Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4897 | 1 Vmware | 1 Movie Decoder | 2025-04-11 | N/A |
| Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory. | ||||
| CVE-2012-4936 | 1 Patterninsight | 1 Pattern Insight | 2025-04-11 | N/A |
| The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element. | ||||
| CVE-2012-4944 | 1 Agilefleet | 2 Fleetcommander, Fleetcommander Kiosk | 2025-04-11 | N/A |
| Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary code by uploading a file via an unspecified page. | ||||
| CVE-2012-5609 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. | ||||
| CVE-2012-5769 | 1 Ibm | 1 Spss Modeler | 2025-04-11 | N/A |
| IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. | ||||
| CVE-2012-5875 | 1 Fireflymediaserver | 1 Firefly Media Server | 2025-04-11 | N/A |
| Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version. | ||||
| CVE-2013-0075 | 1 Microsoft | 6 Windows 7, Windows 8, Windows Rt and 3 more | 2025-04-11 | N/A |
| The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." | ||||
| CVE-2013-0133 | 1 Parallels | 1 Parallels Plesk Panel | 2025-04-11 | N/A |
| Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable. | ||||
| CVE-2013-0138 | 1 Bitberry Software | 1 Bitzipper | 2025-04-11 | N/A |
| BitZipper 2013 before Update 1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ZIP archive. | ||||
| CVE-2013-0167 | 1 Redhat | 3 Enterprise Linux, Enterprise Virtualization, Rhev Manager | 2025-04-11 | N/A |
| VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." | ||||
| CVE-2013-0235 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue. | ||||
| CVE-2013-1610 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2025-04-11 | N/A |
| Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory. | ||||
| CVE-2013-4154 | 1 Redhat | 1 Libvirt | 2025-04-11 | N/A |
| The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command. | ||||
| CVE-2013-4160 | 1 Littlecms | 1 Little Cms Color Engine | 2025-04-11 | N/A |
| Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed. | ||||
| CVE-2013-4898 | 2 Socialengine, Webhive | 2 Socialengine, Timeline | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/. | ||||
| CVE-2013-4949 | 1 Machform | 1 Machform | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/. | ||||
| CVE-2013-6722 | 1 Ibm | 1 Websphere Portal | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors. | ||||
| CVE-2013-6800 | 2 Mit, Redhat | 3 Kerberos, Kerberos 5, Enterprise Linux | 2025-04-11 | N/A |
| An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418. | ||||
| CVE-2014-0979 | 2 Lightdm Gtk\+ Greeter Project, Opensuse | 2 Lightdm Gtk\+ Greeter, Opensuse | 2025-04-11 | N/A |
| The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username. | ||||
| CVE-2014-1207 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | N/A |
| VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic. | ||||