Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0717 | 1 Redhat | 1 Network Satellite Server | 2017-08-17 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk. | |||||
| CVE-2011-0680 | 1 Google | 1 Android | 2017-08-17 | 5.0 MEDIUM | N/A |
| data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service. | |||||
| CVE-2011-0678 | 1 Lomtec | 1 Activeweb | 2017-08-17 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm. | |||||
| CVE-2011-0584 | 1 Adobe | 1 Coldfusion | 2017-08-17 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2011-0507 | 1 Blackmoonftpserver | 1 Blackmoon Ftp Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1736), and possibly other versions before 3.1.8.1737, allows remote attackers to cause a denial of service (crash) via a large number of PORT commands with long arguments, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-0490 | 1 Tor | 1 Tor | 2017-08-17 | 5.0 MEDIUM | N/A |
| Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages. | |||||
| CVE-2011-0458 | 1 Google | 1 Picasa | 2017-08-17 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Locate on Disk feature in Google Picasa before 3.8 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2011-0452 | 1 Lunascape | 1 Lunascape | 2017-08-17 | 6.2 MEDIUM | N/A |
| Untrusted search path vulnerability in the script function in Lunascape before 6.4.3 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2011-0403 | 1 Imgburn | 1 Imgburn | 2017-08-17 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file. | |||||
| CVE-2011-0385 | 1 Cisco | 4 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software, Telepresence Recording Server and 1 more | 2017-08-17 | 10.0 HIGH | N/A |
| The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065. | |||||
| CVE-2011-0323 | 1 Topazsystems | 1 Sigplus Pro Activex Control | 2017-08-17 | 9.3 HIGH | N/A |
| Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allows remote attackers to execute arbitrary code by calling the exposed unsafe (1) SetLogFilePath and (2) SigMessage methods to create arbitrary files with arbitrary content. | |||||
| CVE-2011-0064 | 2 Mozilla, Pango | 2 Firefox, Pango | 2017-08-17 | 6.8 MEDIUM | N/A |
| The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. | |||||
| CVE-2010-3611 | 1 Isc | 1 Dhcp | 2017-08-17 | 4.3 MEDIUM | N/A |
| ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field. | |||||
| CVE-2010-4353 | 1 Menalto | 1 Gallery | 2017-08-17 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2010-3135 | 1 Cisco | 1 Packet Tracer | 2017-08-17 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .pkt or .pkz file. | |||||
| CVE-2010-2195 | 1 Eterna | 1 Bozohttpd | 2017-08-17 | 5.0 MEDIUM | N/A |
| bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows attackers to cause a denial of service via vectors related to a "wrong code generation interaction with GCC." | |||||
| CVE-2010-1156 | 1 Irssi | 1 Irssi | 2017-08-17 | 4.3 MEDIUM | N/A |
| core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel. | |||||
| CVE-2010-0782 | 1 Ibm | 1 Websphere Mq | 2017-08-17 | 4.3 MEDIUM | N/A |
| IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate. | |||||
| CVE-2010-2060 | 1 Wildbit | 1 Beanstalkd | 2017-08-17 | 7.5 HIGH | N/A |
| The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c. | |||||
| CVE-2010-1639 | 1 Clamav | 1 Clamav | 2017-08-17 | 4.3 MEDIUM | N/A |
| The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. | |||||
| CVE-2010-0757 | 1 Wikyblog | 1 Wikyblog | 2017-08-17 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/. | |||||
| CVE-2010-1810 | 1 Apple | 3 Iphone, Iphone Os, Ipod Touch | 2017-08-17 | 3.5 LOW | N/A |
| FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. | |||||
| CVE-2010-3372 | 1 Nordugrid | 1 Nordugrid-arc | 2017-08-17 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in NorduGrid Advanced Resource Connector (ARC) before 0.8.3 allows local users to gain privileges via vectors related to the LD_LIBRARY_PATH environment variable. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1643 | 1 Linux | 1 Linux Kernel | 2017-08-17 | 6.9 MEDIUM | N/A |
| mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2010-3164 | 1 Fenrir | 2 Grani, Sleipnir | 2017-08-17 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and earlier and Grani 4.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2010-3158 | 1 Lhaplus | 1 Lhaplus | 2017-08-17 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2009-4130 | 1 Mozilla | 1 Firefox | 2017-08-17 | 5.8 MEDIUM | N/A |
| Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name. | |||||
| CVE-2009-3007 | 2 Flock, Mozilla | 3 Flock, Firefox, Seamonkey | 2017-08-17 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker. | |||||
| CVE-2009-3008 | 1 Christophe Thibault | 1 K-meleon | 2017-08-17 | 4.3 MEDIUM | N/A |
| K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker. | |||||
| CVE-2009-3626 | 1 Perl | 1 Perl | 2017-08-17 | 5.0 MEDIUM | N/A |
| Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match. | |||||
| CVE-2009-3630 | 1 Typo3 | 1 Typo3 | 2017-08-17 | 5.5 MEDIUM | N/A |
| The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue. | |||||
| CVE-2009-3641 | 1 Snort | 1 Snort | 2017-08-17 | 4.3 MEDIUM | N/A |
| Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol. | |||||
| CVE-2009-3643 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2017-08-17 | 5.0 MEDIUM | N/A |
| Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a long argument to the (1) LIST and (2) NLST commands, a differnt issue than CVE-2008-5626 and CVE-2006-5728. | |||||
| CVE-2009-3654 | 2 316solutions, Drupal | 2 Boost, Drupal | 2017-08-17 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors. | |||||
| CVE-2009-3695 | 1 Djangoproject | 1 Django | 2017-08-17 | 5.0 MEDIUM | N/A |
| Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression. | |||||
| CVE-2009-3704 | 1 Zoiper | 1 Zoiper | 2017-08-17 | 5.0 MEDIUM | N/A |
| ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause a denial of service (crash) via a SIP INVITE request with an empty Call-Info header. | |||||
| CVE-2009-3805 | 2 Gpg4win, Kde-apps | 2 Gpg4win, Kleopatra | 2017-08-17 | 4.3 MEDIUM | N/A |
| gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature. | |||||
| CVE-2009-3934 | 1 Google | 1 Chrome | 2017-08-17 | 4.3 MEDIUM | N/A |
| The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail. | |||||
| CVE-2009-4197 | 1 Huawei | 3 Mt882 Modem, Mt882 Modem Firmware, Mt882 V100t002b020 Arg-t | 2017-08-17 | 4.7 MEDIUM | N/A |
| rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete. | |||||
| CVE-2009-4353 | 1 Transware | 1 Active\! Mail | 2017-08-17 | 5.8 MEDIUM | N/A |
| The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL. | |||||
| CVE-2009-4412 | 1 S9y | 1 Serendipity | 2017-08-17 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4453 | 1 Softcab | 1 Sound Converter Activex | 2017-08-17 | 8.8 HIGH | N/A |
| Insecure method vulnerability in SoftCab Sound Converter ActiveX control (sndConverter.ocx) 1.2 allows remote attackers to create or overwrite arbitrary files via the SaveFormat method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4652 | 1 Ngircd | 1 Ngircd | 2017-08-17 | 2.6 LOW | N/A |
| The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error. | |||||
| CVE-2009-4817 | 1 Element-it | 1 Ultimate Uploader | 2017-08-17 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/. | |||||
| CVE-2009-4818 | 1 Phpsimplicity | 1 Simplicity Of Upload | 2017-08-17 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. | |||||
| CVE-2009-4819 | 1 Stoverud | 1 Phphotoalbum | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/. | |||||
| CVE-2010-0151 | 1 Cisco | 11 5500 Series Adaptive Security Appliance, 5505 Series Adaptive Security Appliance, 5510 Series Adaptive Security Appliance and 8 more | 2017-08-17 | 7.8 HIGH | N/A |
| The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used in for the Cisco Catalyst 6500 switches, Cisco 7600 routers, and ASA 5500 Adaptive Security Appliances, allows remote attackers to cause a denial of service (crash) via a malformed Skinny Client Control Protocol (SCCP) message. | |||||
| CVE-2010-0279 | 1 Bts-gi.net | 1 Read Excel | 2017-08-17 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in BTS-GI Read excel 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0285 | 1 Gnome | 1 Screensaver | 2017-08-17 | 5.6 MEDIUM | N/A |
| gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor. | |||||
| CVE-2010-0313 | 1 Sun | 1 Java System Directory Server | 2017-08-17 | 5.0 MEDIUM | N/A |
| The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message. | |||||