Vulnerabilities > Microsoft > Windows > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-02-04 | CVE-2011-0537 | Path Traversal vulnerability in Mediawiki Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function. | 7.5 |
| 2011-01-31 | CVE-2011-0450 | Remote Security vulnerability in Opera Web Browser The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file. | 7.6 |
| 2010-12-02 | CVE-2010-4368 | Code Injection vulnerability in Awstats awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname. | 7.5 |
| 2010-10-08 | CVE-2010-3888 | Unspecified vulnerability in Microsoft Windows Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. | 7.2 |
| 2010-09-08 | CVE-2010-3004 | Unspecified vulnerability in HP Operations Agent 7.36/8.60 Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
| 2010-07-15 | CVE-2010-1965 | Unspecified vulnerability in HP Insight Orchestration Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors. | 7.5 |
| 2010-07-13 | CVE-2010-0903 | Remote Net Foundation Layer vulnerability in Oracle Database Server Unspecified vulnerability in the Net Foundation Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors. | 7.8 |
| 2010-07-12 | CVE-2010-2489 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ruby-Lang Ruby Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files. | 7.2 |
| 2010-05-13 | CVE-2010-1939 | Resource Management Errors vulnerability in Apple Safari 4.0.5 Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. | 7.6 |
| 2010-04-12 | CVE-2010-1142 | Permissions, Privileges, and Access Controls vulnerability in VMWare products VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk. | 8.5 |