30 | |
CVE-2009-2517 | 4.9 |
The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Ha
|
12-10-2018 - 21:52 | 14-10-2009 - 10:30 | |
CVE-2009-3135 | 9.3 |
Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via
|
12-10-2018 - 21:52 | 11-11-2009 - 19:30 | |
CVE-2009-3128 | 9.3 |
Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView
|
12-10-2018 - 21:52 | 11-11-2009 - 19:30 | |
CVE-2009-3132 | 9.3 |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and P
|
12-10-2018 - 21:52 | 11-11-2009 - 20:30 | |
CVE-2009-3103 | 10.0 |
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (syste
|
12-10-2018 - 21:52 | 08-09-2009 - 22:30 | |
CVE-2009-2518 | 9.3 |
Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability."
|
12-10-2018 - 21:52 | 14-10-2009 - 10:30 | |
CVE-2009-3126 | 9.3 |
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP
|
12-10-2018 - 21:52 | 14-10-2009 - 10:30 | |
CVE-2009-3134 | 9.3 |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and P
|
12-10-2018 - 21:52 | 11-11-2009 - 20:30 | |
CVE-2009-3131 | 9.3 |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and P
|
12-10-2018 - 21:52 | 11-11-2009 - 20:30 | |
CVE-2009-3133 | 9.3 |
Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "lo
|
12-10-2018 - 21:52 | 11-11-2009 - 20:30 | |
CVE-2009-3129 | 9.3 |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and P
|
12-10-2018 - 21:52 | 11-11-2009 - 19:30 | |
CVE-2009-2514 | 9.3 |
win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embed
|
12-10-2018 - 21:51 | 11-11-2009 - 19:30 | |
CVE-2009-2502 | 9.3 |
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3
|
12-10-2018 - 21:51 | 14-10-2009 - 10:30 | |
CVE-2009-2495 | 7.8 |
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obt
|
12-10-2018 - 21:51 | 29-07-2009 - 17:30 | |
CVE-2009-2501 | 9.3 |
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 G
|
12-10-2018 - 21:51 | 14-10-2009 - 10:30 | |
CVE-2009-2500 | 9.3 |
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP
|
12-10-2018 - 21:51 | 14-10-2009 - 10:30 | |
CVE-2009-2496 | 9.3 |
Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, In
|
12-10-2018 - 21:51 | 12-08-2009 - 17:30 | |
CVE-2009-1542 | 9.0 |
The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute a
|
12-10-2018 - 21:51 | 15-07-2009 - 15:30 | |
CVE-2009-1537 | 9.3 |
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary cod
|
12-10-2018 - 21:51 | 29-05-2009 - 18:30 | |
CVE-2009-2513 | 7.2 |
The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local user
|
12-10-2018 - 21:51 | 11-11-2009 - 19:30 | |
CVE-2009-2512 | 9.3 |
The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2)
|
12-10-2018 - 21:51 | 11-11-2009 - 19:30 | |
CVE-2009-1533 | 9.3 |
Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that trigg
|
12-10-2018 - 21:51 | 10-06-2009 - 18:00 | |
CVE-2009-2493 | 9.3 |
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2,
|
12-10-2018 - 21:51 | 29-07-2009 - 17:30 | |
CVE-2009-2505 | 10.0 |
The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute a
|
12-10-2018 - 21:51 | 09-12-2009 - 18:30 | |
CVE-2009-1534 | 9.3 |
Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary c
|
12-10-2018 - 21:51 | 12-08-2009 - 17:30 | |
CVE-2009-2504 | 9.3 |
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Mi
|
12-10-2018 - 21:51 | 14-10-2009 - 10:30 | |
CVE-2009-2503 | 9.3 |
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold a
|
12-10-2018 - 21:51 | 14-10-2009 - 10:30 | |
CVE-2009-2507 | 9.3 |
A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vul
|
12-10-2018 - 21:51 | 14-10-2009 - 10:30 | |
CVE-2009-1536 | 2.6 |
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via
|
12-10-2018 - 21:51 | 12-08-2009 - 17:30 | |
CVE-2009-1137 | 9.3 |
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulne
|
12-10-2018 - 21:51 | 12-05-2009 - 22:30 | |
CVE-2009-1134 | 9.3 |
Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file w
|
12-10-2018 - 21:51 | 10-06-2009 - 18:30 | |
CVE-2009-1135 | 9.0 |
Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web
|
12-10-2018 - 21:51 | 15-07-2009 - 15:30 | |
CVE-2009-1136 | 9.3 |
The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Micro
|
12-10-2018 - 21:51 | 15-07-2009 - 15:30 | |
CVE-2009-0222 | 9.3 |
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka
|
12-10-2018 - 21:50 | 12-05-2009 - 22:30 | |
CVE-2009-1131 | 9.3 |
Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Dat
|
12-10-2018 - 21:50 | 12-05-2009 - 22:30 | |
CVE-2009-0225 | 9.3 |
Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corrupti
|
12-10-2018 - 21:50 | 12-05-2009 - 22:30 | |
CVE-2009-1129 | 9.3 |
Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a fil
|
12-10-2018 - 21:50 | 12-05-2009 - 22:30 | |
CVE-2009-0549 | 9.3 |
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Ex
|
12-10-2018 - 21:50 | 10-06-2009 - 18:30 | |
CVE-2009-0238 | 9.3 |
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remot
|
12-10-2018 - 21:50 | 25-02-2009 - 16:30 | |
CVE-2009-0559 | 9.3 |
Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
|
12-10-2018 - 21:50 | 10-06-2009 - 18:30 | |
CVE-2009-0223 | 9.3 |
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulne
|
12-10-2018 - 21:50 | 12-05-2009 - 22:30 | |
CVE-2009-1128 | 9.3 |
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vul
|
12-10-2018 - 21:50 | 12-05-2009 - 22:30 | |
CVE-2009-0228 | 10.0 |
Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a crafted ShareName in a response to an RPC req
|
12-10-2018 - 21:50 | 10-06-2009 - 18:00 | |
CVE-2009-0235 | 9.3 |
Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corrupti
|
12-10-2018 - 21:50 | 15-04-2009 - 08:00 | |
CVE-2009-1130 | 9.3 |
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that
|
12-10-2018 - 21:50 | 12-05-2009 - 22:30 | |
CVE-2009-0565 | 9.3 |
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Forma
|
12-10-2018 - 21:50 | 10-06-2009 - 18:00 | |
CVE-2009-0227 | 9.3 |
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a fil
|
12-10-2018 - 21:50 | 12-05-2009 - 22:30 | |
CVE-2009-0224 | 9.3 |
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and
|
12-10-2018 - 21:50 | 12-05-2009 - 22:30 | |
CVE-2009-0560 | 9.3 |
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office
|
12-10-2018 - 21:50 | 10-06-2009 - 18:30 | |
CVE-2009-0557 | 9.3 |
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office
|
12-10-2018 - 21:50 | 10-06-2009 - 18:30 | |
CVE-2009-0558 | 9.3 |
Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Arra
|
12-10-2018 - 21:50 | 10-06-2009 - 18:30 | |
CVE-2009-0568 | 10.0 |
The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary mem
|
12-10-2018 - 21:50 | 10-06-2009 - 18:00 | |
CVE-2009-0220 | 9.3 |
Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file th
|
12-10-2018 - 21:50 | 12-05-2009 - 22:30 | |
CVE-2009-0226 | 9.3 |
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0
|
12-10-2018 - 21:50 | 12-05-2009 - 22:30 | |
CVE-2009-0556 | 9.3 |
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value tha
|
12-10-2018 - 21:50 | 03-04-2009 - 18:30 | |
CVE-2009-0237 | 4.3 |
Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006
|
12-10-2018 - 21:50 | 15-04-2009 - 08:00 | |
CVE-2009-0563 | 9.3 |
Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Mi
|
12-10-2018 - 21:50 | 10-06-2009 - 18:00 | |
CVE-2009-1127 | 7.2 |
win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain pr
|
12-10-2018 - 21:50 | 11-11-2009 - 19:30 | |
CVE-2009-0230 | 9.0 |
The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file
|
12-10-2018 - 21:50 | 10-06-2009 - 18:00 | |
CVE-2009-0561 | 9.3 |
Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP
|
12-10-2018 - 21:50 | 10-06-2009 - 18:30 | |
CVE-2009-0901 | 9.3 |
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Serv
|
12-10-2018 - 21:50 | 29-07-2009 - 17:30 | |
CVE-2009-0566 | 9.3 |
Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Deref
|
12-10-2018 - 21:50 | 15-07-2009 - 15:30 | |
CVE-2009-0221 | 9.3 |
Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field
|
12-10-2018 - 21:50 | 12-05-2009 - 22:30 | |
CVE-2009-0562 | 9.3 |
The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Accelerati
|
12-10-2018 - 21:50 | 12-08-2009 - 17:30 | |
CVE-2008-5416 | 9.0 |
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 an
|
12-10-2018 - 21:49 | 10-12-2008 - 14:00 | |
CVE-2008-4841 | 9.3 |
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corrupti
|
12-10-2018 - 21:49 | 10-12-2008 - 14:00 | |
CVE-2008-4844 | 9.3 |
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2)
|
12-10-2018 - 21:49 | 11-12-2008 - 15:30 | |
CVE-2009-0100 | 9.3 |
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
|
12-10-2018 - 21:49 | 15-04-2009 - 08:00 | |
CVE-2009-0077 | 5.0 |
The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the sessio
|
12-10-2018 - 21:49 | 15-04-2009 - 08:00 | |
CVE-2009-0102 | 9.3 |
Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerabi
|
12-10-2018 - 21:49 | 09-12-2009 - 18:30 | |
CVE-2009-0099 | 5.0 |
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage
|
12-10-2018 - 21:49 | 10-02-2009 - 22:30 | |
CVE-2009-0096 | 9.3 |
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
|
12-10-2018 - 21:49 | 10-02-2009 - 22:30 | |
CVE-2009-0095 | 9.3 |
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
|
12-10-2018 - 21:49 | 10-02-2009 - 22:30 | |
CVE-2009-0098 | 9.3 |
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message
|
12-10-2018 - 21:49 | 10-02-2009 - 22:30 | |
CVE-2009-0217 | 5.0 |
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLog
|
12-10-2018 - 21:49 | 14-07-2009 - 23:30 | |
CVE-2009-0097 | 9.3 |
Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
|
12-10-2018 - 21:49 | 10-02-2009 - 22:30 | |
CVE-2008-4269 | 8.5 |
The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML docum
|
12-10-2018 - 21:48 | 10-12-2008 - 14:00 | |
CVE-2008-4252 | 8.5 |
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a c
|
12-10-2018 - 21:48 | 10-12-2008 - 14:00 | |
CVE-2008-4023 | 10.0 |
Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
|
12-10-2018 - 21:48 | 15-10-2008 - 00:12 | |
CVE-2008-4032 | 7.5 |
Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obt
|
12-10-2018 - 21:48 | 10-12-2008 - 14:00 | |
CVE-2008-4268 | 8.5 |
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search f
|
12-10-2018 - 21:48 | 10-12-2008 - 14:00 | |
CVE-2008-4256 | 8.5 |
The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote at
|
12-10-2018 - 21:48 | 10-12-2008 - 14:00 | |
CVE-2008-4265 | 9.3 |
Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format
|
12-10-2018 - 21:48 | 10-12-2008 - 14:00 | |
CVE-2008-4253 | 8.5 |
The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allo
|
12-10-2018 - 21:48 | 10-12-2008 - 14:00 | |
CVE-2008-4266 | 9.3 |
Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Exc
|
12-10-2018 - 21:48 | 10-12-2008 - 14:00 | |
CVE-2008-4254 | 8.5 |
Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols prop
|
12-10-2018 - 21:48 | 10-12-2008 - 14:00 | |
CVE-2008-4033 | 4.3 |
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the
|
12-10-2018 - 21:48 | 12-11-2008 - 23:30 | |
CVE-2008-4020 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which rende
|
12-10-2018 - 21:48 | 15-10-2008 - 00:12 | |
CVE-2008-4264 | 9.3 |
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open
|
12-10-2018 - 21:48 | 10-12-2008 - 14:00 | |
CVE-2008-4255 | 9.3 |
Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Proj
|
12-10-2018 - 21:48 | 10-12-2008 - 14:00 | |
CVE-2008-3704 | 9.3 |
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP
|
12-10-2018 - 21:48 | 18-08-2008 - 19:41 | |
CVE-2008-3464 | 7.2 |
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a cra
|
12-10-2018 - 21:48 | 15-10-2008 - 00:12 | |
CVE-2008-3479 | 10.0 |
Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of
|
12-10-2018 - 21:48 | 15-10-2008 - 00:12 | |
CVE-2008-3466 | 10.0 |
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or
|
12-10-2018 - 21:48 | 15-10-2008 - 00:12 | |
CVE-2008-3019 | 9.3 |
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Ma
|
12-10-2018 - 21:47 | 12-08-2008 - 23:41 | |
CVE-2008-3021 | 9.3 |
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field,
|
12-10-2018 - 21:47 | 12-08-2008 - 23:41 | |
CVE-2008-2540 | 9.3 |
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downlo
|
12-10-2018 - 21:47 | 03-06-2008 - 15:32 | |
CVE-2008-3020 | 9.3 |
Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability."
|
12-10-2018 - 21:47 | 12-08-2008 - 23:41 | |
CVE-2008-3015 | 9.3 |
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2,
|
12-10-2018 - 21:47 | 11-09-2008 - 01:11 | |
CVE-2008-2947 | 6.8 |
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.hre
|
12-10-2018 - 21:47 | 30-06-2008 - 22:41 | |
CVE-2008-3460 | 9.3 |
WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG fil
|
12-10-2018 - 21:47 | 12-08-2008 - 23:41 | |
CVE-2008-3007 | 9.3 |
Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "
|
12-10-2018 - 21:47 | 11-09-2008 - 01:11 | |
CVE-2008-3010 | 10.0 |
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and ex
|
12-10-2018 - 21:47 | 10-12-2008 - 14:00 | |
CVE-2008-2245 | 9.3 |
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
|
12-10-2018 - 21:47 | 13-08-2008 - 00:41 | |
CVE-2008-3018 | 9.3 |
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulne
|
12-10-2018 - 21:47 | 12-08-2008 - 23:41 | |
CVE-2008-3003 | 6.6 |
Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information an
|
12-10-2018 - 21:47 | 12-08-2008 - 23:41 | |
CVE-2008-1448 | 7.1 |
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended a
|
12-10-2018 - 21:47 | 13-08-2008 - 00:41 | |
CVE-2008-1453 | 8.3 |
The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets.
|
12-10-2018 - 21:47 | 12-06-2008 - 02:32 | |
CVE-2008-1445 | 7.1 |
Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
|
12-10-2018 - 21:45 | 12-06-2008 - 02:32 | |
CVE-2008-1441 | 5.4 |
Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options,
|
12-10-2018 - 21:45 | 12-06-2008 - 02:32 | |
CVE-2008-1438 | 5.0 |
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with
|
12-10-2018 - 21:45 | 13-05-2008 - 22:20 | |
CVE-2008-0117 | 9.3 |
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnera
|
12-10-2018 - 21:45 | 11-03-2008 - 23:44 | |
CVE-2008-1089 | 9.3 |
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability
|
12-10-2018 - 21:45 | 08-04-2008 - 23:05 | |
CVE-2008-1090 | 9.3 |
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
|
12-10-2018 - 21:45 | 08-04-2008 - 23:05 | |
CVE-2008-1434 | 9.3 |
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (C
|
12-10-2018 - 21:45 | 13-05-2008 - 22:20 | |
CVE-2008-1084 | 7.2 |
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: i
|
12-10-2018 - 21:45 | 08-04-2008 - 23:05 | |
CVE-2008-1442 | 9.3 |
Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Object
|
12-10-2018 - 21:45 | 12-06-2008 - 02:32 | |
CVE-2008-1435 | 9.3 |
Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search V
|
12-10-2018 - 21:45 | 08-07-2008 - 23:41 | |
CVE-2008-1437 | 5.0 |
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted
|
12-10-2018 - 21:45 | 13-05-2008 - 22:20 | |
CVE-2008-1091 | 9.3 |
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers
|
12-10-2018 - 21:45 | 13-05-2008 - 22:20 | |
CVE-2008-1444 | 9.3 |
Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the
|
12-10-2018 - 21:45 | 12-06-2008 - 02:32 | |
CVE-2008-1085 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that do
|
12-10-2018 - 21:45 | 08-04-2008 - 23:05 | |
CVE-2008-0121 | 9.3 |
A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
|
12-10-2018 - 21:45 | 13-08-2008 - 00:41 | |
CVE-2008-0118 | 9.3 |
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corrupti
|
12-10-2018 - 21:45 | 11-03-2008 - 23:44 | |
CVE-2008-1087 | 9.3 |
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflo
|
12-10-2018 - 21:45 | 08-04-2008 - 23:05 | |
CVE-2008-0120 | 9.3 |
Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocatio
|
12-10-2018 - 21:45 | 13-08-2008 - 00:41 | |
CVE-2008-1088 | 9.3 |
Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
|
12-10-2018 - 21:45 | 08-04-2008 - 23:05 | |
CVE-2007-3891 | 6.8 |
Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes.
|
12-10-2018 - 21:44 | 14-08-2007 - 22:17 | |
CVE-2007-3890 | 9.3 |
Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
|
12-10-2018 - 21:44 | 14-08-2007 - 21:17 | |
CVE-2008-0076 | 9.3 |
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."
|
12-10-2018 - 21:44 | 12-02-2008 - 23:00 | |
CVE-2008-0015 | 9.3 |
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP
|
12-10-2018 - 21:44 | 07-07-2009 - 23:30 | |
CVE-2008-0108 | 9.3 |
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "M
|
12-10-2018 - 21:44 | 12-02-2008 - 23:00 | |
CVE-2008-0078 | 9.3 |
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."
|
12-10-2018 - 21:44 | 12-02-2008 - 23:00 | |
CVE-2008-0103 | 9.3 |
Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling e
|
12-10-2018 - 21:44 | 13-02-2008 - 00:00 | |
CVE-2008-0111 | 9.3 |
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validati
|
12-10-2018 - 21:44 | 11-03-2008 - 23:44 | |
CVE-2008-0102 | 10.0 |
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
|
12-10-2018 - 21:44 | 12-02-2008 - 23:00 | |
CVE-2008-0084 | 7.8 |
Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. Apply patches.
Windows Vista:
http://www.microsoft.com/downloads/de..
|
12-10-2018 - 21:44 | 12-02-2008 - 21:00 | |
CVE-2008-0011 | 9.3 |
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a c
|
12-10-2018 - 21:44 | 12-06-2008 - 02:32 | |
CVE-2008-0020 | 9.3 |
Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
|
12-10-2018 - 21:44 | 07-07-2009 - 23:30 | |
CVE-2008-0112 | 9.3 |
Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Impo
|
12-10-2018 - 21:44 | 11-03-2008 - 23:44 | |
CVE-2008-0114 | 9.3 |
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
|
12-10-2018 - 21:44 | 11-03-2008 - 23:44 | |
CVE-2008-0105 | 9.3 |
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Co
|
12-10-2018 - 21:44 | 12-02-2008 - 23:00 | |
CVE-2008-0083 | 9.3 |
The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary
|
12-10-2018 - 21:44 | 08-04-2008 - 23:05 | |
CVE-2008-0110 | 9.3 |
Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
|
12-10-2018 - 21:44 | 11-03-2008 - 23:44 | |
CVE-2008-0115 | 9.3 |
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerabil
|
12-10-2018 - 21:44 | 11-03-2008 - 23:44 | |
CVE-2007-3033 | 4.3 |
Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are no
|
12-10-2018 - 21:43 | 14-08-2007 - 22:17 | |
CVE-2007-2931 | 9.3 |
Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat se
|
12-10-2018 - 21:43 | 31-08-2007 - 22:17 | |
CVE-2007-3030 | 7.6 |
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corru
|
12-10-2018 - 21:43 | 10-07-2007 - 22:30 | |
CVE-2007-3032 | 6.8 |
Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported.
|
12-10-2018 - 21:43 | 14-08-2007 - 22:17 | |
CVE-2007-0948 | 9.3 |
Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and i
|
12-10-2018 - 21:43 | 14-08-2007 - 22:17 | |
CVE-2007-1201 | 9.3 |
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components Data
|
12-10-2018 - 21:43 | 11-03-2008 - 23:44 | |
CVE-2007-0208 | 9.3 |
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers
|
12-10-2018 - 21:42 | 13-02-2007 - 21:28 | |
CVE-2007-0671 | 9.3 |
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in tar
|
12-10-2018 - 21:42 | 03-02-2007 - 01:28 | |
CVE-2007-0065 | 10.0 |
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a c
|
12-10-2018 - 21:42 | 12-02-2008 - 23:00 | |
CVE-2007-0214 | 9.3 |
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
|
12-10-2018 - 21:42 | 13-02-2007 - 20:28 | |
CVE-2007-0515 | 9.3 |
Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Md
|
12-10-2018 - 21:42 | 26-01-2007 - 00:28 | |
CVE-2007-0211 | 7.2 |
The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of
|
12-10-2018 - 21:42 | 13-02-2007 - 20:28 | |
CVE-2007-0025 | 9.3 |
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers
|
12-10-2018 - 21:42 | 13-02-2007 - 20:28 | |
CVE-2007-0026 | 7.6 |
The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
|
12-10-2018 - 21:42 | 13-02-2007 - 20:28 | |
CVE-2007-0210 | 7.2 |
The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.
|
12-10-2018 - 21:42 | 13-02-2007 - 20:28 | |
CVE-2007-0216 | 9.3 |
wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter
|
12-10-2018 - 21:42 | 12-02-2008 - 23:00 | |
CVE-2007-0209 | 9.3 |
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corru
|
12-10-2018 - 21:42 | 13-02-2007 - 21:28 | |
CVE-2007-0675 | 7.6 |
A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorize
|
12-10-2018 - 21:42 | 03-02-2007 - 01:28 | |
CVE-2006-5745 | 7.6 |
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted ar
|
12-10-2018 - 21:41 | 06-11-2006 - 18:07 | |
CVE-2006-5559 | 9.3 |
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when
|
12-10-2018 - 21:41 | 27-10-2006 - 16:07 | |
CVE-2006-4640 | 6.8 |
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
|
12-10-2018 - 21:41 | 12-09-2006 - 23:07 | |
CVE-2006-4695 | 9.3 |
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
|
12-10-2018 - 21:41 | 31-12-2006 - 05:00 | |
CVE-2006-3440 | 10.0 |
Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
|
12-10-2018 - 21:40 | 09-08-2006 - 01:04 | |
CVE-2006-3438 | 9.3 |
Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file contain
|
12-10-2018 - 21:40 | 09-08-2006 - 00:04 | |
CVE-2006-2492 | 7.6 |
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by
|
12-10-2018 - 21:40 | 20-05-2006 - 00:02 | |
CVE-2006-3587 | 5.1 |
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.
|
12-10-2018 - 21:40 | 13-07-2006 - 21:05 | |
CVE-2006-3649 | 5.1 |
Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006,
|
12-10-2018 - 21:40 | 09-08-2006 - 00:04 | |
CVE-2006-3648 | 7.6 |
Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly
|
12-10-2018 - 21:40 | 09-08-2006 - 01:04 | |
CVE-2006-3014 | 5.1 |
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens
|
12-10-2018 - 21:40 | 22-06-2006 - 00:06 | |
CVE-2006-3441 | 10.0 |
Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue,
|
12-10-2018 - 21:40 | 09-08-2006 - 01:04 | |
CVE-2006-2389 | 9.3 |
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption
|
12-10-2018 - 21:40 | 11-07-2006 - 21:05 | |
CVE-2006-3588 | 2.6 |
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.
|
12-10-2018 - 21:40 | 13-07-2006 - 21:05 | |
CVE-2006-3439 | 10.0 |
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-
|
12-10-2018 - 21:40 | 09-08-2006 - 01:04 | |
CVE-2006-1300 | 5.0 |
Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly b
|
12-10-2018 - 21:39 | 11-07-2006 - 21:05 | |
CVE-2006-1309 | 9.3 |
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
|
12-10-2018 - 21:39 | 13-07-2006 - 22:05 | |
CVE-2006-1311 | 9.3 |
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute ar
|
12-10-2018 - 21:39 | 13-02-2007 - 20:28 | |
CVE-2006-1308 | 9.3 |
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
|
12-10-2018 - 21:39 | 13-07-2006 - 22:05 | |
CVE-2006-1316 | 9.3 |
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption rela
|
12-10-2018 - 21:39 | 11-07-2006 - 21:05 | |
CVE-2006-1301 | 9.3 |
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
|
12-10-2018 - 21:39 | 13-07-2006 - 22:05 | |
CVE-2006-0024 | 5.1 |
Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.
|
12-10-2018 - 21:38 | 15-03-2006 - 16:06 | |
CVE-2006-0025 | 9.3 |
Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.
|
12-10-2018 - 21:38 | 13-06-2006 - 19:06 | |
CVE-2006-0022 | 7.6 |
Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a ma
|
12-10-2018 - 21:38 | 13-06-2006 - 19:06 | |
CVE-2006-0020 | 9.3 |
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute co
|
12-10-2018 - 21:38 | 10-01-2006 - 21:03 | |
CVE-2006-0033 | 9.3 |
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
|
12-10-2018 - 21:38 | 11-07-2006 - 21:05 | |
CVE-2005-2126 | 2.6 |
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwri
|
12-10-2018 - 21:37 | 21-10-2005 - 18:02 | |
CVE-2005-2123 | 7.5 |
Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format im
|
12-10-2018 - 21:37 | 29-11-2005 - 21:03 | |
CVE-2005-2117 | 5.1 |
Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
|
12-10-2018 - 21:37 | 21-10-2005 - 18:02 | |
CVE-2005-2128 | 5.0 |
QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
|
12-10-2018 - 21:37 | 12-10-2005 - 13:04 | |
CVE-2005-2120 | 6.5 |
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters
|
12-10-2018 - 21:37 | 13-10-2005 - 10:02 | |
CVE-2005-0564 | 7.5 |
Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
|
12-10-2018 - 21:36 | 12-07-2005 - 04:00 | |
CVE-2005-1215 | 7.5 |
Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
|
12-10-2018 - 21:36 | 14-06-2005 - 04:00 | |
CVE-2005-1208 | 10.0 |
Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer ov
|
12-10-2018 - 21:36 | 14-06-2005 - 04:00 | |
CVE-2005-1983 | 10.0 |
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious applica
|
12-10-2018 - 21:36 | 10-08-2005 - 04:00 | |
CVE-2005-1205 | 5.0 |
The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
|
12-10-2018 - 21:36 | 14-06-2005 - 04:00 | |
CVE-2005-1216 | 7.5 |
Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
|
12-10-2018 - 21:36 | 14-06-2005 - 04:00 | |
CVE-2005-1213 | 7.5 |
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
|
12-10-2018 - 21:36 | 14-06-2005 - 04:00 | |
CVE-2005-0550 | 2.1 |
Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
|
12-10-2018 - 21:36 | 02-05-2005 - 04:00 | |
CVE-2005-0551 | 10.0 |
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that p
|
12-10-2018 - 21:36 | 02-05-2005 - 04:00 | |
CVE-2005-1206 | 7.5 |
Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
|
12-10-2018 - 21:36 | 14-06-2005 - 04:00 | |
CVE-2004-1244 | 7.5 |
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."
|
12-10-2018 - 21:35 | 08-02-2004 - 05:00 | |
CVE-2004-0897 | 10.0 |
The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
|
12-10-2018 - 21:35 | 11-01-2005 - 05:00 | |
CVE-2004-0844 | 5.0 |
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Doubl
|
12-10-2018 - 21:35 | 03-11-2004 - 05:00 | |
CVE-2005-0051 | 7.5 |
The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe
|
12-10-2018 - 21:35 | 02-05-2005 - 04:00 | |
CVE-2004-0900 | 10.0 |
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Req
|
12-10-2018 - 21:35 | 10-01-2005 - 05:00 | |
CVE-2004-0846 | 7.5 |
Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
|
12-10-2018 - 21:35 | 03-11-2004 - 05:00 | |
CVE-2004-1049 | 5.1 |
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and I
|
12-10-2018 - 21:35 | 31-12-2004 - 05:00 | |
CVE-2004-0899 | 5.0 |
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application cra
|
12-10-2018 - 21:35 | 10-01-2005 - 05:00 | |
CVE-2004-0380 | 10.0 |
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM)
|
12-10-2018 - 21:34 | 04-05-2004 - 04:00 | |
CVE-2004-0199 | 5.1 |
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability
|
12-10-2018 - 21:34 | 14-06-2004 - 04:00 | |
CVE-2004-0208 | 7.2 |
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a wa
|
12-10-2018 - 21:34 | 03-11-2004 - 05:00 | |
CVE-2004-0122 | 5.0 |
Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.
|
12-10-2018 - 21:34 | 15-04-2004 - 04:00 | |
CVE-2004-0569 | 7.5 |
The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values.
|
12-10-2018 - 21:34 | 03-11-2004 - 05:00 | |
CVE-2004-0123 | 7.5 |
Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
|
12-10-2018 - 21:34 | 01-06-2004 - 04:00 | |
CVE-2004-0124 | 2.6 |
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
|
12-10-2018 - 21:34 | 01-06-2004 - 04:00 | |
CVE-2003-0910 | 7.2 |
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descri
|
12-10-2018 - 21:33 | 01-06-2004 - 04:00 | |
CVE-2003-0909 | 7.2 |
Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability."
|
12-10-2018 - 21:33 | 01-06-2004 - 04:00 | |
CVE-2003-0908 | 7.2 |
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the
|
12-10-2018 - 21:33 | 01-06-2004 - 04:00 | |
CVE-2004-0117 | 7.5 |
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
|
12-10-2018 - 21:33 | 01-06-2004 - 04:00 | |
CVE-2003-0719 | 7.5 |
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows re
|
12-10-2018 - 21:33 | 01-06-2004 - 04:00 | |
CVE-2003-0821 | 7.5 |
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
|
12-10-2018 - 21:33 | 15-12-2003 - 05:00 | |
CVE-2004-0118 | 7.2 |
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
|
12-10-2018 - 21:33 | 01-06-2004 - 04:00 | |
CVE-2002-1183 | 7.5 |
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).
|
12-10-2018 - 21:32 | 11-12-2002 - 05:00 | |
CVE-2003-0353 | 7.5 |
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
|
12-10-2018 - 21:32 | 27-08-2003 - 04:00 | |
CVE-2003-0346 | 7.5 |
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which l
|
12-10-2018 - 21:32 | 27-08-2003 - 04:00 | |
CVE-2003-0533 | 7.5 |
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and
|
12-10-2018 - 21:32 | 01-06-2004 - 04:00 | |
CVE-2003-0664 | 7.5 |
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
|
12-10-2018 - 21:32 | 20-10-2003 - 04:00 | |
CVE-2003-0349 | 7.5 |
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via
|
12-10-2018 - 21:32 | 24-07-2003 - 04:00 | |
CVE-2002-1056 | 7.5 |
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary s
|
12-10-2018 - 21:31 | 16-05-2002 - 04:00 | |
CVE-2002-0012 | 10.0 |
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candi
|
12-10-2018 - 21:30 | 13-02-2002 - 05:00 | |
CVE-1999-0736 | 5.0 |
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
|
12-10-2018 - 21:29 | 07-05-1999 - 04:00 | |
CVE-2000-0377 | 5.0 |
The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.
|
12-10-2018 - 21:29 | 08-06-2000 - 04:00 | |
CVE-1999-0278 | 5.0 |
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
|
12-10-2018 - 21:29 | 01-06-1998 - 04:00 | |
CVE-2000-0979 | 6.4 |
File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first characte
|
12-10-2018 - 21:29 | 19-12-2000 - 05:00 | |
CVE-2009-0361 | 4.6 |
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files b
|
11-10-2018 - 21:01 | 13-02-2009 - 17:30 | |
CVE-2009-0360 | 6.2 |
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configurat
|
11-10-2018 - 21:01 | 13-02-2009 - 17:30 | |
CVE-2009-0159 | 6.8 |
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
|
11-10-2018 - 21:00 | 14-04-2009 - 15:30 | |
CVE-2009-0037 | 6.8 |
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or o
|
11-10-2018 - 20:59 | 05-03-2009 - 02:30 | |
CVE-2008-7245 | 5.0 |
Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
|
11-10-2018 - 20:58 | 18-09-2009 - 22:30 | |
CVE-2009-0028 | 2.1 |
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting thi
|
11-10-2018 - 20:58 | 27-02-2009 - 17:30 | |
CVE-2009-0016 | 5.0 |
Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.
|
11-10-2018 - 20:58 | 14-03-2009 - 18:30 | |
CVE-2009-0021 | 5.0 |
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for
|
11-10-2018 - 20:58 | 07-01-2009 - 17:30 | |
CVE-2009-0006 | 9.3 |
Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-b
|
11-10-2018 - 20:58 | 21-01-2009 - 20:30 | |
CVE-2009-0025 | 6.8 |
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulne
|
11-10-2018 - 20:58 | 07-01-2009 - 17:30 | |
CVE-2008-5700 | 1.9 |
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.
|
11-10-2018 - 20:56 | 22-12-2008 - 15:30 | |
CVE-2008-5689 | 7.2 |
tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference. Com
|
11-10-2018 - 20:56 | 19-12-2008 - 17:30 | |
CVE-2008-5300 | 4.9 |
Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulne
|
11-10-2018 - 20:54 | 01-12-2008 - 17:30 | |
CVE-2008-5303 | 6.9 |
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this
|
11-10-2018 - 20:54 | 01-12-2008 - 17:30 | |
CVE-2008-5302 | 6.9 |
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, an
|
11-10-2018 - 20:54 | 01-12-2008 - 17:30 | |
CVE-2008-5077 | 5.8 |
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
|
11-10-2018 - 20:53 | 07-01-2009 - 17:30 | |
CVE-2008-4552 | 7.5 |
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended acce
|
11-10-2018 - 20:52 | 14-10-2008 - 20:00 | |
CVE-2008-4685 | 5.0 |
Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that tr
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
CVE-2008-4680 | 4.3 |
packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
CVE-2008-4556 | 10.0 |
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
|
11-10-2018 - 20:52 | 14-10-2008 - 22:36 | |
CVE-2008-4682 | 5.0 |
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
CVE-2008-4681 | 4.3 |
Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
CVE-2008-4684 | 4.3 |
packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
CVE-2008-4546 | 4.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP reque
|
11-10-2018 - 20:52 | 14-10-2008 - 15:28 | |
CVE-2008-4683 | 5.0 |
The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an err
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
CVE-2008-4101 | 9.3 |
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute
|
11-10-2018 - 20:50 | 18-09-2008 - 17:59 | |
CVE-2008-3870 | 10.0 |
Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.
|
11-10-2018 - 20:50 | 26-05-2009 - 21:30 | |
CVE-2008-3869 | 10.0 |
Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters.
|
11-10-2018 - 20:50 | 26-05-2009 - 21:30 | |
CVE-2008-3934 | 3.3 |
Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
|
11-10-2018 - 20:50 | 04-09-2008 - 19:41 | |
CVE-2008-3636 | 7.2 |
Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear So
|
11-10-2018 - 20:48 | 11-09-2008 - 01:13 | |
CVE-2008-3656 | 7.8 |
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows con
|
11-10-2018 - 20:48 | 13-08-2008 - 01:41 | |
CVE-2008-3139 | 5.0 |
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
|
11-10-2018 - 20:47 | 10-07-2008 - 23:41 | |
CVE-2008-3138 | 5.0 |
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
|
11-10-2018 - 20:47 | 10-07-2008 - 23:41 | |
CVE-2008-3141 | 4.9 |
Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
|
11-10-2018 - 20:47 | 10-07-2008 - 23:41 | |
CVE-2008-3137 | 4.3 |
The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
|
11-10-2018 - 20:47 | 10-07-2008 - 23:41 | |
CVE-2008-3140 | 5.0 |
The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."
|
11-10-2018 - 20:47 | 10-07-2008 - 23:41 | |
CVE-2008-3110 | 4.3 |
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet.
|
11-10-2018 - 20:46 | 09-07-2008 - 23:41 | |
CVE-2008-3109 | 7.5 |
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated
|
11-10-2018 - 20:46 | 09-07-2008 - 23:41 | |
CVE-2008-3105 | 8.3 |
Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XM
|
11-10-2018 - 20:46 | 09-07-2008 - 23:41 | |
CVE-2008-3106 | 4.3 |
Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untruste
|
11-10-2018 - 20:46 | 09-07-2008 - 23:41 | |
CVE-2008-3103 | 9.3 |
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote
|
11-10-2018 - 20:45 | 09-07-2008 - 23:41 | |
CVE-2008-2430 | 9.3 |
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
|
11-10-2018 - 20:41 | 07-07-2008 - 23:41 | |
CVE-2008-1927 | 5.0 |
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain oper
|
11-10-2018 - 20:37 | 24-04-2008 - 05:05 | |
CVE-2008-1686 | 9.3 |
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to ex
|
11-10-2018 - 20:36 | 08-04-2008 - 18:05 | |
CVE-2008-1562 | 5.0 |
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
|
11-10-2018 - 20:35 | 31-03-2008 - 22:44 | |
CVE-2008-1563 | 4.3 |
The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
|
11-10-2018 - 20:35 | 31-03-2008 - 22:44 | |
CVE-2008-1483 | 6.9 |
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and
|
11-10-2018 - 20:35 | 24-03-2008 - 23:44 | |
CVE-2008-1241 | 4.3 |
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.
|
11-10-2018 - 20:31 | 27-03-2008 - 10:44 | |
CVE-2008-1233 | 6.8 |
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."
|
11-10-2018 - 20:30 | 27-03-2008 - 10:44 | |
CVE-2008-1235 | 9.3 |
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka
|
11-10-2018 - 20:30 | 27-03-2008 - 10:44 | |
CVE-2008-1234 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event han
|
11-10-2018 - 20:30 | 27-03-2008 - 10:44 | |
CVE-2008-1071 | 4.3 |
The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
|
11-10-2018 - 20:29 | 28-02-2008 - 22:44 | |
CVE-2008-1070 | 5.0 |
The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
|
11-10-2018 - 20:29 | 28-02-2008 - 22:44 | |
CVE-2011-0258 | 9.3 |
Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file.
|
10-10-2018 - 20:09 | 06-09-2011 - 15:55 | |
CVE-2010-4086 | 9.3 |
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Director (.dir) media file with an invalid element size, a different vulnerability than C
|
10-10-2018 - 20:07 | 29-10-2010 - 19:00 | |
CVE-2010-3976 | 9.3 |
Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi
|
10-10-2018 - 20:06 | 19-10-2010 - 21:00 | |
CVE-2010-3573 | 5.1 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inform
|
10-10-2018 - 20:04 | 19-10-2010 - 22:00 | |
CVE-2010-3567 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w
|
10-10-2018 - 20:04 | 19-10-2010 - 22:00 | |
CVE-2010-3566 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w
|
10-10-2018 - 20:04 | 19-10-2010 - 22:00 | |
CVE-2010-3561 | 7.5 |
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information
|
10-10-2018 - 20:03 | 19-10-2010 - 22:00 | |
CVE-2010-3550 | 9.3 |
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
10-10-2018 - 20:02 | 19-10-2010 - 22:00 | |
CVE-2010-3189 | 9.3 |
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.
|
10-10-2018 - 20:01 | 31-08-2010 - 20:00 | |
CVE-2010-3275 | 9.3 |
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
|
10-10-2018 - 20:01 | 28-03-2011 - 16:55 | |
CVE-2010-3128 | 9.3 |
Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as
|
10-10-2018 - 20:01 | 26-08-2010 - 18:36 | |
CVE-2010-2881 | 9.3 |
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as de
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2867 | 9.3 |
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2870 | 9.3 |
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary co
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2872 | 9.3 |
Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted mov
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2876 | 9.3 |
Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memo
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2880 | 9.3 |
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as d
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2869 | 9.3 |
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as de
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2877 | 9.3 |
Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2882 | 9.3 |
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as d
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2878 | 9.3 |
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary co
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2879 | 9.3 |
Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2873 | 9.3 |
Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitra
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2864 | 9.3 |
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as de
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2996 | 9.3 |
Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.
|
10-10-2018 - 20:00 | 30-08-2010 - 20:00 | |
CVE-2010-2871 | 9.3 |
Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record i
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2866 | 9.3 |
Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure"
|
10-10-2018 - 20:00 | 26-08-2010 - 21:00 | |
CVE-2010-2581 | 9.3 |
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of s
|
10-10-2018 - 19:59 | 29-10-2010 - 19:00 | |
CVE-2010-1986 | 5.0 |
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends lon
|
10-10-2018 - 19:58 | 20-05-2010 - 17:30 | |
CVE-2010-1988 | 10.0 |
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substr
|
10-10-2018 - 19:58 | 20-05-2010 - 17:30 | |
CVE-2010-2117 | 4.3 |
Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.
|
10-10-2018 - 19:58 | 01-06-2010 - 20:30 | |
CVE-2010-1990 | 5.0 |
Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive applicat
|
10-10-2018 - 19:58 | 20-05-2010 - 17:30 | |
CVE-2010-1987 | 5.0 |
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs cer
|
10-10-2018 - 19:58 | 20-05-2010 - 17:30 | |
CVE-2010-1795 | 9.3 |
Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.
|
10-10-2018 - 19:57 | 20-08-2010 - 20:00 | |
CVE-2010-1523 | 9.3 |
Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
|
10-10-2018 - 19:57 | 06-11-2010 - 00:00 | |
CVE-2010-1510 | 5.0 |
Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression.
|
10-10-2018 - 19:57 | 14-05-2010 - 19:30 | |
CVE-2010-1585 | 9.3 |
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a c
|
10-10-2018 - 19:57 | 28-04-2010 - 22:30 | |
CVE-2010-1404 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SV
|
10-10-2018 - 19:57 | 11-06-2010 - 18:00 | |
CVE-2010-1403 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary co
|
10-10-2018 - 19:57 | 11-06-2010 - 18:00 | |
CVE-2010-1749 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
10-10-2018 - 19:57 | 11-06-2010 - 18:00 | |
CVE-2010-1402 | 9.3 |
Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors
|
10-10-2018 - 19:57 | 11-06-2010 - 18:00 | |
CVE-2010-1397 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
10-10-2018 - 19:56 | 11-06-2010 - 18:00 | |
CVE-2010-1398 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (mem
|
10-10-2018 - 19:56 | 11-06-2010 - 18:00 | |
CVE-2010-1278 | 9.3 |
Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters.
|
10-10-2018 - 19:56 | 22-04-2010 - 14:30 | |
CVE-2010-1392 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
10-10-2018 - 19:56 | 11-06-2010 - 18:00 | |
CVE-2010-1401 | 9.3 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or caus
|
10-10-2018 - 19:56 | 11-06-2010 - 18:00 | |
CVE-2010-1163 | 6.9 |
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows loca
|
10-10-2018 - 19:55 | 16-04-2010 - 19:30 | |
CVE-2010-0886 | 10.0 |
Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: htt
|
10-10-2018 - 19:55 | 20-04-2010 - 19:30 | |
CVE-2010-0999 | 7.1 |
Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
|
10-10-2018 - 19:55 | 17-05-2010 - 21:00 | |
CVE-2010-1039 | 10.0 |
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers
|
10-10-2018 - 19:55 | 20-05-2010 - 17:30 | |
CVE-2010-0845 | 5.1 |
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.ora
|
10-10-2018 - 19:54 | 01-04-2010 - 16:30 | |
CVE-2010-0843 | 7.5 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
10-10-2018 - 19:54 | 01-04-2010 - 16:30 | |
CVE-2010-0837 | 7.5 |
Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.oracle.com
|
10-10-2018 - 19:53 | 01-04-2010 - 16:30 | |
CVE-2010-0528 | 9.3 |
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample
|
10-10-2018 - 19:53 | 31-03-2010 - 18:30 | |
CVE-2010-0529 | 9.3 |
Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafte
|
10-10-2018 - 19:53 | 31-03-2010 - 18:30 | |
CVE-2010-0838 | 7.5 |
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inform
|
10-10-2018 - 19:53 | 01-04-2010 - 16:30 | |
CVE-2010-0526 | 4.3 |
Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPE
|
10-10-2018 - 19:53 | 30-03-2010 - 18:30 | |
CVE-2010-0426 | 6.9 |
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges vi
|
10-10-2018 - 19:52 | 24-02-2010 - 18:30 | |
CVE-2010-0520 | 6.8 |
Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI
|
10-10-2018 - 19:52 | 30-03-2010 - 18:30 | |
CVE-2010-0453 | 4.9 |
The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_V
|
10-10-2018 - 19:52 | 03-02-2010 - 18:30 | |
CVE-2010-0427 | 4.4 |
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
|
10-10-2018 - 19:52 | 25-02-2010 - 19:30 | |
CVE-2010-0519 | 6.8 |
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles f
|
10-10-2018 - 19:52 | 30-03-2010 - 18:30 | |
CVE-2010-0516 | 6.8 |
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption wh
|
10-10-2018 - 19:52 | 30-03-2010 - 18:30 | |
CVE-2010-0517 | 6.8 |
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calcul
|
10-10-2018 - 19:52 | 30-03-2010 - 18:30 | |
CVE-2010-0160 | 10.0 |
The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap me
|
10-10-2018 - 19:51 | 22-02-2010 - 13:00 | |
CVE-2010-0164 | 9.3 |
Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application cras
|
10-10-2018 - 19:51 | 25-03-2010 - 21:00 | |
CVE-2010-0090 | 5.8 |
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors. Per: http://www.oracle.com/technology/deploy
|
10-10-2018 - 19:50 | 01-04-2010 - 16:30 | |
CVE-2010-0094 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the p
|
10-10-2018 - 19:50 | 01-04-2010 - 16:30 | |
CVE-2010-0092 | 5.1 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http:/
|
10-10-2018 - 19:50 | 01-04-2010 - 16:30 | |
CVE-2010-0062 | 6.8 |
Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encod
|
10-10-2018 - 19:49 | 30-03-2010 - 18:30 | |
CVE-2010-0059 | 6.8 |
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to i
|
10-10-2018 - 19:49 | 30-03-2010 - 17:30 | |
CVE-2009-4003 | 9.3 |
Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers t
|
10-10-2018 - 19:48 | 21-01-2010 - 19:30 | |
CVE-2009-4002 | 9.3 |
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.
|
10-10-2018 - 19:48 | 21-01-2010 - 19:30 | |
CVE-2009-3733 | 5.0 |
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
|
10-10-2018 - 19:47 | 02-11-2009 - 15:30 | |
CVE-2009-3265 | 4.3 |
Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: th
|
10-10-2018 - 19:43 | 18-09-2009 - 22:30 | |
CVE-2009-3269 | 5.0 |
Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.
|
10-10-2018 - 19:43 | 18-09-2009 - 22:30 | |
CVE-2009-3522 | 7.2 |
Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IO
|
10-10-2018 - 19:43 | 01-10-2009 - 17:00 | |
CVE-2009-2847 | 4.9 |
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive informati
|
10-10-2018 - 19:42 | 18-08-2009 - 21:00 | |
CVE-2009-2730 | 7.5 |
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof a
|
10-10-2018 - 19:42 | 12-08-2009 - 10:30 | |
CVE-2009-2813 | 6.0 |
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle error
|
10-10-2018 - 19:42 | 14-09-2009 - 16:30 | |
CVE-2009-3018 | 4.3 |
Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a
|
10-10-2018 - 19:42 | 31-08-2009 - 16:30 | |
CVE-2009-2417 | 7.5 |
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof a
|
10-10-2018 - 19:40 | 14-08-2009 - 15:16 | |
CVE-2009-2267 | 6.9 |
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.
|
10-10-2018 - 19:39 | 02-11-2009 - 15:30 | |
CVE-2009-1828 | 5.0 |
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript on
|
10-10-2018 - 19:38 | 29-05-2009 - 20:30 | |
CVE-2009-1869 | 9.3 |
Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly
|
10-10-2018 - 19:38 | 31-07-2009 - 19:30 | |
CVE-2009-1571 | 10.0 |
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that at
|
10-10-2018 - 19:37 | 22-02-2010 - 13:00 | |
CVE-2009-1439 | 7.8 |
Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.
|
10-10-2018 - 19:36 | 27-04-2009 - 18:00 | |
CVE-2009-1337 | 4.4 |
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies
|
10-10-2018 - 19:36 | 22-04-2009 - 15:30 | |
CVE-2009-1312 | 4.3 |
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or
|
10-10-2018 - 19:35 | 22-04-2009 - 18:30 | |
CVE-2009-1267 | 5.0 |
Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors.
|
10-10-2018 - 19:35 | 13-04-2009 - 16:30 | |
CVE-2009-1336 | 4.9 |
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the en
|
10-10-2018 - 19:35 | 22-04-2009 - 15:30 | |
CVE-2009-1210 | 10.0 |
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details ar
|
10-10-2018 - 19:35 | 01-04-2009 - 10:30 | |
CVE-2009-1269 | 5.0 |
Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
|
10-10-2018 - 19:35 | 13-04-2009 - 16:30 | |
CVE-2009-1268 | 4.3 |
The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.
|
10-10-2018 - 19:35 | 13-04-2009 - 16:30 | |
CVE-2009-1102 | 6.4 |
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code gener
|
10-10-2018 - 19:34 | 25-03-2009 - 23:30 | |
CVE-2009-1101 | 5.0 |
Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) f
|
10-10-2018 - 19:33 | 25-03-2009 - 23:30 | |
CVE-2009-1094 | 10.0 |
Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP
|
10-10-2018 - 19:33 | 25-03-2009 - 23:30 | |
CVE-2009-0922 | 4.0 |
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified enco
|
10-10-2018 - 19:32 | 17-03-2009 - 17:30 | |
CVE-2009-0745 | 4.9 |
The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-0675 | 2.1 |
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset t
|
10-10-2018 - 19:30 | 22-02-2009 - 22:30 | |
CVE-2009-0746 | 4.9 |
The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a c
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-0747 | 4.9 |
The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of servic
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-0744 | 5.0 |
Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-0696 | 4.3 |
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon ex
|
10-10-2018 - 19:30 | 29-07-2009 - 17:30 | |
CVE-2009-0748 | 4.9 |
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-0676 | 2.1 |
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt
|
10-10-2018 - 19:30 | 22-02-2009 - 22:30 | |
CVE-2009-0600 | 4.3 |
Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.
|
10-10-2018 - 19:29 | 16-02-2009 - 20:30 | |
CVE-2011-3266 | 2.6 |
The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed
|
09-10-2018 - 19:33 | 24-08-2011 - 00:55 | |
CVE-2011-0994 | 10.0 |
Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.
|
09-10-2018 - 19:30 | 10-04-2011 - 02:55 | |
CVE-2011-0533 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, rela
|
09-10-2018 - 19:29 | 17-02-2011 - 18:00 | |
CVE-2009-2285 | 4.3 |
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
|
03-10-2018 - 22:00 | 01-07-2009 - 13:00 | |
CVE-2009-1709 | 9.3 |
Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG an
|
03-10-2018 - 22:00 | 10-06-2009 - 18:00 | |
CVE-2009-2404 | 9.3 |
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a d
|
03-10-2018 - 22:00 | 03-08-2009 - 14:30 | |
CVE-2009-1310 | 4.3 |
Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
|
03-10-2018 - 22:00 | 22-04-2009 - 18:30 | |
CVE-2009-1307 | 6.8 |
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-1306 | 4.3 |
The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other at
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-1305 | 5.0 |
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-1302 | 5.0 |
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-0772 | 9.3 |
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetO
|
03-10-2018 - 21:58 | 05-03-2009 - 02:30 | |
CVE-2009-0652 | 5.8 |
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs
|
03-10-2018 - 21:58 | 20-02-2009 - 19:30 | |
CVE-2009-0776 | 7.1 |
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
|
03-10-2018 - 21:58 | 05-03-2009 - 02:30 | |
CVE-2009-0774 | 9.3 |
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different v
|
03-10-2018 - 21:58 | 05-03-2009 - 02:30 | |
CVE-2008-3905 | 5.8 |
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS respo
|
03-10-2018 - 21:55 | 04-09-2008 - 17:41 | |
CVE-2007-4670 | 5.0 |
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
|
03-10-2018 - 21:48 | 05-09-2007 - 00:17 | |
CVE-2007-4658 | 7.5 |
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
CVE-2006-2788 | 7.5 |
Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.
|
03-10-2018 - 21:42 | 02-06-2006 - 21:06 | |
CVE-2006-2480 | 5.1 |
Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE:
|
03-10-2018 - 21:41 | 19-05-2006 - 21:02 | |
CVE-2006-2026 | 6.5 |
Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield me
|
03-10-2018 - 21:40 | 25-04-2006 - 23:02 | |
CVE-2005-2550 | 7.5 |
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user se
|
03-10-2018 - 21:31 | 12-08-2005 - 04:00 | |
CVE-2005-1686 | 2.6 |
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user,
|
03-10-2018 - 21:30 | 20-05-2005 - 04:00 | |
CVE-2005-0448 | 1.2 |
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
|
03-10-2018 - 21:29 | 02-05-2005 - 04:00 | |
CVE-2005-0400 | 2.1 |
The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.
|
03-10-2018 - 21:29 | 02-05-2005 - 04:00 | |
CVE-2005-0384 | 5.0 |
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
|
03-10-2018 - 21:29 | 15-03-2005 - 05:00 | |
CVE-2013-2885 | 7.5 |
Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly considering focus during the processing of JavaScript
|
13-08-2018 - 21:47 | 31-07-2013 - 13:20 | |
CVE-2011-0682 | 9.3 |
Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.
|
13-08-2018 - 21:47 | 31-01-2011 - 21:00 | |
CVE-2012-2686 | 5.0 |
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
|
09-08-2018 - 01:29 | 08-02-2013 - 19:55 | |
CVE-2013-0166 | 5.0 |
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) vi
|
09-08-2018 - 01:29 | 08-02-2013 - 19:55 | |
CVE-2007-4829 | 6.8 |
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
|
08-08-2018 - 13:48 | 02-11-2007 - 16:46 | |
CVE-2006-6561 | 9.3 |
Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a d
|
03-05-2018 - 01:29 | 14-12-2006 - 18:28 | |
CVE-2002-1220 | 5.0 |
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
|
03-05-2018 - 01:29 | 29-11-2002 - 05:00 | |
CVE-2004-0180 | 2.6 |
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
|
03-05-2018 - 01:29 | 01-06-2004 - 04:00 | |
CVE-2003-0255 | 10.0 |
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID do
|
03-05-2018 - 01:29 | 27-05-2003 - 04:00 | |
CVE-2003-0985 | 7.2 |
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing
|
03-05-2018 - 01:29 | 20-01-2004 - 05:00 | |
CVE-2003-0464 | 4.6 |
The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd.
|
03-05-2018 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2003-0544 | 5.0 |
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer wh
|
03-05-2018 - 01:29 | 17-11-2003 - 05:00 | |
CVE-2004-0077 | 7.2 |
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local
|
03-05-2018 - 01:29 | 03-03-2004 - 05:00 | |
CVE-2005-2629 | 5.1 |
Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, whic
|
03-05-2018 - 01:29 | 18-11-2005 - 23:03 | |
CVE-2005-0401 | 5.1 |
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollba
|
03-05-2018 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2004-0148 | 7.2 |
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
|
03-05-2018 - 01:29 | 15-04-2004 - 04:00 | |
CVE-2003-0501 | 2.1 |
The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.
|
03-05-2018 - 01:29 | 07-08-2003 - 04:00 | |
CVE-2004-0416 | 10.0 |
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
|
03-05-2018 - 01:29 | 06-08-2004 - 04:00 | |
CVE-2003-0127 | 7.2 |
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
|
03-05-2018 - 01:29 | 31-03-2003 - 05:00 | |
CVE-2005-1751 | 3.7 |
Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
|
03-05-2018 - 01:29 | 25-05-2005 - 04:00 | |
CVE-2003-0543 | 5.0 |
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
|
03-05-2018 - 01:29 | 17-11-2003 - 05:00 | |
CVE-2004-1316 | 5.0 |
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which
|
03-05-2018 - 01:29 | 29-12-2004 - 05:00 | |
CVE-2003-0442 | 4.3 |
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
|
03-05-2018 - 01:29 | 24-07-2003 - 04:00 | |
CVE-2003-0615 | 4.3 |
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
|
03-05-2018 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2005-1794 | 6.4 |
Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle atta
|
28-03-2018 - 01:29 | 01-06-2005 - 04:00 | |
CVE-2012-0451 | 4.3 |
CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security
|
18-01-2018 - 02:29 | 14-03-2012 - 19:55 | |
CVE-2012-0464 | 7.5 |
Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 all
|
18-01-2018 - 02:29 | 14-03-2012 - 19:55 | |
CVE-2012-0471 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web s
|
18-01-2018 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0457 | 9.3 |
Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x
|
18-01-2018 - 02:29 | 14-03-2012 - 19:55 | |
CVE-2012-1796 | 7.2 |
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.
|
10-01-2018 - 02:29 | 20-03-2012 - 20:55 | |
CVE-2012-0452 | 7.5 |
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger
|
10-01-2018 - 02:29 | 11-02-2012 - 02:55 | |
CVE-2011-3545 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confide
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-3516 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiali
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-5035 | 5.0 |
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash coll
|
06-01-2018 - 02:29 | 30-12-2011 - 01:55 | |
CVE-2011-3556 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confident
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-3552 | 2.6 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-3549 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java appl
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-3548 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java a
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-3554 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confident
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-3521 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect conf
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-3560 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java a
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-3551 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown v
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-3544 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and a
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-3553 | 3.5 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-3550 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and avai
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-3557 | 6.8 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confident
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-3558 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors
|
06-01-2018 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2011-2866 | 7.6 |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
06-01-2018 - 02:29 | 08-03-2012 - 22:55 | |
CVE-2012-0637 | 7.6 |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
06-01-2018 - 02:29 | 08-03-2012 - 22:55 | |
CVE-2012-0648 | 7.6 |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
06-01-2018 - 02:29 | 08-03-2012 - 22:55 | |
CVE-2012-0636 | 7.6 |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
06-01-2018 - 02:29 | 08-03-2012 - 22:55 | |
CVE-2012-0639 | 7.6 |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
06-01-2018 - 02:29 | 08-03-2012 - 22:55 | |
CVE-2012-0638 | 7.6 |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
06-01-2018 - 02:29 | 08-03-2012 - 22:55 | |
CVE-2012-3291 | 7.8 |
Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner.
|
05-01-2018 - 02:29 | 07-06-2012 - 20:55 | |
CVE-2012-1940 | 9.3 |
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attack
|
05-01-2018 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-0634 | 7.6 |
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
05-01-2018 - 02:29 | 08-03-2012 - 22:55 | |
CVE-2011-3089 | 10.0 |
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3091 | 10.0 |
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3092 | 10.0 |
The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3095 | 10.0 |
The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2012-1596 | 5.0 |
The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containi
|
29-12-2017 - 02:29 | 11-04-2012 - 10:39 | |
CVE-2012-1954 | 10.0 |
Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attacker
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1951 | 10.0 |
Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows rem
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1593 | 3.3 |
epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. Per: http://
|
29-12-2017 - 02:29 | 11-04-2012 - 10:39 | |
CVE-2011-3086 | 10.0 |
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2012-1962 | 10.0 |
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote at
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1594 | 3.3 |
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
|
29-12-2017 - 02:29 | 11-04-2012 - 10:39 | |
CVE-2012-1958 | 9.3 |
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remot
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1943 | 6.9 |
Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application dire
|
29-12-2017 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-1946 | 9.3 |
Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow r
|
29-12-2017 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-0474 | 4.3 |
Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote atta
|
29-12-2017 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0469 | 10.0 |
Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMo
|
29-12-2017 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2010-4452 | 10.0 |
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confident
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2010-4470 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2010-4463 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrit
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2010-4468 | 4.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect c
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2011-3555 | 6.1 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.
|
22-12-2017 - 02:29 | 19-10-2011 - 21:55 | |
CVE-2010-4472 | 2.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2010-4467 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrit
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2010-4474 | 2.1 |
Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269.
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2010-4471 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect co
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2010-4451 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via un
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2011-0873 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors rel
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0786 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0869 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related t
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0868 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0817 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0788 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0872 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO.
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0863 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2000-1079 | 7.5 |
Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast d
|
19-12-2017 - 02:29 | 29-08-2000 - 04:00 | |
CVE-2012-1517 | 9.0 |
The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involvin
|
13-12-2017 - 02:29 | 04-05-2012 - 16:55 | |
CVE-2011-3097 | 10.0 |
The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.
|
05-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3099 | 10.0 |
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding.
|
05-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2012-0023 | 9.3 |
Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY
|
30-11-2017 - 02:29 | 30-10-2012 - 19:55 | |
CVE-2012-4969 | 9.3 |
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
|
21-11-2017 - 18:13 | 18-09-2012 - 10:39 | |
CVE-2008-0730 | 4.6 |
The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local
|
21-11-2017 - 15:42 | 12-02-2008 - 21:00 | |
CVE-2000-1134 | 7.2 |
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via
|
19-10-2017 - 01:29 | 09-01-2001 - 05:00 | |
CVE-2000-1126 | 10.0 |
Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service.
|
19-10-2017 - 01:29 | 09-01-2001 - 05:00 | |
CVE-2001-0328 | 5.0 |
TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected IS
|
19-10-2017 - 01:29 | 27-06-2001 - 04:00 | |
CVE-2001-0380 | 6.4 |
Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'.
|
19-10-2017 - 01:29 | 18-06-2001 - 04:00 | |
CVE-2007-2027 | 4.4 |
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be l
|
11-10-2017 - 01:32 | 13-04-2007 - 18:19 | |
CVE-2007-2589 | 5.0 |
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
|
11-10-2017 - 01:32 | 11-05-2007 - 04:20 | |
CVE-2007-3248 | 7.8 |
Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic.
|
11-10-2017 - 01:32 | 18-06-2007 - 10:30 | |
CVE-2007-2813 | 7.8 |
Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session.
|
11-10-2017 - 01:32 | 22-05-2007 - 19:30 | |
CVE-2007-2989 | 7.8 |
The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different fro
|
11-10-2017 - 01:32 | 01-06-2007 - 10:30 | |
CVE-2007-3069 | 4.6 |
xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.
|
11-10-2017 - 01:32 | 06-06-2007 - 10:30 | |
CVE-2007-3458 | 4.9 |
The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.
|
11-10-2017 - 01:32 | 27-06-2007 - 17:30 | |
CVE-2007-3379 | 2.1 |
Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.
|
11-10-2017 - 01:32 | 17-09-2007 - 17:17 | |
CVE-2007-2617 | 2.1 |
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
|
11-10-2017 - 01:32 | 11-05-2007 - 16:19 | |
CVE-2007-3391 | 7.8 |
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.
|
11-10-2017 - 01:32 | 26-06-2007 - 00:30 | |
CVE-2007-3102 | 4.3 |
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of the
|
11-10-2017 - 01:32 | 18-10-2007 - 20:17 | |
CVE-2007-2990 | 4.9 |
Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file.
|
11-10-2017 - 01:32 | 01-06-2007 - 10:30 | |
CVE-2006-7234 | 4.6 |
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. Patch Information - http://lynx.isc.org/lynx2.8.6/patches
|
11-10-2017 - 01:31 | 27-10-2008 - 17:21 | |
CVE-2006-6107 | 1.7 |
Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages). This vulnrability is addre
|
11-10-2017 - 01:31 | 14-12-2006 - 00:28 | |
CVE-2006-5595 | 5.0 |
Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing.
|
11-10-2017 - 01:31 | 28-10-2006 - 00:07 | |
CVE-2006-6304 | 7.5 |
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
|
11-10-2017 - 01:31 | 14-12-2006 - 20:28 | |
CVE-2006-5396 | 4.9 |
The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system.
|
11-10-2017 - 01:31 | 18-10-2006 - 19:07 | |
CVE-2006-3595 | 7.5 |
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
|
11-10-2017 - 01:31 | 18-07-2006 - 15:37 | |
CVE-2006-3465 | 7.5 |
Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.
|
11-10-2017 - 01:31 | 03-08-2006 - 01:04 | |
CVE-2006-5013 | 7.8 |
Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets.
|
11-10-2017 - 01:31 | 27-09-2006 - 01:07 | |
CVE-2006-4950 | 10.0 |
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOC
|
11-10-2017 - 01:31 | 23-09-2006 - 10:07 | |
CVE-2006-3619 | 2.6 |
Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.
|
11-10-2017 - 01:31 | 25-07-2006 - 19:17 | |
CVE-2007-0481 | 7.8 |
Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.
|
11-10-2017 - 01:31 | 25-01-2007 - 00:28 | |
CVE-2007-0457 | 4.3 |
Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
11-10-2017 - 01:31 | 02-02-2007 - 20:28 | |
CVE-2007-0648 | 7.8 |
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
|
11-10-2017 - 01:31 | 01-02-2007 - 01:28 | |
CVE-2007-0494 | 4.3 |
ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that
|
11-10-2017 - 01:31 | 25-01-2007 - 20:28 | |
CVE-2007-1257 | 10.0 |
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. Per: http://www.cisco.com/warp/public/707/c
|
11-10-2017 - 01:31 | 03-03-2007 - 20:19 | |
CVE-2007-0999 | 9.3 |
Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006. This vulnerability has been addressed through a product
|
11-10-2017 - 01:31 | 10-03-2007 - 19:19 | |
CVE-2007-0917 | 6.4 |
The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
|
11-10-2017 - 01:31 | 14-02-2007 - 02:28 | |
CVE-2007-0456 | 4.3 |
Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
11-10-2017 - 01:31 | 02-02-2007 - 20:28 | |
CVE-2007-1007 | 10.0 |
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting
|
11-10-2017 - 01:31 | 20-02-2007 - 17:28 | |
CVE-2007-0458 | 4.3 |
Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.
|
11-10-2017 - 01:31 | 02-02-2007 - 20:28 | |
CVE-2007-0914 | 7.1 |
Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.
|
11-10-2017 - 01:31 | 14-02-2007 - 02:28 | |
CVE-2007-0479 | 7.8 |
Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device.
|
11-10-2017 - 01:31 | 25-01-2007 - 00:28 | |
CVE-2007-0634 | 7.8 |
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
|
11-10-2017 - 01:31 | 31-01-2007 - 21:28 | |
CVE-2007-0459 | 5.0 |
packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets.
|
11-10-2017 - 01:31 | 02-02-2007 - 20:28 | |
CVE-2007-0668 | 6.2 |
The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service.
|
11-10-2017 - 01:31 | 02-02-2007 - 21:28 | |
CVE-2007-0480 | 10.0 |
Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.
|
11-10-2017 - 01:31 | 25-01-2007 - 00:28 | |
CVE-2007-1258 | 6.1 |
Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial
|
11-10-2017 - 01:31 | 03-03-2007 - 20:19 | |
CVE-2007-0199 | 5.0 |
The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."
|
11-10-2017 - 01:31 | 11-01-2007 - 11:28 | |
CVE-2005-4552 | 7.2 |
The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges.
|
11-10-2017 - 01:30 | 28-12-2005 - 11:03 | |
CVE-2005-4837 | 10.0 |
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers
|
11-10-2017 - 01:30 | 31-12-2005 - 05:00 | |
CVE-2005-4153 | 7.8 |
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
|
11-10-2017 - 01:30 | 11-12-2005 - 02:03 | |
CVE-2005-1454 | 7.5 |
SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_
|
11-10-2017 - 01:30 | 19-05-2005 - 04:00 | |
CVE-2005-2269 | 7.5 |
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to
|
11-10-2017 - 01:30 | 13-07-2005 - 04:00 | |
CVE-2005-1020 | 7.1 |
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-0752 | 7.5 |
The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
|
11-10-2017 - 01:30 | 18-04-2005 - 04:00 | |
CVE-2005-1159 | 7.5 |
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the w
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-1057 | 7.5 |
Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-1154 | 7.5 |
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site sc
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2006-1354 | 7.5 |
Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
|
11-10-2017 - 01:30 | 22-03-2006 - 02:02 | |
CVE-2005-1160 | 5.1 |
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval func
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2006-0996 | 4.3 |
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents
|
11-10-2017 - 01:30 | 10-04-2006 - 18:06 | |
CVE-2005-2706 | 6.4 |
Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
|
11-10-2017 - 01:30 | 23-09-2005 - 19:03 | |
CVE-2005-1937 | 2.6 |
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that wa
|
11-10-2017 - 01:30 | 14-06-2005 - 04:00 | |
CVE-2005-1153 | 7.5 |
Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2006-0191 | 4.9 |
Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory,
|
11-10-2017 - 01:30 | 13-01-2006 - 11:03 | |
CVE-2005-3089 | 2.6 |
Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnera
|
11-10-2017 - 01:30 | 28-09-2005 - 18:03 | |
CVE-2005-2266 | 5.0 |
Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensit
|
11-10-2017 - 01:30 | 13-07-2005 - 04:00 | |
CVE-2005-2105 | 7.5 |
Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.
|
11-10-2017 - 01:30 | 05-07-2005 - 04:00 | |
CVE-2005-2267 | 7.5 |
Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may le
|
11-10-2017 - 01:30 | 13-07-2005 - 04:00 | |
CVE-2005-2262 | 5.1 |
Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a java
|
11-10-2017 - 01:30 | 13-07-2005 - 04:00 | |
CVE-2006-0486 | 4.6 |
Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user d
|
11-10-2017 - 01:30 | 01-02-2006 - 02:02 | |
CVE-2006-0354 | 5.5 |
Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number
|
11-10-2017 - 01:30 | 22-01-2006 - 20:03 | |
CVE-2005-3779 | 7.2 |
Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.
|
11-10-2017 - 01:30 | 23-11-2005 - 01:03 | |
CVE-2006-0769 | 7.2 |
Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors.
|
11-10-2017 - 01:30 | 18-02-2006 - 21:02 | |
CVE-2006-1509 | 4.9 |
/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service. This vulnerability affects all versions of HP-UX B.11.00, B.11.11, an
|
11-10-2017 - 01:30 | 30-03-2006 - 01:06 | |
CVE-2005-2451 | 2.1 |
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
|
11-10-2017 - 01:30 | 03-08-2005 - 04:00 | |
CVE-2005-0761 | 5.0 |
Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file.
|
11-10-2017 - 01:30 | 23-03-2005 - 05:00 | |
CVE-2005-3481 | 9.3 |
Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasi
|
11-10-2017 - 01:30 | 03-11-2005 - 02:02 | |
CVE-2005-2261 | 7.5 |
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
|
11-10-2017 - 01:30 | 13-07-2005 - 04:00 | |
CVE-2006-1248 | 4.6 |
Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which migh
|
11-10-2017 - 01:30 | 17-03-2006 - 19:02 | |
CVE-2005-1531 | 7.5 |
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL
|
11-10-2017 - 01:30 | 12-05-2005 - 04:00 | |
CVE-2005-1156 | 7.5 |
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-1021 | 7.1 |
Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password.
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-2265 | 5.0 |
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead
|
11-10-2017 - 01:30 | 13-07-2005 - 04:00 | |
CVE-2005-1058 | 7.5 |
Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass X
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2006-0190 | 7.2 |
Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver.
|
11-10-2017 - 01:30 | 13-01-2006 - 11:03 | |
CVE-2006-0531 | 7.2 |
Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.
|
11-10-2017 - 01:30 | 04-02-2006 - 00:06 | |
CVE-2005-1155 | 7.5 |
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-2873 | 2.1 |
The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early, a different vu
|
11-10-2017 - 01:30 | 09-09-2005 - 19:07 | |
CVE-2005-2710 | 5.1 |
Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.
|
11-10-2017 - 01:30 | 27-09-2005 - 20:03 | |
CVE-2005-1194 | 4.6 |
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
|
11-10-2017 - 01:30 | 04-05-2005 - 04:00 | |
CVE-2005-2707 | 5.0 |
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.
|
11-10-2017 - 01:30 | 23-09-2005 - 19:03 | |
CVE-2006-0516 | 2.1 |
Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.
|
11-10-2017 - 01:30 | 02-02-2006 - 11:02 | |
CVE-2006-0377 | 5.0 |
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."
|
11-10-2017 - 01:30 | 24-02-2006 - 00:02 | |
CVE-2005-2268 | 2.6 |
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "D
|
11-10-2017 - 01:30 | 13-07-2005 - 04:00 | |
CVE-2006-0436 | 7.2 |
Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.
|
11-10-2017 - 01:30 | 26-01-2006 - 11:07 | |
CVE-2005-2841 | 7.5 |
Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted u
|
11-10-2017 - 01:30 | 08-09-2005 - 10:03 | |
CVE-2005-2704 | 5.0 |
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
|
11-10-2017 - 01:30 | 23-09-2005 - 19:03 | |
CVE-2006-0485 | 4.6 |
The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allo
|
11-10-2017 - 01:30 | 01-02-2006 - 02:02 | |
CVE-2005-2703 | 5.0 |
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smugglin
|
11-10-2017 - 01:30 | 23-09-2005 - 19:03 | |
CVE-2005-2263 | 5.0 |
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which ca
|
11-10-2017 - 01:30 | 13-07-2005 - 04:00 | |
CVE-2005-1228 | 5.0 |
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2002-1358 | 10.0 |
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
|
11-10-2017 - 01:29 | 23-12-2002 - 05:00 | |
CVE-2002-1357 | 10.0 |
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH
|
11-10-2017 - 01:29 | 23-12-2002 - 05:00 | |
CVE-2002-1359 | 10.0 |
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH
|
11-10-2017 - 01:29 | 23-12-2002 - 05:00 | |
CVE-2002-1360 | 10.0 |
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code du
|
11-10-2017 - 01:29 | 23-12-2002 - 05:00 | |
CVE-2001-1198 | 7.2 |
RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.
|
11-10-2017 - 01:29 | 15-12-2001 - 05:00 | |
CVE-2003-0690 | 10.0 |
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam
|
11-10-2017 - 01:29 | 06-10-2003 - 04:00 | |
CVE-2005-0593 | 2.6 |
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which caus
|
11-10-2017 - 01:29 | 04-03-2005 - 05:00 | |
CVE-2004-1158 | 7.5 |
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated usi
|
11-10-2017 - 01:29 | 10-01-2005 - 05:00 | |
CVE-2005-0585 | 2.6 |
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
|
11-10-2017 - 01:29 | 25-03-2005 - 05:00 | |
CVE-2004-0233 | 2.1 |
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2003-0564 | 5.0 |
Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message cont
|
11-10-2017 - 01:29 | 01-12-2003 - 05:00 | |
CVE-2003-0459 | 5.0 |
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2005-0142 | 2.1 |
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. conten
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2004-1156 | 4.3 |
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up windo
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2004-0760 | 6.4 |
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0693 | 5.0 |
The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692.
|
11-10-2017 - 01:29 | 28-09-2004 - 04:00 | |
CVE-2003-0692 | 7.5 |
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
|
11-10-2017 - 01:29 | 06-10-2003 - 04:00 | |
CVE-2003-0165 | 4.6 |
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.
|
11-10-2017 - 01:29 | 02-04-2003 - 05:00 | |
CVE-2005-0527 | 5.1 |
Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2003-0549 | 5.0 |
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2005-0365 | 2.1 |
The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2005-0196 | 5.0 |
Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2005-0186 | 5.0 |
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed p
|
11-10-2017 - 01:29 | 19-01-2005 - 05:00 | |
CVE-2005-0149 | 5.0 |
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail me
|
11-10-2017 - 01:29 | 15-02-2005 - 05:00 | |
CVE-2005-0085 | 6.8 |
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
|
11-10-2017 - 01:29 | 27-04-2005 - 04:00 | |
CVE-2004-1308 | 10.0 |
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a h
|
11-10-2017 - 01:29 | 10-01-2005 - 05:00 | |
CVE-2004-1036 | 6.8 |
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
|
11-10-2017 - 01:29 | 01-03-2005 - 05:00 | |
CVE-2003-0935 | 6.4 |
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
|
11-10-2017 - 01:29 | 01-12-2003 - 05:00 | |
CVE-2003-0546 | 7.5 |
up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2003-0248 | 10.0 |
The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.
|
11-10-2017 - 01:29 | 16-06-2003 - 04:00 | |
CVE-2003-0722 | 10.0 |
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
|
11-10-2017 - 01:29 | 22-09-2003 - 04:00 | |
CVE-2003-0592 | 7.5 |
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie o
|
11-10-2017 - 01:29 | 15-04-2004 - 04:00 | |
CVE-2004-0083 | 10.0 |
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CV
|
11-10-2017 - 01:29 | 03-03-2004 - 05:00 | |
CVE-2004-1153 | 10.0 |
Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title
|
11-10-2017 - 01:29 | 10-01-2005 - 05:00 | |
CVE-2005-0591 | 2.6 |
Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2004-0244 | 4.7 |
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, b
|
11-10-2017 - 01:29 | 23-11-2004 - 05:00 | |
CVE-2003-0547 | 2.1 |
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2004-0084 | 10.0 |
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a d
|
11-10-2017 - 01:29 | 03-03-2004 - 05:00 | |
CVE-2005-0197 | 6.1 |
Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2004-0521 | 10.0 |
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0975 | 2.1 |
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
|
11-10-2017 - 01:29 | 09-02-2005 - 05:00 | |
CVE-2004-0764 | 10.0 |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0721 | 7.5 |
Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vul
|
11-10-2017 - 01:29 | 27-07-2004 - 04:00 | |
CVE-2004-0447 | 7.2 |
Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to cause a denial of service, with unknown impact. NOTE: due to a typo, this issue was accidentally assigned CVE-2004-0477. This is the proper candidate to use for the Linux l
|
11-10-2017 - 01:29 | 06-08-2004 - 04:00 | |
CVE-2005-0590 | 5.0 |
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequen
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2003-0468 | 5.0 |
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2005-0402 | 2.6 |
Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2003-0136 | 2.1 |
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
|
11-10-2017 - 01:29 | 05-05-2003 - 04:00 | |
CVE-2003-0440 | 4.6 |
The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
11-10-2017 - 01:29 | 18-08-2003 - 04:00 | |
CVE-2005-0247 | 6.5 |
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO var
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2003-0434 | 7.5 |
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
|
11-10-2017 - 01:29 | 24-07-2003 - 04:00 | |
CVE-2003-0246 | 3.6 |
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.
|
11-10-2017 - 01:29 | 16-06-2003 - 04:00 | |
CVE-2003-1108 | 5.0 |
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-si
|
11-10-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2003-0973 | 5.0 |
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
|
11-10-2017 - 01:29 | 15-12-2003 - 05:00 | |
CVE-2003-0619 | 5.0 |
Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2005-0230 | 5.1 |
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execu
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2005-0176 | 5.0 |
The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.
|
11-10-2017 - 01:29 | 15-02-2005 - 05:00 | |
CVE-2004-0405 | 5.0 |
CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
|
11-10-2017 - 01:29 | 01-06-2004 - 04:00 | |
CVE-2005-0255 | 5.0 |
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2003-0848 | 4.6 |
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
|
11-10-2017 - 01:29 | 17-11-2003 - 05:00 | |
CVE-2005-0092 | 2.1 |
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).
|
11-10-2017 - 01:29 | 19-02-2005 - 05:00 | |
CVE-2004-0497 | 2.1 |
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
|
11-10-2017 - 01:29 | 06-12-2004 - 05:00 | |
CVE-2005-0005 | 7.5 |
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2003-0551 | 5.0 |
The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2004-0155 | 7.5 |
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-
|
11-10-2017 - 01:29 | 01-06-2004 - 04:00 | |
CVE-2004-0110 | 7.5 |
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
|
11-10-2017 - 01:29 | 15-03-2004 - 05:00 | |
CVE-2003-0354 | 7.5 |
Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.
|
11-10-2017 - 01:29 | 16-06-2003 - 04:00 | |
CVE-2004-1357 | 5.0 |
The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities.
|
11-10-2017 - 01:29 | 07-04-2004 - 04:00 | |
CVE-2003-0992 | 4.3 |
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
|
11-10-2017 - 01:29 | 17-02-2004 - 05:00 | |
CVE-2004-1237 | 2.1 |
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.
|
11-10-2017 - 01:29 | 14-04-2005 - 04:00 | |
CVE-2004-0763 | 5.0 |
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0520 | 6.8 |
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2003-0699 | 7.5 |
The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2005-0195 | 5.0 |
Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2003-0247 | 5.0 |
Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").
|
11-10-2017 - 01:29 | 16-06-2003 - 04:00 | |
CVE-2004-0762 | 5.0 |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0813 | 2.1 |
Unknown vulnerability in the SG_IO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2003-0977 | 7.5 |
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
|
11-10-2017 - 01:29 | 05-01-2004 - 05:00 | |
CVE-2004-0761 | 5.0 |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0718 | 7.5 |
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other
|
11-10-2017 - 01:29 | 27-07-2004 - 04:00 | |
CVE-2004-0426 | 5.0 |
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
|
11-10-2017 - 01:29 | 07-07-2004 - 04:00 | |
CVE-2003-0462 | 1.2 |
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2003-0539 | 4.6 |
skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files.
|
11-10-2017 - 01:29 | 18-08-2003 - 04:00 | |
CVE-2004-0054 | 7.5 |
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.22
|
11-10-2017 - 01:29 | 17-02-2004 - 05:00 | |
CVE-2005-0103 | 7.5 |
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
|
11-10-2017 - 01:29 | 24-01-2005 - 05:00 | |
CVE-2004-0491 | 2.1 |
The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2004-0519 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0106 | 7.2 |
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
|
11-10-2017 - 01:29 | 03-03-2004 - 05:00 | |
CVE-2005-0141 | 2.6 |
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2003-0965 | 6.8 |
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
|
11-10-2017 - 01:29 | 17-02-2004 - 05:00 | |
CVE-2003-0700 | 7.5 |
The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than
|
11-10-2017 - 01:29 | 17-02-2004 - 05:00 | |
CVE-2004-1144 | 7.2 |
Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2004-0175 | 4.3 |
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2005-0104 | 4.3 |
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.
|
11-10-2017 - 01:29 | 29-01-2005 - 05:00 | |
CVE-2004-1380 | 5.0 |
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoo
|
11-10-2017 - 01:29 | 20-10-2004 - 04:00 | |
CVE-2004-0710 | 5.0 |
IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of ser
|
11-10-2017 - 01:29 | 27-07-2004 - 04:00 | |
CVE-2005-0586 | 2.6 |
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2003-0282 | 2.6 |
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
|
11-10-2017 - 01:29 | 16-06-2003 - 04:00 | |
CVE-2004-0792 | 6.4 |
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
|
11-10-2017 - 01:29 | 20-10-2004 - 04:00 | |
CVE-2003-0594 | 7.5 |
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g.
|
11-10-2017 - 01:29 | 15-04-2004 - 04:00 | |
CVE-2005-0397 | 7.5 |
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filen
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2005-0078 | 4.6 |
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2004-0003 | 4.6 |
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
|
11-10-2017 - 01:29 | 03-03-2004 - 05:00 | |
CVE-2004-0812 | 2.1 |
Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code.
|
11-10-2017 - 01:29 | 14-04-2005 - 04:00 | |
CVE-2004-0653 | 2.1 |
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by r
|
11-10-2017 - 01:29 | 06-08-2004 - 04:00 | |
CVE-2004-0107 | 4.6 |
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
|
11-10-2017 - 01:29 | 15-04-2004 - 04:00 | |
CVE-2004-0598 | 5.0 |
The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.
|
11-10-2017 - 01:29 | 23-11-2004 - 05:00 | |
CVE-2005-0210 | 4.9 |
Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of service (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2005-0144 | 2.6 |
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2004-0008 | 7.5 |
Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
|
11-10-2017 - 01:29 | 03-03-2004 - 05:00 | |
CVE-2004-1177 | 4.3 |
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
|
11-10-2017 - 01:29 | 10-01-2005 - 05:00 | |
CVE-2004-0692 | 5.0 |
The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693.
|
11-10-2017 - 01:29 | 28-09-2004 - 04:00 | |
CVE-2003-0552 | 5.0 |
Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2003-0140 | 7.5 |
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitra
|
11-10-2017 - 01:29 | 24-03-2003 - 05:00 | |
CVE-2004-1381 | 5.0 |
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other
|
11-10-2017 - 01:29 | 20-10-2004 - 04:00 | |
CVE-2004-1111 | 5.0 |
Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attacker
|
11-10-2017 - 01:29 | 10-01-2005 - 05:00 | |
CVE-2004-0554 | 2.1 |
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated usi
|
11-10-2017 - 01:29 | 06-08-2004 - 04:00 | |
CVE-2003-0461 | 2.1 |
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2005-0256 | 5.0 |
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir com
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2005-0147 | 7.5 |
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2004-0368 | 10.0 |
Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.
|
11-10-2017 - 01:29 | 04-05-2004 - 04:00 | |
CVE-2003-0540 | 5.0 |
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Error
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2003-0305 | 5.0 |
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
|
11-10-2017 - 01:29 | 09-06-2003 - 04:00 | |
CVE-2003-0188 | 7.2 |
lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.
|
11-10-2017 - 01:29 | 09-06-2003 - 04:00 | |
CVE-2002-1363 | 7.5 |
Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buff
|
10-10-2017 - 01:30 | 26-12-2002 - 05:00 | |
CVE-2002-1117 | 5.0 |
Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
|
10-10-2017 - 01:30 | 04-10-2002 - 04:00 | |
CVE-2004-0189 | 7.5 |
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the acce
|
10-10-2017 - 01:30 | 15-03-2004 - 05:00 | |
CVE-2004-0001 | 7.2 |
Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.
|
10-10-2017 - 01:30 | 17-02-2004 - 05:00 | |
CVE-2003-0924 | 3.7 |
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
|
10-10-2017 - 01:30 | 17-02-2004 - 05:00 | |
CVE-2004-0191 | 6.8 |
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated us
|
10-10-2017 - 01:30 | 15-03-2004 - 05:00 | |
CVE-2004-0075 | 2.1 |
The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.
|
10-10-2017 - 01:30 | 15-03-2004 - 05:00 | |
CVE-2009-1864 | 9.3 |
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-1865 | 9.3 |
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulne
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-1786 | 6.9 |
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
|
29-09-2017 - 01:34 | 26-05-2009 - 15:30 | |
CVE-2009-1868 | 9.3 |
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors inv
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-1866 | 9.3 |
Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-1580 | 5.8 |
Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.
|
29-09-2017 - 01:34 | 14-05-2009 - 17:30 | |
CVE-2009-2029 | 5.0 |
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.
|
29-09-2017 - 01:34 | 11-06-2009 - 15:30 | |
CVE-2009-1673 | 4.9 |
The kernel in Sun Solaris 9 allows local users to cause a denial of service (panic) by calling fstat with a first argument of AT_FDCWD.
|
29-09-2017 - 01:34 | 18-05-2009 - 18:30 | |
CVE-2009-1870 | 4.9 |
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-1829 | 5.0 |
Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.
|
29-09-2017 - 01:34 | 29-05-2009 - 22:30 | |
CVE-2009-1726 | 9.3 |
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
|
29-09-2017 - 01:34 | 06-08-2009 - 16:30 | |
CVE-2009-1867 | 4.3 |
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-1863 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-2049 | 5.4 |
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t a
|
29-09-2017 - 01:34 | 30-07-2009 - 18:30 | |
CVE-2009-1831 | 9.3 |
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer
|
29-09-2017 - 01:34 | 29-05-2009 - 22:30 | |
CVE-2009-1168 | 7.1 |
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0;
|
29-09-2017 - 01:34 | 30-07-2009 - 18:30 | |
CVE-2009-1207 | 4.4 |
Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.
|
29-09-2017 - 01:34 | 01-04-2009 - 10:30 | |
CVE-2009-1233 | 4.3 |
Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.
|
29-09-2017 - 01:34 | 02-04-2009 - 17:30 | |
CVE-2009-0923 | 7.8 |
Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vector
|
29-09-2017 - 01:34 | 17-03-2009 - 19:30 | |
CVE-2009-1234 | 4.3 |
Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.
|
29-09-2017 - 01:34 | 02-04-2009 - 17:30 | |
CVE-2009-0910 | 6.8 |
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows re
|
29-09-2017 - 01:34 | 06-04-2009 - 15:30 | |
CVE-2009-0913 | 4.7 |
Unspecified vulnerability in the keysock kernel module in Solaris 10 and OpenSolaris builds snv_01 through snv_108 allows local users to cause a denial of service (system panic) via unknown vectors related to PF_KEY socket, probably related to settin
|
29-09-2017 - 01:34 | 16-03-2009 - 17:30 | |
CVE-2009-0914 | 9.3 |
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.
|
29-09-2017 - 01:34 | 16-03-2009 - 19:30 | |
CVE-2009-0798 | 5.0 |
ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
|
29-09-2017 - 01:34 | 24-04-2009 - 15:30 | |
CVE-2009-0775 | 10.0 |
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not
|
29-09-2017 - 01:34 | 05-03-2009 - 02:30 | |
CVE-2009-0777 | 5.8 |
Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers
|
29-09-2017 - 01:34 | 05-03-2009 - 02:30 | |
CVE-2008-6472 | 4.3 |
The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
|
29-09-2017 - 01:33 | 14-03-2009 - 18:30 | |
CVE-2009-0547 | 5.0 |
Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a differe
|
29-09-2017 - 01:33 | 12-02-2009 - 23:30 | |
CVE-2009-0688 | 7.5 |
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/sasl
|
29-09-2017 - 01:33 | 15-05-2009 - 15:30 | |
CVE-2009-0353 | 10.0 |
Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
|
29-09-2017 - 01:33 | 04-02-2009 - 19:30 | |
CVE-2009-0321 | 4.3 |
Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (
|
29-09-2017 - 01:33 | 28-01-2009 - 18:30 | |
CVE-2009-0346 | 4.9 |
The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IP
|
29-09-2017 - 01:33 | 29-01-2009 - 19:30 | |
CVE-2009-0480 | 4.9 |
The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by
|
29-09-2017 - 01:33 | 09-02-2009 - 16:30 | |
CVE-2009-0268 | 4.9 |
Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in
|
29-09-2017 - 01:33 | 26-01-2009 - 15:30 | |
CVE-2009-0267 | 5.0 |
libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-
|
29-09-2017 - 01:33 | 26-01-2009 - 15:30 | |
CVE-2009-0319 | 6.9 |
Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr pr
|
29-09-2017 - 01:33 | 28-01-2009 - 18:30 | |
CVE-2009-0519 | 9.3 |
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
|
29-09-2017 - 01:33 | 26-02-2009 - 16:17 | |
CVE-2009-0008 | 7.6 |
Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. per http://lists.apple.c
|
29-09-2017 - 01:33 | 22-01-2009 - 18:30 | |
CVE-2009-0007 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms w
|
29-09-2017 - 01:33 | 21-01-2009 - 20:30 | |
CVE-2008-4210 | 4.6 |
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspec
|
29-09-2017 - 01:32 | 29-09-2008 - 17:17 | |
CVE-2008-5684 | 5.0 |
Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port sca
|
29-09-2017 - 01:32 | 19-12-2008 - 17:30 | |
CVE-2008-5410 | 7.8 |
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via
|
29-09-2017 - 01:32 | 10-12-2008 - 00:30 | |
CVE-2008-5343 | 9.0 |
Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-5316 | 10.0 |
Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the in
|
29-09-2017 - 01:32 | 03-12-2008 - 17:30 | |
CVE-2008-5690 | 2.1 |
The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permis
|
29-09-2017 - 01:32 | 19-12-2008 - 17:30 | |
CVE-2008-4690 | 10.0 |
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulne
|
29-09-2017 - 01:32 | 22-10-2008 - 18:00 | |
CVE-2008-4116 | 9.3 |
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 o
|
29-09-2017 - 01:32 | 18-09-2008 - 15:04 | |
CVE-2008-5342 | 5.0 |
Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-4018 | 7.2 |
swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be lev
|
29-09-2017 - 01:31 | 11-09-2008 - 01:13 | |
CVE-2008-3815 | 4.3 |
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Mi
|
29-09-2017 - 01:31 | 23-10-2008 - 22:00 | |
CVE-2008-3810 | 7.8 |
Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than C
|
29-09-2017 - 01:31 | 26-09-2008 - 16:21 | |
CVE-2008-3875 | 7.2 |
The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors inv
|
29-09-2017 - 01:31 | 02-09-2008 - 14:24 | |
CVE-2008-3816 | 7.8 |
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet.
|
29-09-2017 - 01:31 | 23-10-2008 - 22:00 | |
CVE-2008-3811 | 7.8 |
Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different vulnera
|
29-09-2017 - 01:31 | 26-09-2008 - 16:21 | |
CVE-2008-3817 | 7.8 |
Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets,
|
29-09-2017 - 01:31 | 23-10-2008 - 22:00 | |
CVE-2008-2366 | 4.4 |
Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to
|
29-09-2017 - 01:31 | 16-06-2008 - 18:41 | |
CVE-2008-2244 | 9.3 |
Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
|
29-09-2017 - 01:31 | 09-07-2008 - 22:41 | |
CVE-2008-2379 | 4.3 |
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.
|
29-09-2017 - 01:31 | 05-12-2008 - 00:30 | |
CVE-2008-2463 | 6.8 |
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine
|
29-09-2017 - 01:31 | 07-07-2008 - 23:41 | |
CVE-2008-2089 | 7.8 |
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.
|
29-09-2017 - 01:31 | 06-05-2008 - 15:20 | |
CVE-2008-2090 | 7.8 |
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.
|
29-09-2017 - 01:31 | 06-05-2008 - 15:20 | |
CVE-2008-3567 | 4.3 |
Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.
|
29-09-2017 - 01:31 | 10-08-2008 - 20:41 | |
CVE-2008-2706 | 4.9 |
Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference.
|
29-09-2017 - 01:31 | 16-06-2008 - 18:41 | |
CVE-2008-2418 | 4.7 |
Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
|
29-09-2017 - 01:31 | 23-05-2008 - 15:32 | |
CVE-2008-3279 | 6.9 |
Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Sear
|
29-09-2017 - 01:31 | 05-04-2010 - 15:30 | |
CVE-2008-2538 | 6.9 |
Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.
|
29-09-2017 - 01:31 | 03-06-2008 - 15:32 | |
CVE-2007-6682 | 7.5 |
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
|
29-09-2017 - 01:30 | 17-01-2008 - 01:00 | |
CVE-2008-1684 | 4.7 |
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
|
29-09-2017 - 01:30 | 06-04-2008 - 23:44 | |
CVE-2008-1655 | 4.3 |
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
|
29-09-2017 - 01:30 | 09-04-2008 - 21:05 | |
CVE-2008-1710 | 7.2 |
Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.
|
29-09-2017 - 01:30 | 09-04-2008 - 19:05 | |
CVE-2008-1769 | 6.8 |
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.
|
29-09-2017 - 01:30 | 25-04-2008 - 06:05 | |
CVE-2008-1779 | 6.8 |
Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.
|
29-09-2017 - 01:30 | 14-04-2008 - 16:05 | |
CVE-2008-0882 | 10.0 |
Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to
|
29-09-2017 - 01:30 | 21-02-2008 - 19:44 | |
CVE-2008-1151 | 7.1 |
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated afte
|
29-09-2017 - 01:30 | 27-03-2008 - 17:44 | |
CVE-2008-0598 | 4.9 |
Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.
|
29-09-2017 - 01:30 | 30-06-2008 - 22:41 | |
CVE-2008-1156 | 5.1 |
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree
|
29-09-2017 - 01:30 | 27-03-2008 - 10:44 | |
CVE-2008-0509 | 4.4 |
Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh.
|
29-09-2017 - 01:30 | 31-01-2008 - 20:00 | |
CVE-2008-1152 | 7.8 |
The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.
|
29-09-2017 - 01:30 | 27-03-2008 - 17:44 | |
CVE-2008-1187 | 6.8 |
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrar
|
29-09-2017 - 01:30 | 06-03-2008 - 21:44 | |
CVE-2008-1153 | 7.1 |
Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.
|
29-09-2017 - 01:30 | 27-03-2008 - 10:44 | |
CVE-2008-1150 | 7.1 |
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) dat
|
29-09-2017 - 01:30 | 27-03-2008 - 17:44 | |
CVE-2008-1274 | 6.9 |
Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory. Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path'
|
29-09-2017 - 01:30 | 10-03-2008 - 23:44 | |
CVE-2008-0242 | 7.2 |
Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.
|
29-09-2017 - 01:30 | 12-01-2008 - 02:46 | |
CVE-2008-0938 | 4.7 |
Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability th
|
29-09-2017 - 01:30 | 25-02-2008 - 18:44 | |
CVE-2008-1191 | 6.8 |
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue."
|
29-09-2017 - 01:30 | 06-03-2008 - 21:44 | |
CVE-2008-1115 | 4.9 |
Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.
|
29-09-2017 - 01:30 | 03-03-2008 - 18:44 | |
CVE-2008-0718 | 4.7 |
Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.
|
29-09-2017 - 01:30 | 12-02-2008 - 02:00 | |
CVE-2007-5651 | 7.1 |
Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and
|
29-09-2017 - 01:29 | 23-10-2007 - 21:47 | |
CVE-2007-5118 | 4.7 |
Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors.
|
29-09-2017 - 01:29 | 27-09-2007 - 17:17 | |
CVE-2007-5716 | 7.8 |
Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors, probably related to a UDP packet.
|
29-09-2017 - 01:29 | 30-10-2007 - 21:46 | |
CVE-2007-5496 | 1.9 |
Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during com
|
29-09-2017 - 01:29 | 23-05-2008 - 15:32 | |
CVE-2007-5132 | 4.9 |
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."
|
29-09-2017 - 01:29 | 27-09-2007 - 19:17 | |
CVE-2007-6110 | 4.3 |
Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
|
29-09-2017 - 01:29 | 23-11-2007 - 20:46 | |
CVE-2007-5319 | 3.5 |
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.
|
29-09-2017 - 01:29 | 09-10-2007 - 22:17 | |
CVE-2007-5666 | 6.2 |
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by
|
29-09-2017 - 01:29 | 12-02-2008 - 19:00 | |
CVE-2007-4732 | 4.9 |
Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.
|
29-09-2017 - 01:29 | 06-09-2007 - 19:17 | |
CVE-2007-5367 | 4.9 |
Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors.
|
29-09-2017 - 01:29 | 11-10-2007 - 10:17 | |
CVE-2007-4623 | 7.2 |
Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.
|
29-09-2017 - 01:29 | 05-11-2007 - 16:46 | |
CVE-2007-6063 | 6.9 |
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
|
29-09-2017 - 01:29 | 21-11-2007 - 00:46 | |
CVE-2007-5901 | 6.9 |
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. Information from Apple
|
29-09-2017 - 01:29 | 06-12-2007 - 02:46 | |
CVE-2007-4285 | 9.0 |
Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or
|
29-09-2017 - 01:29 | 09-08-2007 - 21:17 | |
CVE-2007-4294 | 6.8 |
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
|
29-09-2017 - 01:29 | 09-08-2007 - 21:17 | |
CVE-2007-4293 | 7.1 |
Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.
|
29-09-2017 - 01:29 | 09-08-2007 - 21:17 | |
CVE-2007-4381 | 9.3 |
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to it
|
29-09-2017 - 01:29 | 17-08-2007 - 21:17 | |
CVE-2007-4574 | 4.7 |
Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vectors.
|
29-09-2017 - 01:29 | 23-10-2007 - 10:46 | |
CVE-2007-4570 | 1.9 |
Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels.
|
29-09-2017 - 01:29 | 10-11-2007 - 00:46 | |
CVE-2007-4263 | 8.5 |
Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.
|
29-09-2017 - 01:29 | 08-08-2007 - 23:17 | |
CVE-2007-3922 | 6.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an
|
29-09-2017 - 01:29 | 21-07-2007 - 00:30 | |
CVE-2007-4295 | 6.8 |
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.
|
29-09-2017 - 01:29 | 09-08-2007 - 21:17 | |
CVE-2007-4291 | 7.1 |
Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with
|
29-09-2017 - 01:29 | 09-08-2007 - 21:17 | |
CVE-2007-3471 | 7.2 |
Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.
|
29-09-2017 - 01:29 | 28-06-2007 - 18:30 | |
CVE-2007-3469 | 4.9 |
Unspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors.
|
29-09-2017 - 01:29 | 28-06-2007 - 18:30 | |
CVE-2007-4513 | 7.2 |
Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.
|
29-09-2017 - 01:29 | 05-11-2007 - 16:46 | |
CVE-2007-4292 | 9.3 |
Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, an
|
29-09-2017 - 01:29 | 09-08-2007 - 21:17 | |
CVE-2007-4070 | 4.9 |
Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors.
|
29-09-2017 - 01:29 | 30-07-2007 - 17:30 | |
CVE-2012-0068 | 4.3 |
The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small.
|
27-09-2017 - 01:29 | 11-04-2012 - 10:39 | |
CVE-2013-5838 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Per http://www.oracle.com/te
|
19-09-2017 - 01:36 | 16-10-2013 - 17:55 | |
CVE-2013-6622 | 6.8 |
Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspec
|
19-09-2017 - 01:36 | 13-11-2013 - 15:55 | |
CVE-2013-6625 | 6.8 |
Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM r
|
19-09-2017 - 01:36 | 13-11-2013 - 15:55 | |
CVE-2013-5419 | 6.9 |
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.
|
19-09-2017 - 01:36 | 04-10-2013 - 10:44 | |
CVE-2013-6624 | 7.5 |
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes. CWE-416: Use After Free per htt
|
19-09-2017 - 01:36 | 13-11-2013 - 15:55 | |
CVE-2013-5771 | 6.4 |
Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality and availability via unknown vectors.
|
19-09-2017 - 01:36 | 16-10-2013 - 15:55 | |
CVE-2013-6337 | 4.3 |
Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
|
19-09-2017 - 01:36 | 04-11-2013 - 16:55 | |
CVE-2013-2736 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2723 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2871 | 7.5 |
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2840 | 7.5 |
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2924 | 7.5 |
Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown ve
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
CVE-2013-2841 | 7.5 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-3346 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 30-08-2013 - 20:55 | |
CVE-2013-3035 | 7.1 |
The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.
|
19-09-2017 - 01:36 | 21-06-2013 - 14:55 | |
CVE-2013-2922 | 6.8 |
Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
CVE-2013-2858 | 7.5 |
Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2734 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2721 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2846 | 7.5 |
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2550 | 7.5 |
Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.
|
19-09-2017 - 01:36 | 11-03-2013 - 10:55 | |
CVE-2013-2438 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-3355 | 10.0 |
Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3352 an
|
19-09-2017 - 01:36 | 12-09-2013 - 13:28 | |
CVE-2013-2727 | 10.0 |
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2729.
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2427 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2426 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Li
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2844 | 7.5 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolutio
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2733 | 10.0 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2730.
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2725 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2873 | 7.5 |
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources.
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-4277 | 3.3 |
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
|
19-09-2017 - 01:36 | 16-09-2013 - 19:14 | |
CVE-2013-3338 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2904 | 7.5 |
Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via
|
19-09-2017 - 01:36 | 21-08-2013 - 12:17 | |
CVE-2013-2860 | 7.5 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2720 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2925 | 6.8 |
Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conf
|
19-09-2017 - 01:36 | 16-10-2013 - 20:55 | |
CVE-2013-2909 | 7.5 |
Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicod
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
CVE-2013-2434 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2421 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Ho
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-3356 | 10.0 |
Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3353.
|
19-09-2017 - 01:36 | 12-09-2013 - 13:28 | |
CVE-2013-2857 | 7.5 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2910 | 7.5 |
Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified ot
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
CVE-2013-2861 | 7.5 |
Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2436 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Librarie
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2918 | 7.5 |
Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of ser
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
CVE-2013-2911 | 6.8 |
Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecifi
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
CVE-2013-2842 | 7.5 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2731 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2718 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2719, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-4922 | 5.0 |
Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (applica
|
19-09-2017 - 01:36 | 30-07-2013 - 00:56 | |
CVE-2013-3358 | 10.0 |
Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3357.
|
19-09-2017 - 01:36 | 12-09-2013 - 13:28 | |
CVE-2013-3352 | 10.0 |
Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3354 an
|
19-09-2017 - 01:36 | 12-09-2013 - 13:28 | |
CVE-2013-2921 | 6.8 |
Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possib
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
CVE-2013-2843 | 7.5 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2735 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2926 | 6.8 |
Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows user-assisted remote attackers to cause a denial of ser
|
19-09-2017 - 01:36 | 16-10-2013 - 20:55 | |
CVE-2013-2549 | 7.5 |
Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.
|
19-09-2017 - 01:36 | 11-03-2013 - 10:55 | |
CVE-2013-3826 | 5.0 |
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. Per http://www.oracle.com/technetwork/topics/security/cp
|
19-09-2017 - 01:36 | 16-10-2013 - 15:55 | |
CVE-2013-3339 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2913 | 6.8 |
Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
CVE-2013-2729 | 10.0 |
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2914 | 6.8 |
Use-after-free vulnerability in the color-chooser dialog in Google Chrome before 30.0.1599.66 on Windows allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to color_chooser_dialog.cc and
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
CVE-2013-2884 | 7.5 |
Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns
|
19-09-2017 - 01:36 | 31-07-2013 - 13:20 | |
CVE-2013-2856 | 7.5 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2730 | 10.0 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733.
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2719 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-3341 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2903 | 7.5 |
Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspec
|
19-09-2017 - 01:36 | 21-08-2013 - 12:17 | |
CVE-2013-2722 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2428 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2415 | 2.1 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is f
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2414 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2726 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2425 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-3354 | 10.0 |
Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3352 an
|
19-09-2017 - 01:36 | 12-09-2013 - 13:28 | |
CVE-2013-2870 | 9.3 |
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request.
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2837 | 7.5 |
Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2902 | 7.5 |
Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related t
|
19-09-2017 - 01:36 | 21-08-2013 - 12:17 | |
CVE-2013-2431 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Ho
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-4131 | 4.0 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) M
|
19-09-2017 - 01:36 | 31-07-2013 - 13:20 | |
CVE-2013-2912 | 7.5 |
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
CVE-2013-2732 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-3357 | 10.0 |
Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3358.
|
19-09-2017 - 01:36 | 12-09-2013 - 13:28 | |
CVE-2013-3337 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, C
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-2423 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2416 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-3353 | 10.0 |
Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3356.
|
19-09-2017 - 01:36 | 12-09-2013 - 13:28 | |
CVE-2013-3005 | 8.5 |
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.
|
19-09-2017 - 01:36 | 06-07-2013 - 13:57 | |
CVE-2013-2883 | 7.5 |
Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object.
|
19-09-2017 - 01:36 | 31-07-2013 - 13:20 | |
CVE-2013-1724 | 9.3 |
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1681 | 10.0 |
Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbi
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1674 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event d
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1489 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very Hig
|
19-09-2017 - 01:36 | 31-01-2013 - 14:55 | |
CVE-2013-1722 | 9.3 |
Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey befor
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1482 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:36 | 02-02-2013 - 00:55 | |
CVE-2013-1684 | 9.3 |
Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote at
|
19-09-2017 - 01:36 | 26-06-2013 - 03:19 | |
CVE-2013-1483 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:36 | 02-02-2013 - 00:55 | |
CVE-2013-1472 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:36 | 02-02-2013 - 00:55 | |
CVE-2013-1589 | 2.9 |
Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
|
19-09-2017 - 01:36 | 03-02-2013 - 01:55 | |
CVE-2013-1884 | 5.0 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitiali
|
19-09-2017 - 01:36 | 02-05-2013 - 14:55 | |
CVE-2013-1564 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-1849 | 4.3 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL. Per: http://cw
|
19-09-2017 - 01:36 | 02-05-2013 - 14:55 | |
CVE-2013-2268 | 7.5 |
Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue.
|
19-09-2017 - 01:36 | 23-02-2013 - 21:55 | |
CVE-2013-1488 | 10.0 |
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the
|
19-09-2017 - 01:36 | 08-03-2013 - 18:55 | |
CVE-2013-1686 | 10.0 |
Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or caus
|
19-09-2017 - 01:36 | 26-06-2013 - 03:19 | |
CVE-2013-1679 | 10.0 |
Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute a
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1847 | 5.0 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. Per:
|
19-09-2017 - 01:36 | 02-05-2013 - 14:55 | |
CVE-2013-1477 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:36 | 02-02-2013 - 00:55 | |
CVE-2013-1474 | 9.3 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:36 | 02-02-2013 - 00:55 | |
CVE-2013-1680 | 10.0 |
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code o
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1561 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-1738 | 9.3 |
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1735 | 9.3 |
Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attac
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1406 | 7.2 |
The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1
|
19-09-2017 - 01:36 | 11-02-2013 - 22:55 | |
CVE-2013-1685 | 9.3 |
Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary co
|
19-09-2017 - 01:36 | 26-06-2013 - 03:19 | |
CVE-2012-5978 | 5.0 |
Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors.
|
19-09-2017 - 01:35 | 19-12-2012 - 11:56 | |
CVE-2012-5611 | 6.5 |
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before
|
19-09-2017 - 01:35 | 03-12-2012 - 12:49 | |
CVE-2012-3754 | 9.3 |
Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
|
19-09-2017 - 01:35 | 09-11-2012 - 19:55 | |
CVE-2012-3684 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3621 | 9.3 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-5080 | 7.6 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5078. Per: http://w
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-5078 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5080. Per: http://w
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-3704 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3692 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3648 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3602 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-5121 | 7.5 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-5088 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Per: http://ww
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-4159 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-5156 | 6.8 |
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields.
|
19-09-2017 - 01:35 | 15-01-2013 - 21:55 | |
CVE-2012-5109 | 5.0 |
The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression.
|
19-09-2017 - 01:35 | 09-10-2012 - 11:13 | |
CVE-2012-3701 | 9.3 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3671 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-5126 | 7.5 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of plug-in placeholders.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-4157 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-4155 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-4152 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-3710 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3700 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3649 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-5237 | 3.3 |
The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
|
19-09-2017 - 01:35 | 04-10-2012 - 19:55 | |
CVE-2012-3651 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-5112 | 10.0 |
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:35 | 11-10-2012 - 10:51 | |
CVE-2012-3659 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3632 | 9.3 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-5166 | 7.8 |
ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
|
19-09-2017 - 01:35 | 10-10-2012 - 21:55 | |
CVE-2012-3221 | 2.1 |
Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from th
|
19-09-2017 - 01:35 | 17-10-2012 - 10:54 | |
CVE-2012-4154 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-3623 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-4156 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-3889 | 6.8 |
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.
|
19-09-2017 - 01:35 | 11-07-2012 - 10:26 | |
CVE-2012-3622 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-5116 | 7.5 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-4150 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-4148 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-3703 | 8.3 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3652 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3612 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3601 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-4158 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-5070 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct201
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-4206 | 6.9 |
Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. Per: http://cwe.mitre.
|
19-09-2017 - 01:35 | 21-11-2012 - 12:55 | |
CVE-2012-5470 | 4.3 |
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. Per http://www.videolan.org/security/sa1203.html
When parsing an invalid PNG image file, a buffer ove
|
19-09-2017 - 01:35 | 26-10-2012 - 10:39 | |
CVE-2012-5082 | 5.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
"Appl
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-5076 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS. Per: http://www.oracle.com/technetwo
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-5087 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. Per: http://www.or
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-3974 | 6.9 |
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse e
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-3688 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3654 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3614 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3958 | 10.0 |
Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-3687 | 9.3 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3676 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3660 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3613 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-5125 | 7.5 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-4153 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-4151 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-4149 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-3890 | 6.8 |
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.
|
19-09-2017 - 01:35 | 11-07-2012 - 10:26 | |
CVE-2012-3707 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-4301 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2012-3706 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3677 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3616 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3220 | 9.0 |
Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privileges to affect confidentiality, integrity, and ava
|
19-09-2017 - 01:35 | 17-01-2013 - 01:55 | |
CVE-2012-4160 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-3708 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3685 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3647 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-4048 | 3.3 |
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon
|
19-09-2017 - 01:35 | 24-07-2012 - 19:55 | |
CVE-2012-3970 | 10.0 |
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execu
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-3964 | 10.0 |
Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-3658 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3643 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3617 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3598 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-4147 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
|
19-09-2017 - 01:35 | 15-08-2012 - 10:31 | |
CVE-2012-3675 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3607 | 9.3 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-5110 | 5.0 |
The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
19-09-2017 - 01:35 | 09-10-2012 - 11:13 | |
CVE-2012-3705 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3657 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-5067 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Per: http://www.oracle.com/technetwork/top
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-3702 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3672 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-5074 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS. Per: http://www.oracle.com/technetwork/topics/secur
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-3711 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3699 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3751 | 9.3 |
Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT eleme
|
19-09-2017 - 01:35 | 09-11-2012 - 19:55 | |
CVE-2012-3712 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3673 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-4305 | 9.3 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2012-3709 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3606 | 9.3 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-3624 | 6.8 |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
|
19-09-2017 - 01:35 | 13-09-2012 - 10:30 | |
CVE-2012-2855 | 6.8 |
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified o
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2012-2862 | 6.8 |
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
|
19-09-2017 - 01:35 | 09-08-2012 - 10:29 | |
CVE-2012-2889 | 4.3 |
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."
|
19-09-2017 - 01:35 | 26-09-2012 - 10:56 | |
CVE-2013-0905 | 7.5 |
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation.
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2012-2890 | 6.8 |
Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
|
19-09-2017 - 01:35 | 26-09-2012 - 10:56 | |
CVE-2012-2857 | 6.8 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2013-0920 | 7.5 |
Use-after-free vulnerability in the extension bookmarks API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:35 | 28-03-2013 - 12:18 | |
CVE-2013-0903 | 7.5 |
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of browser navigation.
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2012-2842 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling.
|
19-09-2017 - 01:35 | 12-07-2012 - 21:55 | |
CVE-2012-2843 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking.
|
19-09-2017 - 01:35 | 12-07-2012 - 21:55 | |
CVE-2012-2893 | 6.8 |
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
|
19-09-2017 - 01:35 | 26-09-2012 - 10:56 | |
CVE-2012-2892 | 5.0 |
Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors.
|
19-09-2017 - 01:35 | 26-09-2012 - 10:56 | |
CVE-2013-0902 | 7.5 |
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2013-0797 | 6.9 |
Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges
|
19-09-2017 - 01:35 | 03-04-2013 - 11:56 | |
CVE-2013-0911 | 7.5 |
Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases.
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2013-0916 | 7.5 |
Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:35 | 28-03-2013 - 12:18 | |
CVE-2013-0839 | 7.5 |
Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements.
|
19-09-2017 - 01:35 | 24-01-2013 - 21:55 | |
CVE-2013-0640 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February
|
19-09-2017 - 01:35 | 14-02-2013 - 01:55 | |
CVE-2013-0612 | 10.0 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0615, CVE-2013-0617, a
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0618 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0610 | 10.0 |
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0626.
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0436 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0402 | 10.0 |
Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstr
|
19-09-2017 - 01:35 | 08-03-2013 - 18:55 | |
CVE-2013-0787 | 9.3 |
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey
|
19-09-2017 - 01:35 | 11-03-2013 - 10:55 | |
CVE-2013-0601 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0447 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0622 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0624.
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0607 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0608, CVE-2013-0611, CVE-2013
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0444 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0616 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0605 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0437 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0619 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0449 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Per http://www.oracle.com/technetwork/topics/
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0439 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0623 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0611 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0641 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
|
19-09-2017 - 01:35 | 14-02-2013 - 01:55 | |
CVE-2013-0621 | 10.0 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, a
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0620 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0603 | 10.0 |
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0604.
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0617 | 10.0 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, a
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0602 | 10.0 |
Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0624 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0622.
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0613 | 10.0 |
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0609.
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0627 | 7.2 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows local users to gain privileges via unknown vectors.
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0604 | 10.0 |
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0603.
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0448 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries. Per http://www.oracle.com/technetwork/topics/securit
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0431 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Iss
|
19-09-2017 - 01:35 | 31-01-2013 - 14:55 | |
CVE-2013-0606 | 10.0 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, a
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0614 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0609 | 10.0 |
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0613.
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0615 | 10.0 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0617, a
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0626 | 10.0 |
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0610.
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2013-0608 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0611, CVE-2013
|
19-09-2017 - 01:35 | 10-01-2013 - 11:56 | |
CVE-2011-4100 | 4.3 |
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malfo
|
19-09-2017 - 01:34 | 03-11-2011 - 15:55 | |
CVE-2011-4693 | 9.3 |
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp m
|
19-09-2017 - 01:34 | 07-12-2011 - 20:55 | |
CVE-2011-3886 | 6.8 |
Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations.
|
19-09-2017 - 01:34 | 25-10-2011 - 19:55 | |
CVE-2011-3666 | 6.8 |
Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerabilit
|
19-09-2017 - 01:34 | 21-12-2011 - 04:02 | |
CVE-2011-3648 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-4369 | 10.0 |
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x
|
19-09-2017 - 01:34 | 16-12-2011 - 19:55 | |
CVE-2011-4694 | 9.3 |
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp
|
19-09-2017 - 01:34 | 07-12-2011 - 20:55 | |
CVE-2011-3597 | 7.5 |
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
|
19-09-2017 - 01:34 | 13-01-2012 - 18:55 | |
CVE-2011-4603 | 5.0 |
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash)
|
19-09-2017 - 01:34 | 17-12-2011 - 03:54 | |
CVE-2012-2764 | 7.2 |
Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2818 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS)
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-1726 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
|
19-09-2017 - 01:34 | 16-06-2012 - 21:55 | |
CVE-2012-2823 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2831 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2051 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4147,
|
19-09-2017 - 01:34 | 15-08-2012 - 10:31 | |
CVE-2012-1543 | 7.6 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:34 | 02-02-2013 - 00:55 | |
CVE-2012-2829 | 7.5 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-lett
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-1530 | 10.0 |
Heap-based buffer overflow in the XSLT engine in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containi
|
19-09-2017 - 01:34 | 10-01-2013 - 11:56 | |
CVE-2012-2824 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2817 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-0111 | 3.6 |
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.
|
19-09-2017 - 01:34 | 18-01-2012 - 22:55 | |
CVE-2012-0043 | 5.8 |
Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execu
|
19-09-2017 - 01:34 | 11-04-2012 - 10:39 | |
CVE-2012-0042 | 2.9 |
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to ep
|
19-09-2017 - 01:34 | 11-04-2012 - 10:39 | |
CVE-2012-0671 | 9.3 |
Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.
|
19-09-2017 - 01:34 | 16-05-2012 - 10:12 | |
CVE-2012-0041 | 4.3 |
The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.
|
19-09-2017 - 01:34 | 11-04-2012 - 10:39 | |
CVE-2012-0105 | 3.7 |
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions.
|
19-09-2017 - 01:34 | 18-01-2012 - 22:55 | |
CVE-2012-0066 | 4.3 |
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.
|
19-09-2017 - 01:34 | 11-04-2012 - 10:39 | |
CVE-2011-3483 | 4.3 |
Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability."
|
19-09-2017 - 01:33 | 20-09-2011 - 10:55 | |
CVE-2011-3482 | 4.3 |
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via
|
19-09-2017 - 01:33 | 20-09-2011 - 10:55 | |
CVE-2011-3360 | 9.3 |
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426:
|
19-09-2017 - 01:33 | 20-09-2011 - 10:55 | |
CVE-2011-3238 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-3484 | 4.3 |
The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and applicati
|
19-09-2017 - 01:33 | 20-09-2011 - 10:55 | |
CVE-2011-3251 | 9.3 |
Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.
|
19-09-2017 - 01:33 | 28-10-2011 - 02:49 | |
CVE-2011-3241 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-3239 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-3237 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-3236 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-3233 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-3244 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-3235 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-3111 | 5.0 |
Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (invalid read operation) via unspecified vectors.
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-3105 | 7.5 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-lett
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-2993 | 9.3 |
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypas
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2815 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-2433 | 9.3 |
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437.
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-3110 | 7.5 |
The PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-2597 | 4.3 |
The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets.
|
19-09-2017 - 01:33 | 07-07-2011 - 19:55 | |
CVE-2011-2440 | 9.3 |
Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2811 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-2814 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-2439 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability."
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-3108 | 10.0 |
Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to the browser cache.
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-2980 | 7.2 |
Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Troja
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-3112 | 5.0 |
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document.
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-3104 | 5.0 |
Skia, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-2999 | 4.3 |
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a diffe
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2442 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability."
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2816 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-2813 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-3115 | 7.5 |
Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger "type corruption."
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-3005 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2820 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-2809 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-2605 | 4.3 |
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass inten
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2373 | 7.6 |
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2831 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-2817 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:33 | 12-10-2011 - 18:55 | |
CVE-2011-2462 | 10.0 |
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory
|
19-09-2017 - 01:33 | 07-12-2011 - 19:55 | |
CVE-2011-2434 | 9.3 |
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437.
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2996 | 10.0 |
Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2431 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability."
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2437 | 9.3 |
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434.
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2369 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2102 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors. Per: http://www.adobe.com/support/security/bulletins/apsb11-16.html
'Note: Updat
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2097 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2365 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
|
19-09-2017 - 01:32 | 30-06-2011 - 16:55 | |
CVE-2011-2339 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:32 | 12-10-2011 - 18:55 | |
CVE-2011-2094 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2095 and CVE-2011-2
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-1846 | 6.5 |
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a
|
19-09-2017 - 01:32 | 03-05-2011 - 20:55 | |
CVE-2011-2098 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2364 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
|
19-09-2017 - 01:32 | 30-06-2011 - 16:55 | |
CVE-2011-2095 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2356 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:32 | 12-10-2011 - 18:55 | |
CVE-2011-1373 | 1.5 |
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vecto
|
19-09-2017 - 01:32 | 09-11-2011 - 23:55 | |
CVE-2011-2101 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script exec
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2341 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:32 | 12-10-2011 - 18:55 | |
CVE-2011-1956 | 4.3 |
The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic. Per: http://cwe.mitre.org/data/d
|
19-09-2017 - 01:32 | 06-06-2011 - 19:55 | |
CVE-2011-2174 | 4.3 |
Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib
|
19-09-2017 - 01:32 | 06-06-2011 - 19:55 | |
CVE-2011-1592 | 4.3 |
The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via
|
19-09-2017 - 01:32 | 29-04-2011 - 22:55 | |
CVE-2011-2354 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:32 | 12-10-2011 - 18:55 | |
CVE-2011-1353 | 6.9 |
Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors.
|
19-09-2017 - 01:32 | 15-09-2011 - 12:26 | |
CVE-2011-1921 | 4.3 |
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly reada
|
19-09-2017 - 01:32 | 06-06-2011 - 19:55 | |
CVE-2011-2099 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2075 | 9.3 |
Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabil
|
19-09-2017 - 01:32 | 10-05-2011 - 18:55 | |
CVE-2011-2363 | 10.0 |
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial
|
19-09-2017 - 01:32 | 30-06-2011 - 16:55 | |
CVE-2011-2338 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:32 | 12-10-2011 - 18:55 | |
CVE-2011-2100 | 6.9 |
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://cwe.mitre.org
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2300 | 3.7 |
Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.
|
19-09-2017 - 01:32 | 21-07-2011 - 00:55 | |
CVE-2011-1959 | 4.3 |
The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large leng
|
19-09-2017 - 01:32 | 06-06-2011 - 19:55 | |
CVE-2011-2352 | 7.6 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
|
19-09-2017 - 01:32 | 12-10-2011 - 18:55 | |
CVE-2011-2305 | 6.2 |
Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
|
19-09-2017 - 01:32 | 21-07-2011 - 00:55 | |
CVE-2011-2175 | 4.3 |
Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a he
|
19-09-2017 - 01:32 | 06-06-2011 - 19:55 | |
CVE-2011-1475 | 5.0 |
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP
|
19-09-2017 - 01:32 | 08-04-2011 - 15:17 | |
CVE-2011-1139 | 4.3 |
wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field.
|
19-09-2017 - 01:32 | 03-03-2011 - 01:00 | |
CVE-2011-0715 | 4.3 |
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. Per: http
|
19-09-2017 - 01:32 | 11-03-2011 - 22:55 | |
CVE-2011-0681 | 4.3 |
The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
CVE-2011-0445 | 5.0 |
The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap.
|
19-09-2017 - 01:32 | 13-01-2011 - 01:00 | |
CVE-2011-0683 | 4.3 |
Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
CVE-2011-0450 | 7.6 |
The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executab
|
19-09-2017 - 01:32 | 31-01-2011 - 20:00 | |
CVE-2011-0684 | 5.0 |
Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensit
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
CVE-2011-0531 | 9.3 |
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory co
|
19-09-2017 - 01:32 | 07-02-2011 - 21:00 | |
CVE-2011-1141 | 4.3 |
epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many e
|
19-09-2017 - 01:32 | 03-03-2011 - 01:00 | |
CVE-2011-0686 | 5.0 |
Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
CVE-2011-0638 | 6.9 |
Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and
|
19-09-2017 - 01:32 | 25-01-2011 - 01:00 | |
CVE-2011-0538 | 6.8 |
Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have uns
|
19-09-2017 - 01:32 | 08-02-2011 - 22:00 | |
CVE-2011-0685 | 2.1 |
The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
CVE-2011-0687 | 4.3 |
Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
CVE-2011-0522 | 6.8 |
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a su
|
19-09-2017 - 01:32 | 07-02-2011 - 21:00 | |
CVE-2011-0912 | 9.3 |
Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a
|
19-09-2017 - 01:32 | 08-02-2011 - 22:00 | |
CVE-2010-4374 | 4.3 |
The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length.
|
19-09-2017 - 01:31 | 02-12-2010 - 16:22 | |
CVE-2010-3822 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to exe
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-4700 | 6.8 |
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injecti
|
19-09-2017 - 01:31 | 18-01-2011 - 20:00 | |
CVE-2010-3635 | 10.0 |
Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to execute arbitrary code via unspecified vectors, related to a "segmentation fault vulnerability."
|
19-09-2017 - 01:31 | 10-11-2010 - 03:00 | |
CVE-2010-4485 | 4.3 |
Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-3826 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attacker
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3775 | 9.3 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary loca
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3771 | 6.8 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome priv
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3813 | 5.8 |
The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly othe
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-4044 | 4.3 |
Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3805 | 9.3 |
Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors invo
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-4414 | 6.8 |
Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Extensions.
|
19-09-2017 - 01:31 | 19-01-2011 - 16:00 | |
CVE-2010-3817 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allow
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3768 | 9.3 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3638 | 4.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors.
|
19-09-2017 - 01:31 | 07-11-2010 - 22:00 | |
CVE-2010-3634 | 5.0 |
Unspecified vulnerability in the edge process in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service via unknown vectors.
|
19-09-2017 - 01:31 | 10-11-2010 - 03:00 | |
CVE-2010-4490 | 9.3 |
Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-3824 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3804 | 5.0 |
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attacke
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3774 | 4.3 |
The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remo
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3772 | 9.3 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-4508 | 10.0 |
The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification.
|
19-09-2017 - 01:31 | 09-12-2010 - 20:00 | |
CVE-2010-4478 | 7.5 |
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending c
|
19-09-2017 - 01:31 | 06-12-2010 - 22:30 | |
CVE-2010-3563 | 10.0 |
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-4484 | 5.0 |
Google Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-3821 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attacker
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-4422 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
|
19-09-2017 - 01:31 | 17-02-2011 - 19:00 | |
CVE-2010-3769 | 9.3 |
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers t
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-4301 | 5.0 |
epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.
|
19-09-2017 - 01:31 | 26-11-2010 - 19:00 | |
CVE-2010-3816 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3778 | 9.3 |
Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3741 | 4.7 |
The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.
|
19-09-2017 - 01:31 | 05-10-2010 - 18:00 | |
CVE-2010-4701 | 7.6 |
Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote
|
19-09-2017 - 01:31 | 20-01-2011 - 19:00 | |
CVE-2010-4489 | 4.3 |
libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-4050 | 4.3 |
Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3820 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3773 | 6.8 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objec
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-4046 | 4.3 |
Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3803 | 9.3 |
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted str
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-4491 | 4.3 |
Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-4372 | 9.3 |
Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586.
|
19-09-2017 - 01:31 | 02-12-2010 - 16:22 | |
CVE-2010-3809 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execut
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-4483 | 4.3 |
Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-4150 | 5.0 |
Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via
|
19-09-2017 - 01:31 | 07-12-2010 - 22:00 | |
CVE-2010-3819 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3766 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node.
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-4043 | 4.3 |
Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3823 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3801 | 9.3 |
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.
|
19-09-2017 - 01:31 | 09-12-2010 - 20:00 | |
CVE-2010-4488 | 5.0 |
Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-4092 | 9.3 |
Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an
|
19-09-2017 - 01:31 | 05-11-2010 - 21:00 | |
CVE-2010-4049 | 4.3 |
Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3811 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3570 | 7.6 |
Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-5107 | 5.0 |
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodi
|
19-09-2017 - 01:31 | 07-03-2013 - 20:55 | |
CVE-2010-3555 | 9.3 |
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-4084 | 9.3 |
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, an
|
19-09-2017 - 01:31 | 29-10-2010 - 19:00 | |
CVE-2010-3812 | 9.3 |
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows re
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3777 | 9.3 |
Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3781 | 6.0 |
The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEF
|
19-09-2017 - 01:31 | 06-10-2010 - 21:00 | |
CVE-2010-3558 | 10.0 |
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-4373 | 4.3 |
The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file.
|
19-09-2017 - 01:31 | 02-12-2010 - 16:22 | |
CVE-2010-4037 | 4.3 |
Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-4486 | 9.3 |
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-4371 | 9.3 |
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
|
19-09-2017 - 01:31 | 02-12-2010 - 16:22 | |
CVE-2010-3818 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3810 | 4.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history vi
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3800 | 9.3 |
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.
|
19-09-2017 - 01:31 | 09-12-2010 - 20:00 | |
CVE-2010-3765 | 9.3 |
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related
|
19-09-2017 - 01:31 | 28-10-2010 - 00:00 | |
CVE-2010-4482 | 5.0 |
Unspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-4045 | 9.3 |
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3560 | 2.6 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-3183 | 9.3 |
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls tha
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3181 | 6.9 |
Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the c
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3552 | 10.0 |
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.oracle.com/technetwork
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-3399 | 5.8 |
The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which
|
19-09-2017 - 01:31 | 15-09-2010 - 20:00 | |
CVE-2010-3129 | 9.3 |
Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll,
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
CVE-2010-3174 | 9.3 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3173 | 7.5 |
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which m
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-2874 | 9.3 |
Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by th
|
19-09-2017 - 01:31 | 07-09-2010 - 18:00 | |
CVE-2010-3191 | 9.3 |
Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is locate
|
19-09-2017 - 01:31 | 31-08-2010 - 20:00 | |
CVE-2010-3180 | 9.3 |
Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessin
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3137 | 9.3 |
Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
CVE-2010-3124 | 9.3 |
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located i
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
CVE-2010-3106 | 9.3 |
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) vi
|
19-09-2017 - 01:31 | 23-08-2010 - 22:00 | |
CVE-2010-3001 | 9.3 |
Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser window
|
19-09-2017 - 01:31 | 30-08-2010 - 20:00 | |
CVE-2010-3143 | 9.3 |
Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .
|
19-09-2017 - 01:31 | 27-08-2010 - 19:00 | |
CVE-2010-2600 | 9.3 |
Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folde
|
19-09-2017 - 01:31 | 15-09-2010 - 18:00 | |
CVE-2010-2752 | 9.3 |
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Casc
|
19-09-2017 - 01:31 | 30-07-2010 - 20:30 | |
CVE-2010-3170 | 4.3 |
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-th
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3139 | 9.3 |
Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located i
|
19-09-2017 - 01:31 | 27-08-2010 - 19:00 | |
CVE-2010-3134 | 9.3 |
Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .k
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
CVE-2010-2875 | 9.3 |
Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie.
|
19-09-2017 - 01:31 | 26-08-2010 - 21:00 | |
CVE-2010-2993 | 5.0 |
The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
|
19-09-2017 - 01:31 | 13-08-2010 - 18:43 | |
CVE-2010-3136 | 9.3 |
Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .sk
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
CVE-2010-3474 | 5.0 |
IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these f
|
19-09-2017 - 01:31 | 20-09-2010 - 22:00 | |
CVE-2010-3433 | 6.0 |
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL use
|
19-09-2017 - 01:31 | 06-10-2010 - 17:00 | |
CVE-2010-2549 | 7.2 |
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUs
|
19-09-2017 - 01:31 | 02-07-2010 - 19:00 | |
CVE-2010-3142 | 9.3 |
Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder
|
19-09-2017 - 01:31 | 27-08-2010 - 19:00 | |
CVE-2010-3002 | 9.3 |
Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors.
|
19-09-2017 - 01:31 | 30-08-2010 - 20:00 | |
CVE-2010-2992 | 5.0 |
packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference.
|
19-09-2017 - 01:31 | 13-08-2010 - 18:43 | |
CVE-2010-2755 | 10.0 |
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via
|
19-09-2017 - 01:31 | 30-07-2010 - 13:26 | |
CVE-2010-3107 | 7.1 |
A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unsp
|
19-09-2017 - 01:31 | 23-08-2010 - 22:00 | |
CVE-2010-3105 | 9.3 |
The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this inform
|
19-09-2017 - 01:31 | 23-08-2010 - 22:00 | |
CVE-2010-3020 | 5.0 |
The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content.
|
19-09-2017 - 01:31 | 16-08-2010 - 18:39 | |
CVE-2010-3132 | 9.3 |
Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
CVE-2010-3126 | 9.3 |
Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
CVE-2010-3315 | 6.0 |
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, whi
|
19-09-2017 - 01:31 | 04-10-2010 - 21:00 | |
CVE-2010-3178 | 5.8 |
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window an
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3445 | 5.0 |
Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer derefe
|
19-09-2017 - 01:31 | 26-11-2010 - 19:00 | |
CVE-2010-3195 | 5.0 |
Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."
|
19-09-2017 - 01:31 | 31-08-2010 - 22:00 | |
CVE-2010-3140 | 9.3 |
Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll
|
19-09-2017 - 01:31 | 27-08-2010 - 19:00 | |
CVE-2010-3400 | 5.8 |
The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote at
|
19-09-2017 - 01:31 | 15-09-2010 - 20:00 | |
CVE-2010-3171 | 5.8 |
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attac
|
19-09-2017 - 01:31 | 15-09-2010 - 20:00 | |
CVE-2010-2995 | 10.0 |
The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.
|
19-09-2017 - 01:31 | 13-08-2010 - 18:43 | |
CVE-2010-3193 | 10.0 |
Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.
|
19-09-2017 - 01:31 | 31-08-2010 - 22:00 | |
CVE-2010-3133 | 9.3 |
Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
CVE-2010-3127 | 9.3 |
Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
CVE-2010-2863 | 10.0 |
Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:31 | 26-08-2010 - 21:00 | |
CVE-2010-2751 | 2.6 |
The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vecto
|
19-09-2017 - 01:31 | 30-07-2010 - 20:30 | |
CVE-2011-0168 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0124 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0111 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0122 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0113 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0078 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0077 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0117 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0076 | 7.5 |
Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors.
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0140 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0155 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0057 | 10.0 |
Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and gar
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0147 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0131 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0075 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0144 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0059 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugi
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0136 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0085 | 10.0 |
Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues t
|
19-09-2017 - 01:31 | 30-06-2011 - 16:55 | |
CVE-2011-0066 | 10.0 |
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0125 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0074 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0070 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory cor
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0146 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0134 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0116 | 7.6 |
Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0069 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory cor
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0148 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0164 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0129 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0126 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0151 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0127 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0114 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0165 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0120 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0143 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0112 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0139 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0083 | 10.0 |
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial
|
19-09-2017 - 01:31 | 30-06-2011 - 16:55 | |
CVE-2011-0152 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0123 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0055 | 10.0 |
Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to t
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0156 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0065 | 10.0 |
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0149 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0130 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0081 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possib
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0014 | 5.0 |
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake mes
|
19-09-2017 - 01:31 | 19-02-2011 - 01:00 | |
CVE-2011-0150 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0128 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0135 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0118 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0141 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0137 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0071 | 5.0 |
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load res
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0138 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0142 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0145 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0119 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0072 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0153 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0133 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denia
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0121 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2009-4764 | 9.3 |
Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document.
|
19-09-2017 - 01:30 | 05-04-2010 - 15:30 | |
CVE-2010-1780 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of servi
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1758 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1759 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1203 | 9.3 |
The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-1198 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-1807 | 9.3 |
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (applic
|
19-09-2017 - 01:30 | 10-09-2010 - 19:00 | |
CVE-2010-1786 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of servi
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1209 | 9.3 |
Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM no
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1771 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1414 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1400 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1384 | 4.3 |
Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to cond
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1141 | 8.5 |
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; V
|
19-09-2017 - 01:30 | 12-04-2010 - 18:30 | |
CVE-2010-1939 | 7.6 |
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which trigge
|
19-09-2017 - 01:30 | 13-05-2010 - 22:30 | |
CVE-2010-1211 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of se
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1422 | 4.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1412 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1212 | 9.3 |
js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via v
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1201 | 9.3 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-1416 | 4.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attacke
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1385 | 9.3 |
Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF d
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1234 | 7.5 |
Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors.
|
19-09-2017 - 01:30 | 01-04-2010 - 22:30 | |
CVE-2010-1143 | 4.3 |
Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
19-09-2017 - 01:30 | 07-05-2010 - 18:24 | |
CVE-2010-1121 | 10.0 |
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involv
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-1782 | 9.3 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applic
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1418 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC at
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1408 | 4.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, relate
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1503 | 4.3 |
Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI.
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
CVE-2010-1750 | 9.3 |
Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1207 | 4.3 |
Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node d
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1421 | 4.3 |
The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to m
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1389 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involvi
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1806 | 9.3 |
Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.
|
19-09-2017 - 01:30 | 10-09-2010 - 19:00 | |
CVE-2010-1241 | 9.3 |
Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupt
|
19-09-2017 - 01:30 | 05-04-2010 - 15:30 | |
CVE-2010-1805 | 6.9 |
Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been d
|
19-09-2017 - 01:30 | 10-09-2010 - 19:00 | |
CVE-2010-1504 | 4.3 |
Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
CVE-2010-1415 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash)
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1406 | 4.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remot
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1417 | 9.3 |
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory co
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1410 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1783 | 9.3 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbit
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1455 | 4.3 |
The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.
|
19-09-2017 - 01:30 | 12-05-2010 - 11:46 | |
CVE-2010-1761 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1778 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1419 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application cr
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1396 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1391 | 4.3 |
Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1188 | 7.1 |
Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is i
|
19-09-2017 - 01:30 | 31-03-2010 - 18:00 | |
CVE-2010-1137 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a vi
|
19-09-2017 - 01:30 | 01-04-2010 - 19:30 | |
CVE-2010-1785 | 9.3 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1774 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1768 | 6.9 |
Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.
|
19-09-2017 - 01:30 | 20-08-2010 - 20:00 | |
CVE-2010-1762 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a T
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1235 | 4.3 |
Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors.
|
19-09-2017 - 01:30 | 01-04-2010 - 22:30 | |
CVE-2010-1769 | 10.0 |
WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (appl
|
19-09-2017 - 01:30 | 18-06-2010 - 16:30 | |
CVE-2010-1405 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HT
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1395 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constru
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1399 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1394 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML docume
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1119 | 10.0 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of serv
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-1777 | 9.3 |
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.
|
19-09-2017 - 01:30 | 30-07-2010 - 13:26 | |
CVE-2010-1413 | 5.0 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information v
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1390 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper U
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1764 | 4.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1393 | 4.3 |
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1297 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a den
|
19-09-2017 - 01:30 | 08-06-2010 - 18:30 | |
CVE-2010-1206 | 4.3 |
The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the ab
|
19-09-2017 - 01:30 | 25-06-2010 - 19:30 | |
CVE-2010-1502 | 9.3 |
Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to "developer tools."
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
CVE-2010-1763 | 10.0 |
Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.
|
19-09-2017 - 01:30 | 18-06-2010 - 16:30 | |
CVE-2010-1214 | 9.3 |
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-0532 | 6.9 |
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. Per: http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.htm
|
19-09-2017 - 01:30 | 31-03-2010 - 18:30 | |
CVE-2010-0382 | 7.6 |
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to ha
|
19-09-2017 - 01:30 | 22-01-2010 - 22:00 | |
CVE-2010-0047 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." Per: http://lists.ap
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-0043 | 9.3 |
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. Per: http://lists.apple.com/archi
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-1122 | 10.0 |
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a d
|
19-09-2017 - 01:30 | 25-03-2010 - 22:30 | |
CVE-2010-0051 | 4.3 |
WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. Per: http://li
|
19-09-2017 - 01:30 | 15-03-2010 - 14:15 | |
CVE-2010-0531 | 4.3 |
Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.
|
19-09-2017 - 01:30 | 31-03-2010 - 18:30 | |
CVE-2010-0116 | 9.3 |
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow.
|
19-09-2017 - 01:30 | 30-08-2010 - 20:00 | |
CVE-2010-0097 | 4.3 |
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a f
|
19-09-2017 - 01:30 | 22-01-2010 - 22:00 | |
CVE-2010-0890 | 2.1 |
Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_01 through snv_98 allows local users to affect availability via unknown vectors related to the Kernel.
|
19-09-2017 - 01:30 | 13-04-2010 - 22:30 | |
CVE-2010-0045 | 9.3 |
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. Per: http://lists.apple.com/archives/security-announce/201
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-1028 | 9.3 |
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a b
|
19-09-2017 - 01:30 | 19-03-2010 - 21:30 | |
CVE-2010-0041 | 4.3 |
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafte
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-0042 | 4.3 |
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafte
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-0220 | 5.0 |
The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an acco
|
19-09-2017 - 01:30 | 07-01-2010 - 19:30 | |
CVE-2010-0046 | 9.3 |
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. Per: http://
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-0961 | 7.2 |
Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
|
19-09-2017 - 01:30 | 10-03-2010 - 22:30 | |
CVE-2010-0514 | 6.8 |
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.
|
19-09-2017 - 01:30 | 30-03-2010 - 18:30 | |
CVE-2010-0048 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. Per: http://lists.apple.com/archives/security-announce/
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-0655 | 9.3 |
Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window duri
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0172 | 4.3 |
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might a
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-0054 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements. Per: http://lists.apple.com/archives/secur
|
19-09-2017 - 01:30 | 15-03-2010 - 14:15 | |
CVE-2010-0882 | 7.2 |
Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_134 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Trusted Extensions.
|
19-09-2017 - 01:30 | 13-04-2010 - 22:30 | |
CVE-2010-0168 | 7.6 |
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-0544 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malforme
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-0379 | 9.3 |
Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not rela
|
19-09-2017 - 01:30 | 21-01-2010 - 23:30 | |
CVE-2010-0654 | 4.3 |
Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0188 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:30 | 22-02-2010 - 13:00 | |
CVE-2010-0189 | 9.3 |
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to
|
19-09-2017 - 01:30 | 23-02-2010 - 20:30 | |
CVE-2010-0518 | 6.8 |
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.
|
19-09-2017 - 01:30 | 30-03-2010 - 18:30 | |
CVE-2010-0648 | 4.3 |
Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the do
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0183 | 9.3 |
Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame con
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-0049 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. Per: http://lists.a
|
19-09-2017 - 01:30 | 15-03-2010 - 14:15 | |
CVE-2010-0060 | 6.8 |
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.
|
19-09-2017 - 01:30 | 30-03-2010 - 18:30 | |
CVE-2010-0053 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property. Pe
|
19-09-2017 - 01:30 | 15-03-2010 - 14:15 | |
CVE-2010-0120 | 9.3 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content.
|
19-09-2017 - 01:30 | 30-08-2010 - 20:00 | |
CVE-2010-0664 | 5.0 |
Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and appl
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0540 | 6.0 |
Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for
|
19-09-2017 - 01:30 | 17-06-2010 - 16:30 | |
CVE-2010-0527 | 9.3 |
Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Per: http://lists.apple.com/archives/security-announce/2010//Mar/
|
19-09-2017 - 01:30 | 31-03-2010 - 18:30 | |
CVE-2010-0891 | 5.8 |
Unspecified vulnerability in the Sun Management Center component in Oracle Sun Product Suite 3.6.1 and 4.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Solaris Container Manager.
|
19-09-2017 - 01:30 | 13-04-2010 - 22:30 | |
CVE-2010-0536 | 9.3 |
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image. Per: http://lists.apple.com/archives/security-announce/2010//Mar
|
19-09-2017 - 01:30 | 31-03-2010 - 18:30 | |
CVE-2010-0310 | 6.8 |
Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.
|
19-09-2017 - 01:30 | 14-01-2010 - 19:30 | |
CVE-2010-0040 | 9.3 |
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-0586 | 7.8 |
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Clie
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-0165 | 9.3 |
The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitr
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-0117 | 9.3 |
RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.
|
19-09-2017 - 01:30 | 30-08-2010 - 20:00 | |
CVE-2010-0515 | 6.8 |
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.
|
19-09-2017 - 01:30 | 30-03-2010 - 18:30 | |
CVE-2010-0170 | 4.3 |
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specifi
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-0052 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." Per: http://lists.apple.com/a
|
19-09-2017 - 01:30 | 15-03-2010 - 14:15 | |
CVE-2009-4311 | 9.3 |
Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE
|
19-09-2017 - 01:29 | 13-12-2009 - 01:30 | |
CVE-2009-4022 | 2.6 |
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS c
|
19-09-2017 - 01:29 | 25-11-2009 - 16:30 | |
CVE-2009-3987 | 7.8 |
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3981 | 9.3 |
Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3829 | 9.3 |
Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
|
19-09-2017 - 01:29 | 30-10-2009 - 20:30 | |
CVE-2009-4355 | 5.0 |
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to
|
19-09-2017 - 01:29 | 14-01-2010 - 19:30 | |
CVE-2009-3517 | 10.0 |
nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.
|
19-09-2017 - 01:29 | 01-10-2009 - 15:30 | |
CVE-2009-3375 | 4.3 |
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection fu
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-4378 | 4.3 |
The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."
|
19-09-2017 - 01:29 | 21-12-2009 - 21:30 | |
CVE-2009-3074 | 10.0 |
Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-2952 | 4.9 |
Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors.
|
19-09-2017 - 01:29 | 24-08-2009 - 15:30 | |
CVE-2009-3241 | 7.8 |
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
|
19-09-2017 - 01:29 | 18-09-2009 - 10:30 | |
CVE-2009-2912 | 4.9 |
The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.
|
19-09-2017 - 01:29 | 21-08-2009 - 11:02 | |
CVE-2009-2563 | 7.1 |
Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.
|
19-09-2017 - 01:29 | 21-07-2009 - 17:30 | |
CVE-2009-3371 | 10.0 |
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3984 | 6.8 |
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3983 | 6.8 |
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3797 | 9.3 |
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
|
19-09-2017 - 01:29 | 10-12-2009 - 19:30 | |
CVE-2009-2869 | 7.8 |
Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to cause a denial of service (device reload) via a crafted NTPv4 packet, aka Bug IDs CSCsu24505 and CSCsv75948.
|
19-09-2017 - 01:29 | 28-09-2009 - 19:30 | |
CVE-2009-2849 | 4.7 |
The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_sto
|
19-09-2017 - 01:29 | 18-08-2009 - 21:00 | |
CVE-2009-3070 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-4312 | 9.3 |
Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
|
19-09-2017 - 01:29 | 13-12-2009 - 01:30 | |
CVE-2009-3523 | 6.9 |
aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that
|
19-09-2017 - 01:29 | 01-10-2009 - 17:00 | |
CVE-2009-2867 | 7.8 |
Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA, when Zone-Based Policy Firewall SIP Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted SIP tr
|
19-09-2017 - 01:29 | 28-09-2009 - 19:30 | |
CVE-2009-3079 | 10.0 |
Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3985 | 6.8 |
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3516 | 7.2 |
gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.
|
19-09-2017 - 01:29 | 01-10-2009 - 15:30 | |
CVE-2009-3078 | 5.0 |
Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-2277 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."
|
19-09-2017 - 01:29 | 01-04-2010 - 19:30 | |
CVE-2009-3881 | 7.5 |
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak v
|
19-09-2017 - 01:29 | 09-11-2009 - 19:30 | |
CVE-2009-2905 | 4.6 |
Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
|
19-09-2017 - 01:29 | 29-09-2009 - 19:30 | |
CVE-2009-3071 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3464 | 9.3 |
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details
|
19-09-2017 - 01:29 | 04-11-2009 - 15:30 | |
CVE-2009-3016 | 4.3 |
Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contain
|
19-09-2017 - 01:29 | 31-08-2009 - 16:30 | |
CVE-2009-3988 | 5.0 |
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-s
|
19-09-2017 - 01:29 | 22-02-2010 - 13:00 | |
CVE-2009-3077 | 9.3 |
Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangl
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-2655 | 4.3 |
mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one a
|
19-09-2017 - 01:29 | 03-08-2009 - 14:30 | |
CVE-2009-2644 | 4.9 |
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds
|
19-09-2017 - 01:29 | 29-07-2009 - 17:30 | |
CVE-2009-2837 | 6.8 |
Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
|
19-09-2017 - 01:29 | 10-11-2009 - 19:30 | |
CVE-2009-2714 | 4.9 |
Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors.
|
19-09-2017 - 01:29 | 07-08-2009 - 19:00 | |
CVE-2009-2562 | 5.0 |
Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
|
19-09-2017 - 01:29 | 21-07-2009 - 17:30 | |
CVE-2009-3073 | 10.0 |
Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-2711 | 4.9 |
XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed
|
19-09-2017 - 01:29 | 07-08-2009 - 19:00 | |
CVE-2009-3899 | 7.8 |
Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
|
19-09-2017 - 01:29 | 06-11-2009 - 15:30 | |
CVE-2009-2842 | 4.3 |
Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.
|
19-09-2017 - 01:29 | 13-11-2009 - 15:30 | |
CVE-2009-2972 | 7.8 |
in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors that trigger a "fork()/exec() bomb."
|
19-09-2017 - 01:29 | 27-08-2009 - 17:30 | |
CVE-2009-3465 | 9.3 |
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details
|
19-09-2017 - 01:29 | 04-11-2009 - 15:30 | |
CVE-2009-2817 | 9.3 |
Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.
|
19-09-2017 - 01:29 | 24-09-2009 - 18:30 | |
CVE-2009-2695 | 7.2 |
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the
|
19-09-2017 - 01:29 | 28-08-2009 - 15:30 | |
CVE-2009-2488 | 4.9 |
Unspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10, and OpenSolaris snv_102 through snv_119, allows local users to cause a denial of service (client panic) via vectors involving "file operations."
|
19-09-2017 - 01:29 | 16-07-2009 - 16:30 | |
CVE-2009-3986 | 7.6 |
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3242 | 5.0 |
Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers a
|
19-09-2017 - 01:29 | 18-09-2009 - 10:30 | |
CVE-2009-3235 | 7.5 |
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via
|
19-09-2017 - 01:29 | 17-09-2009 - 10:30 | |
CVE-2009-3374 | 7.5 |
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote w
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3549 | 5.0 |
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.
|
19-09-2017 - 01:29 | 30-10-2009 - 20:30 | |
CVE-2009-3286 | 4.6 |
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privi
|
19-09-2017 - 01:29 | 22-09-2009 - 10:30 | |
CVE-2009-3072 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and ap
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-2486 | 7.8 |
Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets.
|
19-09-2017 - 01:29 | 16-07-2009 - 16:30 | |
CVE-2009-3524 | 7.2 |
Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.
|
19-09-2017 - 01:29 | 01-10-2009 - 17:00 | |
CVE-2009-3466 | 9.3 |
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from thir
|
19-09-2017 - 01:29 | 04-11-2009 - 15:30 | |
CVE-2009-3243 | 5.0 |
Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.
|
19-09-2017 - 01:29 | 18-09-2009 - 10:30 | |
CVE-2009-3851 | 7.2 |
Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended
|
19-09-2017 - 01:29 | 03-11-2009 - 16:30 | |
CVE-2009-3069 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3736 | 6.9 |
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a T
|
19-09-2017 - 01:29 | 29-11-2009 - 13:07 | |
CVE-2009-3389 | 9.3 |
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a vid
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3076 | 9.3 |
Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbit
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3003 | 4.3 |
Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web pa
|
19-09-2017 - 01:29 | 28-08-2009 - 15:30 | |
CVE-2009-3006 | 4.3 |
Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, whi
|
19-09-2017 - 01:29 | 28-08-2009 - 15:30 | |
CVE-2009-2561 | 5.0 |
Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors.
|
19-09-2017 - 01:29 | 21-07-2009 - 17:30 | |
CVE-2009-2475 | 7.8 |
Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQue
|
19-09-2017 - 01:29 | 10-08-2009 - 18:30 | |
CVE-2009-2487 | 7.8 |
Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors.
|
19-09-2017 - 01:29 | 16-07-2009 - 16:30 | |
CVE-2009-3463 | 9.3 |
Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information.
|
19-09-2017 - 01:29 | 04-11-2009 - 15:30 | |
CVE-2009-2697 | 6.8 |
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different
|
19-09-2017 - 01:29 | 04-09-2009 - 20:30 |