CWE:
 

Topic
Date
Author
Med.
WordPress 3.6.1 PHP unserialization & Open Redirect & Privilege Escalation
12.09.2013
Andrew Nacin
Low
SmartSniff DLL Hijacking Exploit (wpcap.dll)
17.09.2012
anT!-Tr0J4n
Low
SEasyOfficeRecovery DLL Hijacking Exploit (dwmapi.dll)
17.09.2012
anT!-Tr0J4n
Med.
Google Chrome pkcs11.txt File Planting
03.11.2011
acros
Med.
VMware ESXi and ESX updates to third party libraries and ESX Service Console
26.10.2011
VMware Security Team
Med.
ibm db2 9.7 Exploiting the linker
26.10.2011
Tim Brown
High
linux kernel 2.6.39 cred->user_ns in key_replace_session_keyring
13.09.2011
Robert Swiecki
Low
linux kernel 2.6.38 related to O_DIRECT crash
07.09.2011
Ben Greear
Med.
multiple functions null pointer dereference uppon parameters injection
16.05.2011
Advisories Toucan-Syst...
High
kadmind invalid pointer free()
18.04.2011
Tom Yu
Low
libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)
18.03.2011
Maksymilian Arciemowic...
Med.
Plaintext injection in STARTTLS (multiple implementations)
18.03.2011
Wietse Venema
Med.
RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability
22.02.2011
Eduardo
Med.
PHP 5.3.5 grapheme_extract() NULL Pointer Dereference
17.02.2011
Maksymilian Arciemowic...
Med.
KDC denial of service attacks
12.02.2011
Tom Yu
Low
Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel
22.01.2011
th_decoder 126 com
High
Multiple Vendors (Internet Explorer, Mozilla etc) remote code execution
12.01.2011
Michal Zalewski
High
ImgBurn 2.4.0.0 DLL Hijack
06.01.2011
d3c0der
Med.
Apache Insecure mod_rewrite PCRE Resource Exhaustion
21.12.2010
Maksymilian Arciemowic...
Med.
Orbis CMS 1.0.2 Arbitrary File Upload Vulnerability
07.12.2010
Mark Stanislav
Med.
Vtiger CRM 5.2.0 Multiple Vulnerabilities
30.11.2010
ascii
High
Linux Kernel \'sctp_outq_flush()\' Denial of Service Vulnerability
25.11.2010
Thomas Dreibholz
Med.
Mono \'loader.c\' Library Loading Local Privilege Escalation Vulnerability
20.11.2010
Richard Brooksby
Med.
VideoCharge Studio DLL Hijacking Exploit (dwmapi.dll , quserex.dll )
23.09.2010
anT!-Tr0J4n
Low
Microsoft Word 2003 MSO Null Pointer Dereference Vulnerability
22.09.2010
Aditya K Sood
High
PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability
17.09.2010
YGN Ethical Hacker Gro...
Med.
Tortoise SVN 1.6.10 build 19898 the Windows DLL hijacking vulnerability.
01.09.2010
Nikhil Mittal
High
TeamViewer <= 5.0.8703 DLL Hijacking Exploit (dwmapi.dll)
27.08.2010
glafkos astalavista co...
High
Remote Binary Planting in Apple iTunes for Windows
24.08.2010
Mitja Kolsek
Med.
OpenSSL \"ssl3_get_key_exchange()\" Use-after-free Vulnerability
20.08.2010
Georgi Guninski
Low
LibTIFF \'td_stripbytecount\' NULL Pointer Dereference Remote Denial of Service
10.08.2010
Tomas Hoger
Med.
KVIrc Failed DCC Handshake Notification Command Injection Vulnerability
04.08.2010
unic0rn
Med.
[Apache HTTP Server 2.2.16 Released multiple vulnerabilities
30.07.2010
Paul Querna &lt;pquern...
Med.
Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Vulnerability
05.07.2010
hushmail
Med.
TCExam 10.1.007 Arbitrary Upload
07.06.2010
Jjohn Leitch
Med.
GSS-API lib null pointer deref
24.05.2010
Tom Yu
Med.
IBM Datapower XS40 Denial of Service
03.05.2010
Erik
Med.
e107 Avatar/Photograph Image File Upload Vulnerability
22.04.2010
Secunia Research
Med.
Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities
19.04.2010
vendor
Med.
Lexmark Multiple Laser printer FTP Remote Denial of Services
26.03.2010
Francis Provencher
Med.
Safari 4.0.4 (531.21.10) - Stack Overflow/run
07.03.2010
John Cobb
High
DATEV ActiveX Control remote command execution
02.03.2010
NSO Research
Med.
Linux Kernel 64bit Personality Handling Local Denial of Service Vulnerability
19.02.2010
Mathias Krause
Med.
PHP 5.2.12/5.3.1 session.save_path safe_mode and open_basedir bypass
12.02.2010
Grzegorz Stachowiak
High
Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities
07.02.2010
Core
Med.
Windows Live Messenger 2009 ActiveX DoS Vulnerability
14.01.2010
hackattack
Med.
Cherokee Web Server 0.5.4 Denial Of Service
08.01.2010
usman
Med.
Zen Cart local file disclosure vulnerability
16.12.2009
Bogdan Calin
Med.
Cisco VPN Client Integer overflow (DOS) Proof Of Concept Code
03.12.2009
alt3kx
Med.
RTP s800i 1.3.0.4 Remote Crash Vulnerability
03.12.2009
Asterisk Security Team
Med.
PHP 5.3.0 \"multipart/form-data\" denial of service
27.11.2009
Bogdan Calin
Low
OpenX 2.8.1 remote code execution
26.11.2009
null
Low
Xerver 4.32 HTTP response splitting vulnerability
24.11.2009
sasquatch
Low
XM Easy Personal FTP Serve Remote Denial of Service Vulnerability
24.11.2009
zhangmc
Med.
DoS vulnerability in Internet Explorer
20.11.2009
MustLive
Med.
DoS vulnerability in Internet Explorer
18.11.2009
MustLive
High
Windows 7 and Windows Server 2008 remote dos
17.11.2009
Laurent Gaffi
Med.
Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation
04.11.2009
Tavis Ormandy & and Ju...
Low
SharePoint 2007 ASP.NET Source Code Disclosure
03.11.2009
Daniel Martin
Med.
Snort 2.8.5.1 multiple vulnerabilities
30.10.2009
Laurent Gaffi
Low
GPG2/Kleopatra 2.0.11 - Malformed Certificate Crash PoC
29.10.2009
Dr_IDE
Med.
Websense Email Security v7.1 Web Administrator DoS
24.10.2009
NSO Research
High
PHP 5.2.11 libgd multiple vulnerabilities
22.10.2009
Tomas Hoger
Med.
Innovation Data Processing FDR Port Scan DoS
21.10.2009
Anonymous
Low
Missing initializations in dumped data
21.10.2009
Patrick McHardy & Davi...
High
Piwik Build 1357 2009-08-02 remote file upload vulnerability
20.10.2009
Braeden Thomas
Med.
ZoIPer v2.22 Call-Info Remote Denial Of Service
19.10.2009
Tomer Bitton
Med.
FileCOPA FTP Server Version 5.01 Remote DoS Exploit
12.10.2009
null
Low
OpenBSD patch: XMM exceptions incorrectly handled in i386 kernel
08.10.2009
Slava Pestov
Med.
XM Easy Personal FTP server 5.8 remote denial of service
03.10.2009
PLATEN
Med.
Half-Life CSTRIKE Server 1.6 Denial of Service Exploit (no-steam)
16.09.2009
Maxim Suhanov
Med.
Telephone Directory 2008 Arbitrary Delete Contact Exploit
08.09.2009
Stack
Med.
Eye-Fi 1.1.2 Multiple Vulnerabilities
02.09.2009
Seth Fogie (seth airsc...
High
MS Windows 2003 (EOT File) BSOD Crash Exploit
02.09.2009
webDEViL
Med.
Google Chrome Browser 0.2.149.27 Inspect Element DoS Exploit
25.08.2009
Metacortex
Med.
fhttpd 0.4.2 un64() Remote Denial of Service Exploit
24.08.2009
Jeremy Brown
Med.
aspWebAlbum 3.2 (Upload/SQL/XSS) Multiple Remote Vulnerabilities
20.08.2009
null
Med.
MS Internet Explorer 8.0.7100.0 Simple HTML Remote Crash PoC
17.08.2009
schnuddelbuddel
High
Chilkat Socket activex 2.3.1.1 Remote Arbitrary File Creation Exploit
14.08.2009
Underz0ne Crew
High
Exodus 0.10 (uri handler) Arbitrary Parameter Injection Exploit
13.08.2009
Nine:Situations:Group:...
Med.
BGP 4-byte ASN bug fixes
08.05.2009
Chris Caputo
Med.
FlexCell Grid Control 5.6.9 Remote File Overwrite Exploit
31.01.2009
Houssamix
Med.
Siemens C450IP/C475IP DoS
25.11.2008
Martin Kluge
High
db Software Laboratory VImpX (VImpX.ocx) Multiple Vulnerabilities
29.10.2008
shinnai
High
Peachtree Accounting 2004 (PAWWeb11.ocx) ActiveX Insecure Method
23.10.2008
Jeremy Brown
High
Chilkat FTP ActiveX 2.0 (ChilkatCert.dll) Insecure Method Exploit
21.10.2008
darkl0rd
High
Macrovision FlexNet isusweb.dll DownloadAndExecute Method Exploit
19.10.2008
e.b.
Med.
Chilkat Mail ActiveX 7.8 (ChilkatCert.dll) Insecure Method Exploit
19.10.2008
anon
High
Macrovision FlexNet DownloadManager Insecure Methods Exploit
18.10.2008
e.b.
High
sctp: fix potential panics in the SCTP-AUTH API.
04.09.2008
Vlad Yasevich
High
Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities
28.06.2008
BugReport.ir
Med.
Server freezed in Skulltag 0.97d2-RC2
17.06.2008
Luigi Auriemma
Med.
Nucleus CMS <= 3.22 arbitrary remote inclusion
27.05.2006
rgod


CVEMAP Search Results

CVE
Details
Description
2020-05-13
Medium
CVE-2020-1994

Vendor: Paloaltonetworks
Software: Pan-os
 

 
A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7.

 
High
CVE-2020-2003

Vendor: Paloaltonetworks
Software: Pan-os
 

 
An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1.

 
2020-05-12
Medium
CVE-2020-5898

Vendor: F5
Software: Big-ip acces...
 

 
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash.

 
2020-05-11
Medium
CVE-2020-9840

Vendor: Apple
Software: Nioextras
 

 
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.

 
2020-05-07
Medium
CVE-2019-18869

Vendor: Blaauwproducts
Software: Remote kiln ...
 

 
Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17.

 
2020-05-06
Medium
CVE-2020-2185

Vendor: Jenkins
Software: Amazon ec2
 

 
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.

 
Medium
CVE-2020-3253

Vendor: Cisco
Software: Firepower th...
 

 
A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by enabling the support tunnel, setting a key, and deriving the tunnel password. A successful exploit could allow the attacker to run any system command with root access on an affected device.

 
2020-05-04
Medium
CVE-2020-10933

Updating...
 

 
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.

 
2020-04-29
Medium
CVE-2020-12468

Vendor: Intelliants
Software: Subrion
 

 
Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/.

 
2020-04-27
Medium
CVE-2018-21094

Updating...
 

 
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top