Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3276 | 1 Nasd | 1 Corenet1 | 2018-10-10 | 5.0 MEDIUM | N/A |
| Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed in NASD CORE.NET Terelik (aka corenet1) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many alphabetic characters followed by a ! (exclamation point), related to a certain regular expression, aka a "ReDoS" vulnerability. | |||||
| CVE-2009-2321 | 1 Axesstel | 1 Mv 410r | 2018-10-10 | 7.8 HIGH | N/A |
| cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string. | |||||
| CVE-2009-2267 | 1 Vmware | 7 Ace, Esx, Esxi and 4 more | 2018-10-10 | 6.9 MEDIUM | N/A |
| VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register. | |||||
| CVE-2009-2238 | 1 Dmxready | 1 Registration Manager | 2018-10-10 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager. | |||||
| CVE-2009-1381 | 1 Squirrelmail | 3 Imap General.php, Squirrelmail, Squirrelmail1.4.19-1 | 2018-10-10 | 6.8 MEDIUM | N/A |
| The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579. | |||||
| CVE-2009-1212 | 1 Precisionid | 1 Data Matrix Barcode Activex Control | 2018-10-10 | 7.8 HIGH | N/A |
| Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods. | |||||
| CVE-2009-1203 | 1 Cisco | 1 Adaptive Security Appliance | 2018-10-10 | 6.0 MEDIUM | N/A |
| WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709. | |||||
| CVE-2009-1105 | 1 Sun | 1 Java | 2018-10-10 | 7.5 HIGH | N/A |
| The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490. | |||||
| CVE-2009-1192 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 4.9 MEDIUM | N/A |
| The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. | |||||
| CVE-2009-1107 | 1 Sun | 1 Java | 2018-10-10 | 4.3 MEDIUM | N/A |
| The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. | |||||
| CVE-2009-1055 | 1 Sitecore | 1 Cms | 2018-10-10 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests. | |||||
| CVE-2009-0755 | 1 Poppler | 1 Poppler | 2018-10-10 | 5.0 MEDIUM | N/A |
| The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. | |||||
| CVE-2009-0649 | 1 Nokia | 2 N95, Symbian S60 Browser | 2018-10-10 | 7.8 HIGH | N/A |
| The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method. | |||||
| CVE-2009-0756 | 1 Poppler | 1 Poppler | 2018-10-10 | 5.0 MEDIUM | N/A |
| The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference. | |||||
| CVE-2016-2175 | 2 Apache, Debian | 2 Pdfbox, Debian Linux | 2018-10-09 | 7.5 HIGH | 7.8 HIGH |
| Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. | |||||
| CVE-2016-1524 | 1 Netgear | 1 Prosafe Network Management Software 300 | 2018-10-09 | 8.3 HIGH | 9.6 CRITICAL |
| Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI. | |||||
| CVE-2015-8320 | 1 Apache | 1 Cordova | 2018-10-09 | 5.0 MEDIUM | N/A |
| Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value. | |||||
| CVE-2015-7566 | 2 Linux, Novell | 5 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Real Time Extension and 2 more | 2018-10-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. | |||||
| CVE-2015-7712 | 1 Atutor | 1 Atutor | 2018-10-09 | 6.5 MEDIUM | N/A |
| Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter. | |||||
| CVE-2015-8124 | 1 Sensiolabs | 1 Symfony | 2018-10-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id. | |||||
| CVE-2015-5465 | 1 Sis | 1 Windows Vga Display Manager | 2018-10-09 | 7.2 HIGH | N/A |
| Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call. | |||||
| CVE-2015-5458 | 1 Pivotx | 1 Pivotx | 2018-10-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter. | |||||
| CVE-2015-5062 | 1 Silverstripe | 1 Silverstripe | 2018-10-09 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build. | |||||
| CVE-2015-6923 | 1 Vboxcomm | 1 Satellite Express Protocol | 2018-10-09 | 7.2 HIGH | N/A |
| The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call. | |||||
| CVE-2015-2842 | 1 Goautodial | 1 Goadmin Ce | 2018-10-09 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/. | |||||
| CVE-2015-3623 | 1 Qlik | 1 Qlikview | 2018-10-09 | 6.4 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx. | |||||
| CVE-2015-2994 | 1 Sysaid | 1 Sysaid | 2018-10-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/. | |||||
| CVE-2014-9752 | 1 Atutor | 1 Atutor | 2018-10-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the file in content/. | |||||
| CVE-2014-9708 | 2 Embedthis, Oracle | 2 Appweb, Enterprise Communications Broker | 2018-10-09 | 5.0 MEDIUM | N/A |
| Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,". | |||||
| CVE-2015-1251 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-10-09 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document. | |||||
| CVE-2014-9360 | 1 Scalix | 1 Web Access | 2018-10-09 | 6.4 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request. | |||||
| CVE-2014-9374 | 1 Digium | 2 Asterisk, Certified Asterisk | 2018-10-09 | 5.0 MEDIUM | N/A |
| Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame. | |||||
| CVE-2014-8397 | 1 Corel | 2 Fastflick, Videostudio Pro | 2018-10-09 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed. | |||||
| CVE-2014-8395 | 1 Corel | 1 Painter | 2018-10-09 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the same folder as the file being processed. | |||||
| CVE-2014-8394 | 1 Corel | 1 Corelcad | 2018-10-09 | 4.6 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory. | |||||
| CVE-2014-8875 | 1 Revive-adserver | 1 Revive Adserver | 2018-10-09 | 5.0 MEDIUM | N/A |
| The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack. | |||||
| CVE-2014-8870 | 1 Tapatalk | 1 Tapatalk | 2018-10-09 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the board_url parameter. | |||||
| CVE-2014-8398 | 1 Corel | 1 Fastflick | 2018-10-09 | 4.6 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed. | |||||
| CVE-2014-8396 | 1 Corel | 1 Pdf Fusion | 2018-10-09 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed. | |||||
| CVE-2014-8311 | 1 Sap | 1 Businessobjects | 2018-10-09 | 3.5 LOW | N/A |
| SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. | |||||
| CVE-2014-8085 | 1 Osclass | 1 Osclass | 2018-10-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2014-8312 | 1 Sap | 1 Netweaver Abap | 2018-10-09 | 3.5 LOW | N/A |
| Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. | |||||
| CVE-2014-8316 | 1 Sap | 1 Businessobjects Explorer | 2018-10-09 | 5.0 MEDIUM | N/A |
| XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request. | |||||
| CVE-2014-5392 | 1 Sos | 1 Jobscheduler | 2018-10-09 | 5.8 MEDIUM | N/A |
| XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference. | |||||
| CVE-2014-5176 | 1 Sap | 1 Fi Manager Self-service | 2018-10-09 | 6.0 MEDIUM | N/A |
| SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-5122 | 1 Esri | 1 Arcgis For Server | 2018-10-09 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login. | |||||
| CVE-2014-5127 | 1 Iii | 1 Encore Discovery Solution | 2018-10-09 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. | |||||
| CVE-2014-5035 | 1 Opendaylight | 1 Opendaylight | 2018-10-09 | 6.8 MEDIUM | N/A |
| The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-3793 | 1 Vmware | 4 Esxi, Fusion, Player and 1 more | 2018-10-09 | 5.8 MEDIUM | N/A |
| VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. | |||||
| CVE-2014-4046 | 1 Digium | 2 Asterisk, Certified Asterisk | 2018-10-09 | 6.5 MEDIUM | N/A |
| Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action. | |||||