Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3454 | 1 Oracle | 1 Collaboration Suite | 2012-10-23 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04 for Calendar; (5) OCS05, (6) OCS06, (7) OCS07, (8) OCS08, (9) OCS09, and (10) OCS10 for Email Server; and (11) OCS11, (12) OCS12, and (13) OCS13 for Oracle Files. | |||||
| CVE-2005-3455 | 1 Oracle | 1 E-business Suite | 2012-10-23 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.10 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in Application Install; (2) APPS02 and (3) APPS03 in Application Object Library; (4) APPS05 and (5) APPS06 in Applications Technology Stack; (6) APPS07 in Applications Utilities; (7) APPS09, (8) APPS10, and (9) APPS11 in HRMS; (10) APPS12 in Mobile Application Foundation; (11) APPS13 in SDP Number Portability; (12) APPS14 in Oracle Service; (13) APPS15 in Service Fulfillment Manage, (14) APPS16 in Universal Work Queue; and (15) APPS20 in Workflow Cartridge. | |||||
| CVE-2005-3456 | 1 Oracle | 1 E-business Suite | 2012-10-23 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APPS21 in Workflow Cartridge. | |||||
| CVE-2005-3457 | 1 Oracle | 1 E-business Suite | 2012-10-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS. | |||||
| CVE-2005-3458 | 1 Oracle | 1 E-business Suite | 2012-10-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.9 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS19 in Workflow Cartridge. | |||||
| CVE-2005-3459 | 1 Oracle | 2 Clinical, E-business Suite | 2012-10-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS22 in Oracle Clinical. | |||||
| CVE-2005-3460 | 1 Oracle | 2 10g Enterprise Manager Database Control, Enterprise Manager Application Server Control | 2012-10-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager 9.0.4.1 up to 10.1.0.4 has unknown impact and attack vectors, as identified by Oracle Vuln# EM01. | |||||
| CVE-2005-3462 | 1 Oracle | 1 Peoplesoft Enterprise | 2012-10-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.02 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE02. | |||||
| CVE-2005-3464 | 1 Oracle | 1 Peoplesoft Enterprise | 2012-10-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE04. | |||||
| CVE-2005-3465 | 2 Jdedwards, Oracle | 2 Oneworld Xe, Enterpriseone | 2012-10-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in JDEdwards HTML Server in Oracle EnterpriseOne 8.94 OneWorld XE up to 8.95_B1, 8.94_Q1, and SP23_K1 has unknown impact and attack vectors, as identified by Oracle Vuln# JDE01. | |||||
| CVE-2005-3466 | 1 Oracle | 1 Peoplesoft Enterprise Customer Relationship Management | 2012-10-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01. | |||||
| CVE-2005-4006 | 1 Redgraphic | 1 Sapid Cms | 2012-10-22 | 7.5 HIGH | N/A |
| SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php. | |||||
| CVE-2005-4007 | 1 Redgraphic | 1 Sapid Cms | 2012-10-22 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) usr/xml/ddc/authorization.xml. | |||||
| CVE-2005-4246 | 1 Plogger | 1 Plogger | 2012-10-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter. | |||||
| CVE-2005-4247 | 1 Plogger | 1 Plogger | 2012-10-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. | |||||
| CVE-2006-4755 | 1 Accomplishtechnology | 1 Phpmydirectory | 2012-10-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4756 | 1 Accomplishtechnology | 1 Phpmydirectory | 2012-10-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2012-5386 | 1 Nicolas Tormo | 1 Phppaleo | 2012-10-22 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phppaleo4_lang cookie, a different vulnerability than CVE-2012-1671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4315 | 3 Amd, Ati, Microsoft | 3 Catalyst Driver, Catalyst Driver, Windows Vista | 2012-10-18 | 6.9 MEDIUM | N/A |
| The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill". | |||||
| CVE-2012-5311 | 2012-10-16 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0227. Reason: This candidate is a duplicate of CVE-2012-0227. Notes: All CVE users should reference CVE-2012-0227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-4959 | 1 Silverstripe | 1 Silverstripe | 2012-10-15 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-4961 | 1 Silverstripe | 1 Silverstripe | 2012-10-15 | 6.0 MEDIUM | N/A |
| SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups. | |||||
| CVE-2011-5193 | 2 Phpace, Wordpress | 2 Samswhois, Wordpress | 2012-10-15 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194. | |||||
| CVE-2012-0974 | 1 Juan Ramon | 1 Osclass | 2012-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2) sPattern, (3) sPriceMax, and (4) sPriceMin parameters in a search action to index.php. | |||||
| CVE-2012-1627 | 2 Drupal, Marvil07 | 2 Drupal, Vote Up Down | 2012-10-15 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms. | |||||
| CVE-2012-1816 | 1 Emerson | 3 Deltav, Deltav Proessentials Scientific Graph, Deltav Workstation | 2012-10-13 | 5.0 MEDIUM | N/A |
| PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111. | |||||
| CVE-2012-1817 | 1 Emerson | 3 Deltav, Deltav Proessentials Scientific Graph, Deltav Workstation | 2012-10-13 | 7.5 HIGH | N/A |
| Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file. | |||||
| CVE-2012-1818 | 1 Emerson | 3 Deltav, Deltav Proessentials Scientific Graph, Deltav Workstation | 2012-10-13 | 6.4 MEDIUM | N/A |
| An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors. | |||||
| CVE-2011-3814 | 1 K5n | 1 Webcalendar | 2012-10-13 | 5.0 MEDIUM | N/A |
| WebCalendar 1.2.3, and other versions before 1.2.5, allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ws/user_mod.php and certain other files. | |||||
| CVE-2010-0636 | 1 K5n | 1 Webcalendar | 2012-10-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the (1) tab parameter to users.php and the PATH_INFO to (2) day.php, (3) month.php, and (4) week.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0637 | 1 K5n | 1 Webcalendar | 2012-10-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests that (1) delete an event or (2) ban an IP address from posting via unknown vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5067 | 1 Sitracker | 1 Support Incident Tracker | 2012-10-12 | 4.0 MEDIUM | N/A |
| move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message. | |||||
| CVE-2012-4667 | 1 Darold | 1 Squidclamav | 2012-10-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) virus, (3) source, or (4) user parameter to (a) clwarn.cgi, (b) clwarn.cgi.de_DE, (c) clwarn.cgi.en_EN, (d) clwarn.cgi.fr_FR, (e) clwarn.cgi.pt_BR, or (f) clwarn.cgi.ru_RU in cgi-bin/. | |||||
| CVE-2012-5379 | 1 Activestate | 1 Activepython | 2012-10-11 | 6.0 MEDIUM | N/A |
| ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the ActivePython installation. | |||||
| CVE-2012-5380 | 1 Ruby-lang | 1 Ruby | 2012-10-11 | 6.0 MEDIUM | N/A |
| ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation. | |||||
| CVE-2002-1275 | 1 Html2ps Project | 1 Html2ps | 2012-10-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when used within LPRng, allows remote attackers to execute arbitrary code via "unsanitized input." | |||||
| CVE-2012-5345 | 1 Kepler Lam | 1 Iptools | 2012-10-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to cause a denial of service (crash) via a long string to TCP port 23. | |||||
| CVE-2012-3977 | 2012-10-09 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4930. Reason: This candidate is a duplicate of CVE-2012-4930. Notes: All CVE users should reference CVE-2012-4930 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-4342 | 2 Backwpup, Wordpress | 2 Backwpup, Wordpress | 2012-10-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter. | |||||
| CVE-2011-4927 | 1 Redmine | 1 Redmine | 2012-10-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors. | |||||
| CVE-2011-4928 | 1 Redmine | 1 Redmine | 2012-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-4929 | 1 Redmine | 1 Redmine | 2012-10-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2011-5208 | 2 Backwpup, Wordpress | 2 Backwpup, Wordpress | 2012-10-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/options-view_log-iframe.php or (2) app/options-runnow-iframe.php. | |||||
| CVE-2012-1189 | 2 Bernhard Wymann, Speed-dreams | 2 Torcs, Speed Dreams | 2012-10-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file. | |||||
| CVE-2012-4342 | 1 Menalto | 1 Gallery | 2012-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5318 | 2 Kishore Asokan, Wordpress | 2 Kish Guest Posting Plugin, Wordpress | 2012-10-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125. | |||||
| CVE-2010-5276 | 2 Drupal, Memcache Project | 2 Drupal, Memcache | 2012-10-08 | 4.3 MEDIUM | N/A |
| The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again." | |||||
| CVE-2010-5063 | 1 Vwar | 1 Virtual War | 2012-10-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter. | |||||
| CVE-2010-5064 | 1 Vwar | 1 Virtual War | 2012-10-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php. | |||||
| CVE-2010-5065 | 1 Vwar | 1 Virtual War | 2012-10-08 | 5.0 MEDIUM | N/A |
| popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action. | |||||