Total
29099 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3402 | 1 Ultraedit | 1 Ultraedit | 2024-09-17 | N/A |
| Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file. | ||||
| CVE-2011-5156 | 1 Sowsoft | 1 Effective File Search | 2024-09-17 | N/A |
| Untrusted search path vulnerability in Effective File Search 6.7 allows local users to gain privileges via a Trojan horse ztvunrar36.dll file in the current working directory, as demonstrated by a directory that contains a .efs file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2022-28244 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-17 | 6.3 Medium |
| Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a violation of secure design principles through bypassing the content security policy, which could result in an attacker sending arbitrarily configured requests to the cross-origin attack target domain. Exploitation requires user interaction in which the victim needs to access a crafted PDF file on an attacker's server. | ||||
| CVE-2004-2575 | 1 Phpgroupware | 1 Phpgroupware | 2024-09-17 | N/A |
| phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message. | ||||
| CVE-2021-38900 | 1 Ibm | 3 Business Automation Workflow, Business Process Manager, Workflow Process Service | 2024-09-17 | 6.5 Medium |
| IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607. | ||||
| CVE-2003-1338 | 1 Aprelium Technologies | 1 Abyss Web Server | 2024-09-17 | N/A |
| CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header. | ||||
| CVE-2006-0544 | 1 Microsoft | 1 Ie | 2024-09-17 | N/A |
| urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters. | ||||
| CVE-2002-1853 | 1 Carlos Sanchez Valle | 1 Mynewsgroups | 2024-09-17 | N/A |
| Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the subject of a newsgroup post, which is not properly handled by (1) myarticles.php, (2) search.php, (3) stats.php, or (4) standard.lib.php. | ||||
| CVE-2005-2808 | 1 Frox | 1 Frox | 2024-09-17 | N/A |
| frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, which might allow attackers to bypass intended restrictions and access blocked hosts. | ||||
| CVE-2005-0745 | 1 Utstarcom | 1 Ian-02ex Voip Ata | 2024-09-17 | N/A |
| UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local users to bypass ATA access restrictions by dialing "*#26845#" and causing a device reset. | ||||
| CVE-2005-4645 | 1 3cfr | 1 3cfr | 2024-09-17 | N/A |
| SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL commands via the LangueID parameter. | ||||
| CVE-2010-3355 | 1 Erik Hjortsberg | 1 Ember | 2024-09-17 | N/A |
| Ember 0.5.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||||
| CVE-2002-2059 | 1 Intel | 4 D845bg Motherboard, D845hv Motherboard, D845pt Motherboard and 1 more | 2024-09-17 | N/A |
| BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not properly restrict access to configuration information when BIOS passwords are enabled, which could allow local users to change the default boot device via the F8 key. | ||||
| CVE-2002-2183 | 1 Phpshare | 1 Phpshare | 2024-09-17 | N/A |
| phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to include and execute arbitrary PHP scripts from remote servers. | ||||
| CVE-2006-3413 | 1 Tor | 1 Tor | 2024-09-17 | N/A |
| The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information. | ||||
| CVE-2005-1716 | 1 Ej3 | 1 Topo | 2024-09-17 | N/A |
| TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses. | ||||
| CVE-2002-2170 | 1 Working Resources Inc. | 1 Badblue | 2024-09-17 | N/A |
| Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared. | ||||
| CVE-2003-1258 | 1 Versatilebulletinboard | 1 Versatilebulletinboard | 2024-09-17 | N/A |
| activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid. | ||||
| CVE-2001-1542 | 1 Network Associates | 1 Webshield Smtp | 2024-09-17 | N/A |
| NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments. | ||||
| CVE-2010-4551 | 1 Ibm | 1 Lotus Notes Traveler | 2024-09-17 | N/A |
| IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation. | ||||