Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0537 | 2 Mediawiki, Microsoft | 2 Mediawiki, Windows | 2011-02-12 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function. | |||||
| CVE-2010-4588 | 1 Microsoft | 1 Wmi Administrative Tools | 2011-01-19 | 9.3 HIGH | N/A |
| The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference. | |||||
| CVE-2010-4587 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2011-01-12 | 9.3 HIGH | N/A |
| Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module. | |||||
| CVE-2010-2603 | 3 Apple, Microsoft, Rim | 3 Mac Os X, Windows, Blackberry Desktop Software | 2011-01-12 | 2.1 LOW | N/A |
| RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack. | |||||
| CVE-2010-4111 | 3 Hp, Linux, Microsoft | 3 Insight Diagnostics, Linux Kernel, Windows | 2011-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4114 | 2 Hp, Microsoft | 2 Discovery\&dependency Mapping Inventory, Windows | 2011-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4368 | 2 Awstats, Microsoft | 2 Awstats, Windows | 2010-12-03 | 7.5 HIGH | N/A |
| awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname. | |||||
| CVE-2010-3141 | 1 Microsoft | 1 Powerpoint | 2010-11-11 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file. | |||||
| CVE-2010-3888 | 1 Microsoft | 1 Windows | 2010-10-11 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. | |||||
| CVE-2010-1131 | 2 Apple, Microsoft | 2 Safari, Windows Xp | 2010-06-08 | 4.3 MEDIUM | N/A |
| JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring. | |||||
| CVE-2010-2085 | 1 Microsoft | 1 .net Framework | 2010-05-28 | 4.3 MEDIUM | N/A |
| The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter. | |||||
| CVE-2010-2088 | 1 Microsoft | 1 Asp.net | 2010-05-28 | 4.3 MEDIUM | N/A |
| ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter. | |||||
| CVE-2010-2084 | 1 Microsoft | 1 Asp.net | 2010-05-28 | 4.3 MEDIUM | N/A |
| Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute. | |||||
| CVE-2010-2083 | 1 Microsoft | 1 Dynamics Gp | 2010-05-27 | 4.0 MEDIUM | N/A |
| Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2010-2011 | 1 Microsoft | 1 Dynamics Gp | 2010-05-24 | 4.0 MEDIUM | N/A |
| Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents. | |||||
| CVE-2009-1564 | 2 Microsoft, Vmware | 5 Windows, Movie Decoder, Player and 2 more | 2010-04-22 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding. | |||||
| CVE-2009-1565 | 2 Microsoft, Vmware | 5 Windows, Movie Decoder, Player and 2 more | 2010-04-22 | 9.3 HIGH | N/A |
| vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors." | |||||
| CVE-2009-4741 | 2 Microsoft, Skype | 2 Windows, Skype | 2010-03-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors. | |||||
| CVE-2010-0925 | 2 Apple, Microsoft | 2 Safari, Windows | 2010-03-04 | 5.0 MEDIUM | N/A |
| cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element. | |||||
| CVE-2010-0924 | 2 Apple, Microsoft | 2 Safari, Windows | 2010-03-04 | 5.0 MEDIUM | N/A |
| cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element. | |||||