CWE:
 

Tytuł
Data
Autor
Med.
WordPress 3.6.1 PHP unserialization & Open Redirect & Privilege Escalation
12.09.2013
Andrew Nacin
Low
SmartSniff DLL Hijacking Exploit (wpcap.dll)
17.09.2012
anT!-Tr0J4n
Low
SEasyOfficeRecovery DLL Hijacking Exploit (dwmapi.dll)
17.09.2012
anT!-Tr0J4n
Med.
Google Chrome pkcs11.txt File Planting
03.11.2011
acros
Med.
VMware ESXi and ESX updates to third party libraries and ESX Service Console
26.10.2011
VMware Security Team
Med.
ibm db2 9.7 Exploiting the linker
26.10.2011
Tim Brown
High
linux kernel 2.6.39 cred->user_ns in key_replace_session_keyring
13.09.2011
Robert Swiecki
Low
linux kernel 2.6.38 related to O_DIRECT crash
07.09.2011
Ben Greear
Med.
multiple functions null pointer dereference uppon parameters injection
16.05.2011
Advisories Toucan-Syst...
High
kadmind invalid pointer free()
18.04.2011
Tom Yu
Low
libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)
18.03.2011
Maksymilian Arciemowic...
Med.
Plaintext injection in STARTTLS (multiple implementations)
18.03.2011
Wietse Venema
Med.
RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability
22.02.2011
Eduardo
Med.
PHP 5.3.5 grapheme_extract() NULL Pointer Dereference
17.02.2011
Maksymilian Arciemowic...
Med.
KDC denial of service attacks
12.02.2011
Tom Yu
Low
Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel
22.01.2011
th_decoder 126 com
High
Multiple Vendors (Internet Explorer, Mozilla etc) remote code execution
12.01.2011
Michal Zalewski
High
ImgBurn 2.4.0.0 DLL Hijack
06.01.2011
d3c0der
Med.
Apache Insecure mod_rewrite PCRE Resource Exhaustion
21.12.2010
Maksymilian Arciemowic...
Med.
Orbis CMS 1.0.2 Arbitrary File Upload Vulnerability
07.12.2010
Mark Stanislav
Med.
Vtiger CRM 5.2.0 Multiple Vulnerabilities
30.11.2010
ascii
High
Linux Kernel \'sctp_outq_flush()\' Denial of Service Vulnerability
25.11.2010
Thomas Dreibholz
Med.
Mono \'loader.c\' Library Loading Local Privilege Escalation Vulnerability
20.11.2010
Richard Brooksby
Med.
VideoCharge Studio DLL Hijacking Exploit (dwmapi.dll , quserex.dll )
23.09.2010
anT!-Tr0J4n
Low
Microsoft Word 2003 MSO Null Pointer Dereference Vulnerability
22.09.2010
Aditya K Sood
High
PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability
17.09.2010
YGN Ethical Hacker Gro...
Med.
Tortoise SVN 1.6.10 build 19898 the Windows DLL hijacking vulnerability.
01.09.2010
Nikhil Mittal
High
TeamViewer <= 5.0.8703 DLL Hijacking Exploit (dwmapi.dll)
27.08.2010
glafkos astalavista co...
High
Remote Binary Planting in Apple iTunes for Windows
24.08.2010
Mitja Kolsek
Med.
OpenSSL \"ssl3_get_key_exchange()\" Use-after-free Vulnerability
20.08.2010
Georgi Guninski
Low
LibTIFF \'td_stripbytecount\' NULL Pointer Dereference Remote Denial of Service
10.08.2010
Tomas Hoger
Med.
KVIrc Failed DCC Handshake Notification Command Injection Vulnerability
04.08.2010
unic0rn
Med.
[Apache HTTP Server 2.2.16 Released multiple vulnerabilities
30.07.2010
Paul Querna &lt;pquern...
Med.
Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Vulnerability
05.07.2010
hushmail
Med.
TCExam 10.1.007 Arbitrary Upload
07.06.2010
Jjohn Leitch
Med.
GSS-API lib null pointer deref
24.05.2010
Tom Yu
Med.
IBM Datapower XS40 Denial of Service
03.05.2010
Erik
Med.
e107 Avatar/Photograph Image File Upload Vulnerability
22.04.2010
Secunia Research
Med.
Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities
19.04.2010
vendor
Med.
Lexmark Multiple Laser printer FTP Remote Denial of Services
26.03.2010
Francis Provencher
Med.
Safari 4.0.4 (531.21.10) - Stack Overflow/run
07.03.2010
John Cobb
High
DATEV ActiveX Control remote command execution
02.03.2010
NSO Research
Med.
Linux Kernel 64bit Personality Handling Local Denial of Service Vulnerability
19.02.2010
Mathias Krause
Med.
PHP 5.2.12/5.3.1 session.save_path safe_mode and open_basedir bypass
12.02.2010
Grzegorz Stachowiak
High
Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities
07.02.2010
Core
Med.
Windows Live Messenger 2009 ActiveX DoS Vulnerability
14.01.2010
hackattack
Med.
Cherokee Web Server 0.5.4 Denial Of Service
08.01.2010
usman
Med.
Zen Cart local file disclosure vulnerability
16.12.2009
Bogdan Calin
Med.
Cisco VPN Client Integer overflow (DOS) Proof Of Concept Code
03.12.2009
alt3kx
Med.
RTP s800i 1.3.0.4 Remote Crash Vulnerability
03.12.2009
Asterisk Security Team
Med.
PHP 5.3.0 \"multipart/form-data\" denial of service
27.11.2009
Bogdan Calin
Low
OpenX 2.8.1 remote code execution
26.11.2009
null
Low
Xerver 4.32 HTTP response splitting vulnerability
24.11.2009
sasquatch
Low
XM Easy Personal FTP Serve Remote Denial of Service Vulnerability
24.11.2009
zhangmc
Med.
DoS vulnerability in Internet Explorer
20.11.2009
MustLive
Med.
DoS vulnerability in Internet Explorer
18.11.2009
MustLive
High
Windows 7 and Windows Server 2008 remote dos
17.11.2009
Laurent Gaffi
Med.
Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation
04.11.2009
Tavis Ormandy & and Ju...
Low
SharePoint 2007 ASP.NET Source Code Disclosure
03.11.2009
Daniel Martin
Med.
Snort 2.8.5.1 multiple vulnerabilities
30.10.2009
Laurent Gaffi
Low
GPG2/Kleopatra 2.0.11 - Malformed Certificate Crash PoC
29.10.2009
Dr_IDE
Med.
Websense Email Security v7.1 Web Administrator DoS
24.10.2009
NSO Research
High
PHP 5.2.11 libgd multiple vulnerabilities
22.10.2009
Tomas Hoger
Med.
Innovation Data Processing FDR Port Scan DoS
21.10.2009
Anonymous
Low
Missing initializations in dumped data
21.10.2009
Patrick McHardy & Davi...
High
Piwik Build 1357 2009-08-02 remote file upload vulnerability
20.10.2009
Braeden Thomas
Med.
ZoIPer v2.22 Call-Info Remote Denial Of Service
19.10.2009
Tomer Bitton
Med.
FileCOPA FTP Server Version 5.01 Remote DoS Exploit
12.10.2009
null
Low
OpenBSD patch: XMM exceptions incorrectly handled in i386 kernel
08.10.2009
Slava Pestov
Med.
XM Easy Personal FTP server 5.8 remote denial of service
03.10.2009
PLATEN
Med.
Half-Life CSTRIKE Server 1.6 Denial of Service Exploit (no-steam)
16.09.2009
Maxim Suhanov
Med.
Telephone Directory 2008 Arbitrary Delete Contact Exploit
08.09.2009
Stack
Med.
Eye-Fi 1.1.2 Multiple Vulnerabilities
02.09.2009
Seth Fogie (seth airsc...
High
MS Windows 2003 (EOT File) BSOD Crash Exploit
02.09.2009
webDEViL
Med.
Google Chrome Browser 0.2.149.27 Inspect Element DoS Exploit
25.08.2009
Metacortex
Med.
fhttpd 0.4.2 un64() Remote Denial of Service Exploit
24.08.2009
Jeremy Brown
Med.
aspWebAlbum 3.2 (Upload/SQL/XSS) Multiple Remote Vulnerabilities
20.08.2009
null
Med.
MS Internet Explorer 8.0.7100.0 Simple HTML Remote Crash PoC
17.08.2009
schnuddelbuddel
High
Chilkat Socket activex 2.3.1.1 Remote Arbitrary File Creation Exploit
14.08.2009
Underz0ne Crew
High
Exodus 0.10 (uri handler) Arbitrary Parameter Injection Exploit
13.08.2009
Nine:Situations:Group:...
Med.
BGP 4-byte ASN bug fixes
08.05.2009
Chris Caputo
Med.
FlexCell Grid Control 5.6.9 Remote File Overwrite Exploit
31.01.2009
Houssamix
Med.
Siemens C450IP/C475IP DoS
25.11.2008
Martin Kluge
High
db Software Laboratory VImpX (VImpX.ocx) Multiple Vulnerabilities
29.10.2008
shinnai
High
Peachtree Accounting 2004 (PAWWeb11.ocx) ActiveX Insecure Method
23.10.2008
Jeremy Brown
High
Chilkat FTP ActiveX 2.0 (ChilkatCert.dll) Insecure Method Exploit
21.10.2008
darkl0rd
High
Macrovision FlexNet isusweb.dll DownloadAndExecute Method Exploit
19.10.2008
e.b.
Med.
Chilkat Mail ActiveX 7.8 (ChilkatCert.dll) Insecure Method Exploit
19.10.2008
anon
High
Macrovision FlexNet DownloadManager Insecure Methods Exploit
18.10.2008
e.b.
High
sctp: fix potential panics in the SCTP-AUTH API.
04.09.2008
Vlad Yasevich
High
Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities
28.06.2008
BugReport.ir
Med.
Server freezed in Skulltag 0.97d2-RC2
17.06.2008
Luigi Auriemma
Med.
Nucleus CMS <= 3.22 arbitrary remote inclusion
27.05.2006
rgod


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2023-12-12
Waiting for details
CVE-2022-44543

Updating...
 

 
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled.

 
Waiting for details
CVE-2023-6547

Updating...
 

 
Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team. 

 
2023-12-11
Waiting for details
CVE-2023-6538

Updating...
 

 
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.

 
2023-12-07
Waiting for details
CVE-2023-6578

Updating...
 

 
A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup may request username and password. By just clicking CANCEL you will be redirected to the directory. If you visited /invoke/wm.server/connect, you'll be able to see details like internal IPs, ports, and versions. In some cases if access to /assets/ is refused, you may enter /assets/x as a wrong value, then come back to /assets/ which we will show the requested data. It appears that insufficient access control is depending on referrer header data. VDB-247158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

 
Waiting for details
CVE-2023-48860

Updating...
 

 
TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code.

 
Waiting for details
CVE-2023-6566

Updating...
 

 
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

 
2023-12-06
Waiting for details
CVE-2023-49248

Updating...
 

 
Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access.

 
Waiting for details
CVE-2023-49246

Updating...
 

 
Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

 
Waiting for details
CVE-2023-49245

Updating...
 

 
Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality.

 
Waiting for details
CVE-2023-45210

Updating...
 

 
Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top