Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2412 | 1 Hp | 1 Business Service Automation Essentials | 2012-02-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2011-2443 | 1 Adobe | 1 Photoshop Elements | 2012-02-14 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related issue to CVE-2010-1296. | |||||
| CVE-2011-2628 | 1 Opera | 1 Opera Browser | 2012-02-14 | 10.0 HIGH | N/A |
| Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload. | |||||
| CVE-2011-2739 | 1 Emc | 1 Documentum Eroom | 2012-02-14 | 8.5 HIGH | N/A |
| The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file. | |||||
| CVE-2011-1774 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2012-02-14 | 8.8 HIGH | N/A |
| WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425. | |||||
| CVE-2011-2023 | 1 Squirrelmail | 1 Squirrelmail | 2012-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message. | |||||
| CVE-2011-0182 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-14 | 7.2 HIGH | N/A |
| The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry. | |||||
| CVE-2010-4834 | 1 Oneorzero | 1 Aims | 2012-02-14 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4835 | 1 Oneorzero | 1 Aims | 2012-02-14 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action. | |||||
| CVE-2010-4837 | 2 Extensiondepot, Joomla | 2 Com Jsupport, Joomla\! | 2012-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4838 | 2 Extensiondepot, Joomla | 2 Com Jsupport, Joomla\! | 2012-02-14 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php. | |||||
| CVE-2010-4850 | 1 Diferior | 1 Diferior | 2012-02-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php. | |||||
| CVE-2010-4851 | 1 Eclime | 1 Eclime | 2012-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the (1) ref or (2) poll_id parameter to index.php, or the (3) country parameter to create_account.php. | |||||
| CVE-2010-4852 | 1 Eclime | 1 Eclime | 2012-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b allows remote attackers to inject arbitrary web script or HTML via the reason parameter in a fail action. | |||||
| CVE-2010-4855 | 1 Aspindir | 1 Xweblog | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter. | |||||
| CVE-2010-4858 | 1 Joerg Risse | 1 Dnet Live-stats | 2012-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter. | |||||
| CVE-2010-4859 | 1 Webasyst | 1 Shop-script | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action. | |||||
| CVE-2010-4864 | 2 Danieljamesscott, Joomla | 2 Com Clubmanager, Joomla\! | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php. | |||||
| CVE-2010-4877 | 1 Insanevisions | 1 Onecms | 2012-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the view parameter. | |||||
| CVE-2010-4884 | 1 Hinnendahl | 1 Gaestebuch | 2012-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter. | |||||
| CVE-2010-4902 | 2 Joomla, Joomla-clantools | 2 Joomla\!, Clantools | 2012-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php. | |||||
| CVE-2010-4909 | 1 Mechbunny | 1 Paysitereviewcms | 2012-02-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php. | |||||
| CVE-2010-4913 | 1 Coldgen | 1 Coldusergroup | 2012-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4923 | 1 Virtuenetz | 1 Virtue Book Store | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in book/detail.php in Virtue Netz Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the bid parameter. | |||||
| CVE-2010-4927 | 2 Joomla, Photoindochina | 2 Joomla\!, Com Restaurantguide | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php. | |||||
| CVE-2010-4928 | 2 Joomla, Photoindochina | 2 Joomla\!, Com Restaurantguide | 2012-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character. | |||||
| CVE-2010-4933 | 1 Geeklog | 1 Geeklog | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
| CVE-2010-4936 | 2 Joomla, Webmaster-tips | 2 Joomla\!, Com Slideshow | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2010-4968 | 2 Joomla, Webmaster-tips | 2 Joomla\!, Com Wmtpic | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2010-4970 | 1 Wikiwebhelp | 1 Wiki Web Help | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in handlers/getpage.php in Wiki Web Help 0.28 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-4998 | 1 Maulana Al Matien | 1 Ardeacore Php Framework | 2012-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5000 | 1 Joe Pieruccini | 1 Mclogin System | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_login action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5006 | 1 Emophp | 1 Emo Realty Manager | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in googlemap/index.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the cat1 parameter. | |||||
| CVE-2010-5008 | 1 Denaliintranet | 1 Brightsuite Groupware | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter. | |||||
| CVE-2010-5031 | 1 Filenice | 1 Filenice | 2012-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in fileNice 1.1 allows remote attackers to inject arbitrary web script or HTML via the sstring parameter (aka the Search Box). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5037 | 1 Michau Enterprises | 1 Sensesites Commonsense Cms | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||||
| CVE-2010-1637 | 1 Squirrelmail | 1 Squirrelmail | 2012-02-14 | 4.0 MEDIUM | N/A |
| The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | |||||
| CVE-2009-3999 | 1 Hp | 1 Power Manager | 2012-02-14 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter. | |||||
| CVE-2011-4534 | 1 Copadata | 1 Zenon | 2012-02-13 | 7.5 HIGH | N/A |
| ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via a series of connections and disconnections on TCP port 1101, aka Reference Number 25212. | |||||
| CVE-2011-4533 | 1 Copadata | 1 Zenon | 2012-02-13 | 7.5 HIGH | N/A |
| zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted packet to TCP port 50777, aka Reference Number 25240. | |||||
| CVE-2012-1046 | 1 Ibm | 1 Cognos Tm1 | 2012-02-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696. | |||||
| CVE-2011-4659 | 1 Cisco | 2 Ip Video Phone E20, Telepresence E20 Software | 2012-02-10 | 10.0 HIGH | N/A |
| Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555. | |||||
| CVE-2011-4804 | 2 Foobla, Joomla | 2 Com Obsuggest, Joomla\! | 2012-02-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2011-4806 | 1 Phpalbum | 1 Phpalbum | 2012-02-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters. | |||||
| CVE-2011-4807 | 1 Phpalbum | 1 Phpalbum | 2012-02-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter. | |||||
| CVE-2011-4808 | 2 Joomla, Joomlaextensions | 2 Joomla\!, Com Hmcommunity | 2012-02-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php. | |||||
| CVE-2011-4809 | 2 Joomla, Joomlaextensions | 2 Joomla\!, Com Hmcommunity | 2012-02-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4810 | 1 Whmcs | 1 Whmcompletesolution | 2012-02-10 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php. | |||||
| CVE-2011-4811 | 1 Bst | 1 Bestshoppro | 2012-02-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter. | |||||
| CVE-2011-4812 | 1 Bst | 1 Bestshoppro | 2012-02-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro allows remote attackers to inject arbitrary web script or HTML via the str parameter. | |||||