CWE:
 

Topic
Date
Author
Med.
WordPress 3.6.1 PHP unserialization & Open Redirect & Privilege Escalation
12.09.2013
Andrew Nacin
Low
SmartSniff DLL Hijacking Exploit (wpcap.dll)
17.09.2012
anT!-Tr0J4n
Low
SEasyOfficeRecovery DLL Hijacking Exploit (dwmapi.dll)
17.09.2012
anT!-Tr0J4n
Med.
Google Chrome pkcs11.txt File Planting
03.11.2011
acros
Med.
VMware ESXi and ESX updates to third party libraries and ESX Service Console
26.10.2011
VMware Security Team
Med.
ibm db2 9.7 Exploiting the linker
26.10.2011
Tim Brown
High
linux kernel 2.6.39 cred->user_ns in key_replace_session_keyring
13.09.2011
Robert Swiecki
Low
linux kernel 2.6.38 related to O_DIRECT crash
07.09.2011
Ben Greear
Med.
multiple functions null pointer dereference uppon parameters injection
16.05.2011
Advisories Toucan-Syst...
High
kadmind invalid pointer free()
18.04.2011
Tom Yu
Low
libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)
18.03.2011
Maksymilian Arciemowic...
Med.
Plaintext injection in STARTTLS (multiple implementations)
18.03.2011
Wietse Venema
Med.
RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability
22.02.2011
Eduardo
Med.
PHP 5.3.5 grapheme_extract() NULL Pointer Dereference
17.02.2011
Maksymilian Arciemowic...
Med.
KDC denial of service attacks
12.02.2011
Tom Yu
Low
Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel
22.01.2011
th_decoder 126 com
High
Multiple Vendors (Internet Explorer, Mozilla etc) remote code execution
12.01.2011
Michal Zalewski
High
ImgBurn 2.4.0.0 DLL Hijack
06.01.2011
d3c0der
Med.
Apache Insecure mod_rewrite PCRE Resource Exhaustion
21.12.2010
Maksymilian Arciemowic...
Med.
Orbis CMS 1.0.2 Arbitrary File Upload Vulnerability
07.12.2010
Mark Stanislav
Med.
Vtiger CRM 5.2.0 Multiple Vulnerabilities
30.11.2010
ascii
High
Linux Kernel \'sctp_outq_flush()\' Denial of Service Vulnerability
25.11.2010
Thomas Dreibholz
Med.
Mono \'loader.c\' Library Loading Local Privilege Escalation Vulnerability
20.11.2010
Richard Brooksby
Med.
VideoCharge Studio DLL Hijacking Exploit (dwmapi.dll , quserex.dll )
23.09.2010
anT!-Tr0J4n
Low
Microsoft Word 2003 MSO Null Pointer Dereference Vulnerability
22.09.2010
Aditya K Sood
High
PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability
17.09.2010
YGN Ethical Hacker Gro...
Med.
Tortoise SVN 1.6.10 build 19898 the Windows DLL hijacking vulnerability.
01.09.2010
Nikhil Mittal
High
TeamViewer <= 5.0.8703 DLL Hijacking Exploit (dwmapi.dll)
27.08.2010
glafkos astalavista co...
High
Remote Binary Planting in Apple iTunes for Windows
24.08.2010
Mitja Kolsek
Med.
OpenSSL \"ssl3_get_key_exchange()\" Use-after-free Vulnerability
20.08.2010
Georgi Guninski
Low
LibTIFF \'td_stripbytecount\' NULL Pointer Dereference Remote Denial of Service
10.08.2010
Tomas Hoger
Med.
KVIrc Failed DCC Handshake Notification Command Injection Vulnerability
04.08.2010
unic0rn
Med.
[Apache HTTP Server 2.2.16 Released multiple vulnerabilities
30.07.2010
Paul Querna &lt;pquern...
Med.
Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Vulnerability
05.07.2010
hushmail
Med.
TCExam 10.1.007 Arbitrary Upload
07.06.2010
Jjohn Leitch
Med.
GSS-API lib null pointer deref
24.05.2010
Tom Yu
Med.
IBM Datapower XS40 Denial of Service
03.05.2010
Erik
Med.
e107 Avatar/Photograph Image File Upload Vulnerability
22.04.2010
Secunia Research
Med.
Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities
19.04.2010
vendor
Med.
Lexmark Multiple Laser printer FTP Remote Denial of Services
26.03.2010
Francis Provencher
Med.
Safari 4.0.4 (531.21.10) - Stack Overflow/run
07.03.2010
John Cobb
High
DATEV ActiveX Control remote command execution
02.03.2010
NSO Research
Med.
Linux Kernel 64bit Personality Handling Local Denial of Service Vulnerability
19.02.2010
Mathias Krause
Med.
PHP 5.2.12/5.3.1 session.save_path safe_mode and open_basedir bypass
12.02.2010
Grzegorz Stachowiak
High
Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities
07.02.2010
Core
Med.
Windows Live Messenger 2009 ActiveX DoS Vulnerability
14.01.2010
hackattack
Med.
Cherokee Web Server 0.5.4 Denial Of Service
08.01.2010
usman
Med.
Zen Cart local file disclosure vulnerability
16.12.2009
Bogdan Calin
Med.
Cisco VPN Client Integer overflow (DOS) Proof Of Concept Code
03.12.2009
alt3kx
Med.
RTP s800i 1.3.0.4 Remote Crash Vulnerability
03.12.2009
Asterisk Security Team
Med.
PHP 5.3.0 \"multipart/form-data\" denial of service
27.11.2009
Bogdan Calin
Low
OpenX 2.8.1 remote code execution
26.11.2009
null
Low
Xerver 4.32 HTTP response splitting vulnerability
24.11.2009
sasquatch
Low
XM Easy Personal FTP Serve Remote Denial of Service Vulnerability
24.11.2009
zhangmc
Med.
DoS vulnerability in Internet Explorer
20.11.2009
MustLive
Med.
DoS vulnerability in Internet Explorer
18.11.2009
MustLive
High
Windows 7 and Windows Server 2008 remote dos
17.11.2009
Laurent Gaffi
Med.
Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation
04.11.2009
Tavis Ormandy & and Ju...
Low
SharePoint 2007 ASP.NET Source Code Disclosure
03.11.2009
Daniel Martin
Med.
Snort 2.8.5.1 multiple vulnerabilities
30.10.2009
Laurent Gaffi
Low
GPG2/Kleopatra 2.0.11 - Malformed Certificate Crash PoC
29.10.2009
Dr_IDE
Med.
Websense Email Security v7.1 Web Administrator DoS
24.10.2009
NSO Research
High
PHP 5.2.11 libgd multiple vulnerabilities
22.10.2009
Tomas Hoger
Med.
Innovation Data Processing FDR Port Scan DoS
21.10.2009
Anonymous
Low
Missing initializations in dumped data
21.10.2009
Patrick McHardy & Davi...
High
Piwik Build 1357 2009-08-02 remote file upload vulnerability
20.10.2009
Braeden Thomas
Med.
ZoIPer v2.22 Call-Info Remote Denial Of Service
19.10.2009
Tomer Bitton
Med.
FileCOPA FTP Server Version 5.01 Remote DoS Exploit
12.10.2009
null
Low
OpenBSD patch: XMM exceptions incorrectly handled in i386 kernel
08.10.2009
Slava Pestov
Med.
XM Easy Personal FTP server 5.8 remote denial of service
03.10.2009
PLATEN
Med.
Half-Life CSTRIKE Server 1.6 Denial of Service Exploit (no-steam)
16.09.2009
Maxim Suhanov
Med.
Telephone Directory 2008 Arbitrary Delete Contact Exploit
08.09.2009
Stack
Med.
Eye-Fi 1.1.2 Multiple Vulnerabilities
02.09.2009
Seth Fogie (seth airsc...
High
MS Windows 2003 (EOT File) BSOD Crash Exploit
02.09.2009
webDEViL
Med.
Google Chrome Browser 0.2.149.27 Inspect Element DoS Exploit
25.08.2009
Metacortex
Med.
fhttpd 0.4.2 un64() Remote Denial of Service Exploit
24.08.2009
Jeremy Brown
Med.
aspWebAlbum 3.2 (Upload/SQL/XSS) Multiple Remote Vulnerabilities
20.08.2009
null
Med.
MS Internet Explorer 8.0.7100.0 Simple HTML Remote Crash PoC
17.08.2009
schnuddelbuddel
High
Chilkat Socket activex 2.3.1.1 Remote Arbitrary File Creation Exploit
14.08.2009
Underz0ne Crew
High
Exodus 0.10 (uri handler) Arbitrary Parameter Injection Exploit
13.08.2009
Nine:Situations:Group:...
Med.
BGP 4-byte ASN bug fixes
08.05.2009
Chris Caputo
Med.
FlexCell Grid Control 5.6.9 Remote File Overwrite Exploit
31.01.2009
Houssamix
Med.
Siemens C450IP/C475IP DoS
25.11.2008
Martin Kluge
High
db Software Laboratory VImpX (VImpX.ocx) Multiple Vulnerabilities
29.10.2008
shinnai
High
Peachtree Accounting 2004 (PAWWeb11.ocx) ActiveX Insecure Method
23.10.2008
Jeremy Brown
High
Chilkat FTP ActiveX 2.0 (ChilkatCert.dll) Insecure Method Exploit
21.10.2008
darkl0rd
High
Macrovision FlexNet isusweb.dll DownloadAndExecute Method Exploit
19.10.2008
e.b.
Med.
Chilkat Mail ActiveX 7.8 (ChilkatCert.dll) Insecure Method Exploit
19.10.2008
anon
High
Macrovision FlexNet DownloadManager Insecure Methods Exploit
18.10.2008
e.b.
High
sctp: fix potential panics in the SCTP-AUTH API.
04.09.2008
Vlad Yasevich
High
Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities
28.06.2008
BugReport.ir
Med.
Server freezed in Skulltag 0.97d2-RC2
17.06.2008
Luigi Auriemma
Med.
Nucleus CMS <= 3.22 arbitrary remote inclusion
27.05.2006
rgod


CVEMAP Search Results

CVE
Details
Description
2021-10-07
Low
CVE-2021-41115

Vendor: Zulip
Software: Zulip
 

 
Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a quadratic-time regular expression in a linkifier, and sending messages that exploited it. A regular expression attempted to parse the user-provided regexes to verify that they were safe from ReDoS -- this was both insufficient, as well as _itself_ subject to ReDoS if the organization administrator entered a sufficiently complex invalid regex. Affected users should [upgrade to the just-released Zulip 4.7](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release), or [`main`](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository).

 
2021-10-06
Medium
CVE-2021-0683

Vendor: Google
Software: Android
 

 
In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-185398942

 
Low
CVE-2021-34782

Vendor: Cisco
Software: Dna center
 

 
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application.

 
2021-10-05
Medium
CVE-2021-3436

Vendor: Zephyrproject
Software: Zephyr
 

 
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63

 
2021-10-04
Low
CVE-2021-41530

Vendor: Forcepoint
Software: Next generat...
 

 
Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured.

 
Medium
CVE-2021-39433

Vendor: BIQS
Software: Biqsdrive
 

 
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.

 
2021-09-29
Medium
CVE-2021-23446

Vendor: Handsontable
Software: Handsontable
 

 
The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function.

 
2021-09-25
Low
CVE-2021-21742

Vendor: ZTE
Software: Axon 30 pro ...
 

 
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.

 
2021-09-02
Medium
CVE-2021-38314

Vendor: Redux
Software: Gutenberg te...
 

 

 
2021-09-01
Medium
CVE-2021-23426

Vendor: Proto project
Software: Proto
 

 
This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top