Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2388 | 1 Oracle | 1 E-business Suite | 2011-01-19 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2006-3634 | 1 Linux | 1 Linux Kernel | 2011-01-19 | 4.9 MEDIUM | N/A |
| The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functions in Linux kernel 2.6.17-rc4 to 2.6.18-rc2 perform the atomic futex operation in the kernel address space instead of the user address space, which allows local users to cause a denial of service (crash). | |||||
| CVE-2010-0121 | 3 Apple, Linux, Realnetworks | 4 Mac Os X, Linux Kernel, Realplayer and 1 more | 2011-01-19 | 10.0 HIGH | N/A |
| The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vectors. | |||||
| CVE-2010-4339 | 1 Hypermail-project | 1 Hypermail | 2011-01-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing messages. | |||||
| CVE-2010-4598 | 1 Ecava | 1 Integraxor | 2011-01-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request. | |||||
| CVE-2010-3996 | 1 Cstr | 1 Festival | 2011-01-14 | 6.9 MEDIUM | N/A |
| festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-2947 | 1 Jan Engelhardt | 1 Libhx | 2011-01-14 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields. | |||||
| CVE-2010-3073 | 1 Arg0 | 1 Encfs | 2011-01-14 | 2.1 LOW | N/A |
| SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. | |||||
| CVE-2010-3072 | 1 Squid-cache | 1 Squid | 2011-01-14 | 5.0 MEDIUM | N/A |
| The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. | |||||
| CVE-2010-3074 | 1 Arg0 | 1 Encfs | 2011-01-14 | 2.1 LOW | N/A |
| SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack. | |||||
| CVE-2010-2523 | 1 Linux-ipv6 | 1 Umip | 2011-01-14 | 10.0 HIGH | N/A |
| Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allow remote attackers to have an unspecified impact via a crafted (1) ND_OPT_PREFIX_INFORMATION or (2) ND_OPT_HOME_AGENT_INFO packet. | |||||
| CVE-2010-2522 | 1 Linux-ipv6 | 1 Umip | 2011-01-14 | 2.1 LOW | N/A |
| The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message. | |||||
| CVE-2010-4587 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2011-01-12 | 9.3 HIGH | N/A |
| Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module. | |||||
| CVE-2010-3921 | 1 Sixapart | 1 Movabletype | 2011-01-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3922 | 1 Sixapart | 1 Movabletype | 2011-01-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-2603 | 3 Apple, Microsoft, Rim | 3 Mac Os X, Windows, Blackberry Desktop Software | 2011-01-12 | 2.1 LOW | N/A |
| RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack. | |||||
| CVE-2010-1842 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-01-12 | 9.3 HIGH | N/A |
| Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation. | |||||
| CVE-2010-1837 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-01-12 | 6.8 MEDIUM | N/A |
| CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document. | |||||
| CVE-2010-1838 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-01-12 | 4.4 MEDIUM | N/A |
| Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name. | |||||
| CVE-2010-1844 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-01-12 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image. | |||||
| CVE-2010-1841 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-01-12 | 9.3 HIGH | N/A |
| Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image. | |||||
| CVE-2010-0390 | 1 Phpf1 | 1 Max\'s Image Uploader | 2011-01-12 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0391 | 1 Embarcadero | 1 Interbase Smp 2009 | 2011-01-12 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in Embarcadero Technologies InterBase SMP 2009 9.0.3.437 allow remote attackers to execute arbitrary code via unknown vectors involving crafted packets. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4507 | 1 Clear | 4 Clearspot, Clearspot Firmware, Ispot and 1 more | 2011-01-12 | 9.3 HIGH | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi. | |||||
| CVE-2010-4521 | 2 Drupal, Earl Miles | 2 Drupal, Views | 2011-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path. | |||||
| CVE-2010-4276 | 1 Livezilla | 1 Livezilla | 2011-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php. | |||||
| CVE-2010-4589 | 1 Ibm | 1 Enovia | 2011-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the emxFramework.FilterParameterPattern property. | |||||
| CVE-2010-4599 | 1 Ecava | 1 Integraxor | 2011-01-11 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4591 | 1 Ibm | 1 Lotus Mobile Connect | 2011-01-11 | 4.4 MEDIUM | N/A |
| The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch. | |||||
| CVE-2010-4593 | 1 Ibm | 1 Lotus Mobile Connect | 2011-01-11 | 4.0 MEDIUM | N/A |
| The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices. | |||||
| CVE-2010-4592 | 1 Ibm | 1 Lotus Mobile Connect | 2011-01-11 | 4.3 MEDIUM | N/A |
| The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) by making many TCP connection attempts. | |||||
| CVE-2010-4597 | 1 Ecava | 1 Integraxor | 2011-01-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument. | |||||
| CVE-2010-4114 | 2 Hp, Microsoft | 2 Discovery\&dependency Mapping Inventory, Windows | 2011-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4112 | 1 Hp | 1 Insight Management Agents | 2011-01-11 | 5.0 MEDIUM | N/A |
| HP Insight Management Agents before 8.6 allows remote attackers to obtain sensitive information via an unspecified request that triggers disclosure of the full path. | |||||
| CVE-2010-4111 | 3 Hp, Linux, Microsoft | 3 Insight Diagnostics, Linux Kernel, Windows | 2011-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4110 | 1 Hp | 1 Openvms | 2011-01-11 | 5.7 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors. | |||||
| CVE-2010-4094 | 1 Ibm | 2 Rational Quality Manager, Rational Test Lab Manager | 2011-01-11 | 5.0 MEDIUM | N/A |
| The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548. | |||||
| CVE-2010-2792 | 2 Mozilla, Redhat | 2 Firefox, Spice-xpi | 2011-01-11 | 3.3 LOW | N/A |
| Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket. | |||||
| CVE-2009-4457 | 1 Provider4u | 1 Vsftpd Webmin Module | 2011-01-11 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Vsftpd Webmin module before 1.3b for the Vsftpd server have unknown impact and attack vectors related to "Some security issues." | |||||
| CVE-2010-0215 | 1 A51dev | 1 Activecollab | 2011-01-11 | 6.0 MEDIUM | N/A |
| ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL. | |||||
| CVE-2010-0141 | 1 Cisco | 1 Unified Meetingplace | 2011-01-07 | 6.4 MEDIUM | N/A |
| MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935. | |||||
| CVE-2010-0139 | 1 Cisco | 1 Unified Meetingplace | 2011-01-07 | 9.0 HIGH | N/A |
| Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691. | |||||
| CVE-2010-0549 | 1 Xerox | 2 Workcentre 6400 Net Controller, Workcentre 6400 System Software | 2011-01-06 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript file, aka "Unauthorized Directory Structure Access Vulnerability." | |||||
| CVE-2009-4169 | 2 Roytanck, Wordpress | 2 Wp-cumulus, Wordpress | 2011-01-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4157 | 2 Joomla, Joomlatune | 2 Joomla\!, Com Proofreader | 2011-01-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages. | |||||
| CVE-2009-4152 | 1 Ibm | 1 Websphere Portal | 2011-01-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag. | |||||
| CVE-2008-5417 | 1 Hp | 2 Decnet Plus For Openvms, Openvms | 2011-01-05 | 2.1 LOW | N/A |
| HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services. | |||||
| CVE-2010-4096 | 1 Monkeysphere Project | 1 Monkeysphere | 2011-01-04 | 4.6 MEDIUM | N/A |
| share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local users to execute arbitrary code via unknown manipulations related to the "monkeysphere-authentication keys-for-user" command. | |||||
| CVE-2010-4029 | 1 Hp | 1 Storage Essentials | 2011-01-04 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP Storage Essentials before 6.3.0, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | |||||
| CVE-2009-4448 | 1 Mybboard | 1 Mybb | 2011-01-04 | 5.0 MEDIUM | N/A |
| inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors. | |||||