Search Results (Refine Search)
- CPE Product Version: cpe:/o:microsoft:windows:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-2263 |
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Published: June 15, 2010; 10:04:24 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-3732 |
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors. Published: April 12, 2010; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-3097 |
Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Published: September 08, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-1072 |
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. Published: March 24, 2009; 9:30:00 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-0778 |
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." Published: March 12, 2009; 11:20:49 AM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2008-4197 |
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut. Published: September 27, 2008; 6:30:03 AM -0400 |
V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2008-3628 |
Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue." Published: September 10, 2008; 9:13:09 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-0768 |
Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests. Published: February 13, 2008; 5:00:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2005-4868 |
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.1: 7.1 HIGH V2.0: 2.1 LOW |
CVE-2005-3483 |
Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size. Published: November 03, 2005; 5:02:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3059 |
Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding." Published: September 26, 2005; 3:03:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2005-1891 |
The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. Published: June 09, 2005; 12:00:00 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2004-0717 |
Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Published: July 27, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2002-0969 |
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. Published: October 11, 2002; 12:00:00 AM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-1999-0289 |
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. Published: December 12, 1999; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-1999-0524 |
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. Published: August 01, 1997; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |