Search
Total
5300 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1584 | 1 Dotclear | 1 Dotclear | 2012-04-27 | 6.5 MEDIUM | N/A |
| The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-5085 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2012-04-25 | 2.6 LOW | N/A |
| IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions via vectors that trigger absence of the consent-to-authenticate page. | |||||
| CVE-2011-4700 | 2 Android, Ubermedia | 2 Android, Ubersocial | 2012-04-19 | 5.8 MEDIUM | N/A |
| The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application. | |||||
| CVE-2012-1436 | 5 Ahnlab, Aladdin, Emsisoft and 2 more | 5 V3 Internet Security, Esafe, Anti-malware and 2 more | 2012-04-13 | 4.3 MEDIUM | N/A |
| The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. | |||||
| CVE-2012-1432 | 4 Aladdin, Emsisoft, Ikarus and 1 more | 4 Esafe, Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner and 1 more | 2012-04-13 | 4.3 MEDIUM | N/A |
| The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. | |||||
| CVE-2012-1441 | 2 Aladdin, Prevx | 2 Esafe, Prevx | 2012-04-13 | 4.3 MEDIUM | N/A |
| The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows remote attackers to bypass malware detection via an EXE file with a modified value in any of several e_ fields. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. | |||||
| CVE-2012-1451 | 2 Emsisoft, Ikarus | 2 Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner | 2012-04-13 | 4.3 MEDIUM | N/A |
| The CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved2 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
| CVE-2012-1434 | 4 Ahnlab, Emsisoft, Ikarus and 1 more | 4 V3 Internet Security, Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner and 1 more | 2012-04-13 | 4.3 MEDIUM | N/A |
| The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. | |||||
| CVE-2012-1430 | 8 Aladdin, Bitdefender, Comodo and 5 more | 9 Esafe, Bitdefender, Comodo Antivirus and 6 more | 2012-04-13 | 4.3 MEDIUM | N/A |
| The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | |||||
| CVE-2012-1239 | 1 Toshibatec | 64 E-studio-167 With Network Printer Kit, E-studio-167 With Network Printer Kit Firmware, E-studio-181 With Network Printer Kit and 61 more | 2012-04-09 | 10.0 HIGH | N/A |
| The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors. | |||||
| CVE-2012-1907 | 1 Privawall | 1 Privawall Antivirus | 2012-04-05 | 4.3 MEDIUM | N/A |
| The scanner engine in PrivaWall Antivirus 5.6 and earlier does not recognize the Office XML (aka Open Document XML) file format, which allows remote attackers to bypass malware detection via a crafted file embedded in a WordML document. | |||||
| CVE-2012-1438 | 2 Comodo, Sophos | 2 Comodo Antivirus, Sophos Anti-virus | 2012-03-27 | 4.3 MEDIUM | N/A |
| The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via an Office file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Office parser implementations. | |||||
| CVE-2012-1431 | 10 Aladdin, Authentium, Bitdefender and 7 more | 10 Esafe, Command Antivirus, Bitdefender and 7 more | 2012-03-27 | 4.3 MEDIUM | N/A |
| The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | |||||
| CVE-2012-1433 | 5 Ahnlab, Aladdin, Emsisoft and 2 more | 5 V3 Internet Security, Esafe, Anti-malware and 2 more | 2012-03-21 | 4.3 MEDIUM | N/A |
| The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. | |||||
| CVE-2012-1440 | 5 Aladdin, Ca, Fortinet and 2 more | 5 Esafe, Etrust Vet Antivirus, Fortinet Antivirus and 2 more | 2012-03-21 | 4.3 MEDIUM | N/A |
| The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | |||||
| CVE-2012-1435 | 5 Ahnlab, Aladdin, Emsisoft and 2 more | 5 V3 Internet Security, Esafe, Anti-malware and 2 more | 2012-03-21 | 4.3 MEDIUM | N/A |
| The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. | |||||
| CVE-2011-5083 | 1 Dotclear | 1 Dotclear | 2012-03-20 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2009-0024 | 1 Linux | 1 Linux Kernel | 2012-03-19 | 7.2 HIGH | N/A |
| The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions. | |||||
| CVE-2009-4131 | 1 Linux | 1 Linux Kernel | 2012-03-19 | 7.2 HIGH | N/A |
| The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions. | |||||
| CVE-2006-4572 | 1 Linux | 1 Linux Kernel | 2012-03-19 | 7.5 HIGH | N/A |
| ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug." | |||||
| CVE-2009-0835 | 1 Linux | 1 Linux Kernel | 2012-03-19 | 3.6 LOW | N/A |
| The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343. | |||||
| CVE-2011-2203 | 1 Linux | 1 Linux Kernel | 2012-03-19 | 2.1 LOW | N/A |
| The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record. | |||||
| CVE-2012-0398 | 1 Emc | 1 Documentum Eroom | 2012-03-15 | 7.5 HIGH | N/A |
| EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors. | |||||
| CVE-2002-2437 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2012-03-08 | 5.0 MEDIUM | N/A |
| The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. | |||||
| CVE-2010-5072 | 1 Opera | 1 Opera Browser | 2012-03-07 | 5.0 MEDIUM | N/A |
| The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. | |||||
| CVE-2010-5070 | 1 Apple | 1 Safari | 2012-03-07 | 5.0 MEDIUM | N/A |
| The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073. | |||||
| CVE-2011-4220 | 1 Investintech | 1 Slimpdf Reader | 2012-03-07 | 9.3 HIGH | N/A |
| Investintech.com SlimPDF Reader does not properly restrict the arguments to unspecified function calls, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. | |||||
| CVE-2011-4690 | 1 Opera | 1 Opera Browser | 2012-03-06 | 5.0 MEDIUM | N/A |
| Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. | |||||
| CVE-2011-4681 | 1 Opera | 1 Opera Browser | 2012-03-06 | 5.0 MEDIUM | N/A |
| Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as demonstrated by the .no or .uk domain. | |||||
| CVE-2011-4682 | 1 Opera | 1 Opera Browser | 2012-03-06 | 6.4 MEDIUM | N/A |
| The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites. | |||||
| CVE-2012-0366 | 1 Cisco | 1 Unity Connection | 2012-03-01 | 9.0 HIGH | N/A |
| Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141. | |||||
| CVE-2011-4864 | 2 Google, Tencent | 2 Android, Mobileqq | 2012-02-29 | 5.8 MEDIUM | N/A |
| The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application. | |||||
| CVE-2011-4217 | 1 Investintech | 1 Slimpdf Reader | 2012-02-29 | 9.3 HIGH | N/A |
| Investintech.com SlimPDF Reader does not properly restrict read operations during block data moves, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. | |||||
| CVE-2011-4865 | 2 Google, Tencent | 3 Android, Microblogpad, Wblog | 2012-02-29 | 5.8 MEDIUM | N/A |
| The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application. | |||||
| CVE-2011-5010 | 1 Ctekproducts | 1 Skyrouter | 2012-02-17 | 10.0 HIGH | N/A |
| apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action. | |||||
| CVE-2011-2740 | 2 Emc, Mozilla | 2 Rsa Key Manager Appliance, Firefox | 2012-02-17 | 9.3 HIGH | N/A |
| EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | |||||
| CVE-2011-4039 | 2 Dreamreport, Invensys | 2 Dream Report, Wonderware Hmi Reports | 2012-02-14 | 9.3 HIGH | N/A |
| Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation." | |||||
| CVE-2011-3645 | 1 Newgensoft | 1 Omnidocs | 2012-02-14 | 7.5 HIGH | N/A |
| Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user. | |||||
| CVE-2011-2739 | 1 Emc | 1 Documentum Eroom | 2012-02-14 | 8.5 HIGH | N/A |
| The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file. | |||||
| CVE-2010-1637 | 1 Squirrelmail | 1 Squirrelmail | 2012-02-14 | 4.0 MEDIUM | N/A |
| The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | |||||
| CVE-2011-4659 | 1 Cisco | 2 Ip Video Phone E20, Telepresence E20 Software | 2012-02-10 | 10.0 HIGH | N/A |
| Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555. | |||||
| CVE-2011-5078 | 1 Sybase | 1 M-business Anywhere | 2012-02-09 | 6.5 MEDIUM | N/A |
| The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP requests, aka Bug IDs 678497 and 678499. | |||||
| CVE-2011-4114 | 1 Roderich Schupp | 1 Par-packer Module | 2012-02-08 | 3.3 LOW | N/A |
| The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier. | |||||
| CVE-2011-4867 | 2 Android, Tencent | 2 Android, Qqpphoto | 2012-02-07 | 5.8 MEDIUM | N/A |
| The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application. | |||||
| CVE-2011-4509 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-06 | 10.0 HIGH | N/A |
| The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. | |||||
| CVE-2011-4925 | 2 Cluster Resources, Clusterresources | 2 Torque Resource Manager, Torque Resource Manager | 2012-02-02 | 4.9 MEDIUM | N/A |
| Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when munge authentication is used, allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors. | |||||
| CVE-2011-4702 | 2 Android, Nimbuzz | 2 Android, Nimbuzz | 2012-01-25 | 5.8 MEDIUM | N/A |
| The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application. | |||||
| CVE-2011-4704 | 2 Android, Voxofon | 2 Android, Voxofon | 2012-01-25 | 5.8 MEDIUM | N/A |
| The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application. | |||||
| CVE-2011-4705 | 2 Android, Ming | 2 Android, Blacklist Free | 2012-01-25 | 5.8 MEDIUM | N/A |
| The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list via a crafted application that launches a "data-flow attack." | |||||
| CVE-2011-4701 | 2 Android, Hatena | 2 Android, Callconfirm | 2012-01-25 | 5.8 MEDIUM | N/A |
| The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application. | |||||