CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5353 matches found

CVE•added 2010/09/07 5:0 p.m.•91 views

CVE-2010-2739

The CVE-2010-2739 issue is a buffer overflow in the Windows win32k.sys CreateDIBPalette() function. A crafted bitmap with a very large color palette, used via GetClipboardData, can crash the system and may allow arbitrary code execution locally on affected Windows versions: XP SP3, Server 2003 R2...

7.2CVSS7.6AI score0.03818EPSS

Exploits1References5Affected Software6

OpenVAS•added 2010/09/07 12:0 a.m.•14 views

Mandriva Update for libHX MDVSA-2010:165 (libHX)

Check for the Version of libHX OpenVAS Vulnerability Test Mandriva Update for libHX MDVSA-2010:165 libHX Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

10CVSS6.5AI score0.05506EPSS

Exploits0References2

Prion•added 2010/09/03 6:0 p.m.•15 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to 1 post.php, 2 article.php, 3 blog.php, or 4 home.php in pectemplates/nova-blue/...

7.5CVSS8.1AI score0.02338EPSS

Exploits1References4Affected Software1

NVD•added 2010/08/27 7:0 p.m.•18 views

CVE-2010-3141

Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm,...

9.3CVSS7.2AI score0.15353EPSS

Exploits1References1

NVD•added 2010/08/27 7:0 p.m.•15 views

CVE-2010-3139

Untrusted search path vulnerability in Microsoft Windows Progman Group Converter grpconv.exe allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file...

9.3CVSS7.3AI score0.23922EPSS

Exploits1References5

NVD•added 2010/08/26 9:0 p.m.•20 views

CVE-2010-2880

DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a...

9.3CVSS7.5AI score0.04404EPSS

Exploits0References5

NVD•added 2010/08/26 9:0 p.m.•21 views

CVE-2010-2881

IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a...

9.3CVSS7.5AI score0.04404EPSS

Exploits0References5

NVD•added 2010/08/26 9:0 p.m.•18 views

CVE-2010-2876

Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a 1 .dir or 2 .dcr Director movie, which allows remote attackers to cause a denial of service heap memory corruption or execute arbitrary code via a crafte...

9.3CVSS7.5AI score0.06051EPSS

Exploits0References6

NVD•added 2010/08/26 9:0 p.m.•18 views

CVE-2010-2879

Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service heap memory corruption or execute arbitrary code via a crafted 1 element count or 2 element size value in a file...

9.3CVSS7.5AI score0.04809EPSS

Exploits0References6

NVD•added 2010/08/26 9:0 p.m.•19 views

CVE-2010-2882

9.3CVSS7.5AI score0.04404EPSS

Exploits0References5

NVD•added 2010/08/26 9:0 p.m.•20 views

CVE-2010-2866

Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie...

9.3CVSS7.5AI score0.13014EPSS

Exploits0References6

NVD•added 2010/08/26 9:0 p.m.•36 views

CVE-2010-2868

IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x320D...

9.3CVSS7.8AI score0.04764EPSS

Exploits0References5

NVD•added 2010/08/26 9:0 p.m.•19 views

CVE-2010-2864

9.3CVSS7.5AI score0.04764EPSS

Exploits0References5

Prion•added 2010/08/26 9:0 p.m.•14 views

Memory corruption

9.3CVSS8.1AI score0.04404EPSS

Exploits0References5Affected Software1

Prion•added 2010/08/26 9:0 p.m.•16 views

Memory corruption

9.3CVSS8.1AI score0.04764EPSS

Exploits0References5Affected Software1

Prion•added 2010/08/26 9:0 p.m.•16 views

Memory corruption

9.3CVSS7.8AI score0.04404EPSS

Exploits0References5Affected Software1

Prion•added 2010/08/26 9:0 p.m.•23 views

Null pointer dereference

DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service heap memory corruption or execute arbitrary code via a crafted movie, related to a...

9.3CVSS8.1AI score0.05279EPSS

Exploits0References6Affected Software1

Prion•added 2010/08/26 9:0 p.m.•18 views

Memory corruption

9.3CVSS8.1AI score0.04764EPSS

Exploits0References5Affected Software1