Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2596 | 1 Siemens | 1 Wincc | 2012-06-12 | 5.5 MEDIUM | N/A |
| The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack. | |||||
| CVE-2012-2597 | 1 Siemens | 1 Wincc | 2012-06-12 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL. | |||||
| CVE-2012-2598 | 1 Siemens | 1 Wincc | 2012-06-12 | 4.3 MEDIUM | N/A |
| Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. | |||||
| CVE-2012-2959 | 1 Bmc | 1 Identity Management Suite | 2012-06-12 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords. | |||||
| CVE-2012-3003 | 1 Siemens | 1 Wincc | 2012-06-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request. | |||||
| CVE-2012-3290 | 3 Acer, Google, Samsung | 6 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 3 more | 2012-06-12 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack vectors. | |||||
| CVE-2012-3343 | 1 Bloxx | 1 Web Filtering | 2012-06-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564. | |||||
| CVE-2012-1236 | 1 Janetter | 1 Janetter | 2012-06-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands. | |||||
| CVE-2011-4237 | 1 Cisco | 2 Ciscoworks Common Services, Prime Lan Management Solution | 2012-06-09 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693. | |||||
| CVE-2011-3293 | 1 Cisco | 1 Secure Access Control Server | 2012-06-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143. | |||||
| CVE-2011-3317 | 1 Cisco | 1 Secure Access Control Server | 2012-06-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192. | |||||
| CVE-2007-5540 | 1 Opera | 1 Opera Browser | 2012-06-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors. | |||||
| CVE-2011-4964 | 2012-06-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2667. Reason: This candidate is a duplicate of CVE-2012-2667. Notes: All CVE users should reference CVE-2012-2667 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2008-1082 | 1 Opera | 1 Opera Browser | 2012-06-07 | 4.3 MEDIUM | N/A |
| Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. | |||||
| CVE-2008-1081 | 1 Opera | 1 Opera Browser | 2012-06-07 | 6.8 MEDIUM | N/A |
| Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. | |||||
| CVE-2008-1080 | 1 Opera | 1 Opera Browser | 2012-06-07 | 6.8 MEDIUM | N/A |
| Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. | |||||
| CVE-2008-5681 | 1 Opera | 1 Opera Browser | 2012-06-07 | 4.3 MEDIUM | N/A |
| Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs. | |||||
| CVE-2008-5682 | 1 Opera | 1 Opera Browser | 2012-06-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. | |||||
| CVE-2008-5683 | 1 Opera | 1 Opera Browser | 2012-06-07 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. | |||||
| CVE-2009-2070 | 1 Opera | 1 Opera Browser | 2012-06-07 | 6.8 MEDIUM | N/A |
| Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | |||||
| CVE-2009-0916 | 1 Opera | 1 Opera Browser | 2012-06-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue." | |||||
| CVE-2012-2630 | 1 Bandainamcogames | 1 Madomagi-ip Android | 2012-06-06 | 4.3 MEDIUM | N/A |
| The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2011-5093 | 1 Bestpractical | 1 Rt | 2012-06-05 | 6.5 MEDIUM | N/A |
| Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092. | |||||
| CVE-2011-5092 | 1 Bestpractical | 1 Rt | 2012-06-05 | 7.5 HIGH | N/A |
| Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093. | |||||
| CVE-2012-1252 | 1 Rssowl | 1 Rssowl | 2012-06-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760. | |||||
| CVE-2011-3493 | 1 Cogentdatahub | 1 Cogent Datahub | 2012-06-04 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands. | |||||
| CVE-2010-3714 | 1 Typo3 | 1 Typo3 | 2012-06-01 | 7.1 HIGH | N/A |
| The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2010-2491 | 1 Roundup-tracker | 1 Roundup | 2012-05-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program. | |||||
| CVE-2011-3772 | 1 Php-collab | 1 Phpcollab | 2012-05-31 | 5.0 MEDIUM | N/A |
| phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/noti_newtopic.php and certain other files. | |||||
| CVE-2011-3779 | 1 Idevspot | 1 Phphostbot | 2012-05-31 | 5.0 MEDIUM | N/A |
| PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/create_acct.php and certain other files. | |||||
| CVE-2011-4019 | 1 Cisco | 2 Ios, Unified Communications Manager | 2012-05-30 | 5.4 MEDIUM | N/A |
| Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883. | |||||
| CVE-2012-2949 | 2 Google, Zte | 2 Android, Score M | 2012-05-30 | 10.0 HIGH | N/A |
| The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application. | |||||
| CVE-2012-0657 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-30 | 2.1 LOW | N/A |
| Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. | |||||
| CVE-2012-0658 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-30 | 6.8 MEDIUM | N/A |
| Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. | |||||
| CVE-2012-0659 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-30 | 6.8 MEDIUM | N/A |
| Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | |||||
| CVE-2012-0660 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-30 | 6.8 MEDIUM | N/A |
| Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | |||||
| CVE-2012-0662 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-30 | 7.5 HIGH | N/A |
| Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. | |||||
| CVE-2012-0675 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-30 | 4.3 MEDIUM | N/A |
| Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. | |||||
| CVE-2011-4232 | 1 Cisco | 1 Unified Meetingplace | 2012-05-30 | 5.0 MEDIUM | N/A |
| The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070. | |||||
| CVE-2012-2435 | 1 Pligg | 1 Pligg Cms | 2012-05-29 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks. | |||||
| CVE-2012-1413 | 1 Zen-cart | 1 Zen Cart | 2012-05-28 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php. | |||||
| CVE-2012-1792 | 1 Oscommerce | 1 Online Merchant | 2012-05-28 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges. | |||||
| CVE-2012-1824 | 1 Measuresoft | 2 Scadapro Client, Scadapro Server | 2012-05-28 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2012-2235 | 1 Sitracker | 1 Support Incident Tracker | 2012-05-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message. | |||||
| CVE-2012-2426 | 1 Xarrow | 1 Xarrow | 2012-05-28 | 7.8 HIGH | N/A |
| The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors. | |||||
| CVE-2012-2427 | 1 Xarrow | 1 Xarrow | 2012-05-28 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation. | |||||
| CVE-2012-2428 | 1 Xarrow | 1 Xarrow | 2012-05-28 | 10.0 HIGH | N/A |
| Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation. | |||||
| CVE-2012-2429 | 1 Xarrow | 1 Xarrow | 2012-05-28 | 10.0 HIGH | N/A |
| The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-2338 | 1 Johan Cwiklinski | 1 Galette | 2012-05-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php. | |||||
| CVE-2012-0296 | 1 Symantec | 1 Web Gateway | 2012-05-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||