Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4924 | 1 Clearbudget | 1 Clearbudget | 2012-05-14 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party. | |||||
| CVE-2010-4929 | 2 Joomla, Joostina-cms | 2 Joomla\!, Com Ezautos | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php. | |||||
| CVE-2010-4932 | 1 Khader Abbeb | 1 Entrans | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Entrans before 0.3.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2010-4934 | 1 Svcreation | 1 Get Tube | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-4935 | 1 Khader Abbeb | 1 Entrans | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2010-4938 | 1 Joomla | 2 Com Weblinks, Joomla\! | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4939 | 1 Scripts.bdr130 | 1 Mailform | 2012-05-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter. | |||||
| CVE-2010-4943 | 1 Brothersoft | 1 Saurus Cms | 2012-05-14 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php. | |||||
| CVE-2010-4946 | 1 Allpcscript | 1 Allpc | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. | |||||
| CVE-2010-4947 | 1 Allpcscript | 1 Allpc | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | |||||
| CVE-2010-4948 | 1 Phpgalleryscript | 1 Php Free Photo Gallery | 2012-05-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in PHP Free Photo Gallery script allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2010-4950 | 2 Joachim Ruhs, Typo3 | 2 Event, Typo3 | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4951 | 2 Thomas Mammitzsch, Typo3 | 2 Vx Xajax Shoutbox, Typo3 | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4964 | 1 Dlink | 2 Dcs-2121, Dcs-2121 Firmware | 2012-05-14 | 9.0 HIGH | N/A |
| recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability. | |||||
| CVE-2010-4965 | 1 Dlink | 2 Dcs-2121, Dcs-2121 Firmware | 2012-05-14 | 9.0 HIGH | N/A |
| /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server. | |||||
| CVE-2010-4966 | 1 Atcom | 1 Netvolution | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action. | |||||
| CVE-2011-0333 | 1 Novell | 1 Groupwise | 2012-05-14 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error." | |||||
| CVE-2011-0334 | 1 Novell | 1 Groupwise | 2012-05-14 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file. | |||||
| CVE-2011-0459 | 1 Cyber-ark | 1 Password Vault Web Access | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-0945 | 1 Cisco | 2 Ios, Ios Xe | 2012-05-14 | 7.8 HIGH | N/A |
| Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Sequence Transport (FST), allows remote attackers to cause a denial of service (memory consumption and device reload or hang) via a crafted IP protocol 91 packet, aka Bug ID CSCth69364. | |||||
| CVE-2011-1159 | 1 Tedfelix | 1 Acpid | 2012-05-14 | 2.1 LOW | N/A |
| acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls. | |||||
| CVE-2011-1221 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-05-14 | 4.3 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947. | |||||
| CVE-2011-1827 | 1 Checkpoint | 3 Connectra Ngx, Vpn-1, Vpn-1 Firewall-1 Vsx | 2012-05-14 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet. | |||||
| CVE-2011-2042 | 1 Cisco | 1 Ciscoworks Common Services | 2012-05-14 | 5.0 MEDIUM | N/A |
| The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018. | |||||
| CVE-2011-2190 | 1 Cherokee-project | 1 Cherokee | 2012-05-14 | 2.1 LOW | N/A |
| The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack. | |||||
| CVE-2011-2218 | 1 Novell | 1 Groupwise | 2012-05-14 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2219. | |||||
| CVE-2011-2219 | 1 Novell | 1 Groupwise | 2012-05-14 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vulnerability than CVE-2011-2218. | |||||
| CVE-2011-2301 | 1 Oracle | 1 Database Server | 2012-05-14 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Text component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to CTXSYS.DRVDISP. | |||||
| CVE-2011-2316 | 1 Oracle | 1 Siebel Crm | 2012-05-14 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Siebel Apps - Marketing component in Oracle Siebel CRM 8.0.0 allows remote attackers to affect integrity via unknown vectors related to Email Marketing. | |||||
| CVE-2011-2322 | 1 Oracle | 1 Database Server | 2012-05-14 | 3.6 LOW | N/A |
| Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect integrity and availability, related to SYSDBA. | |||||
| CVE-2011-2661 | 1 Novell | 1 Groupwise | 2012-05-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter. | |||||
| CVE-2011-2662 | 1 Novell | 1 Groupwise | 2012-05-14 | 10.0 HIGH | N/A |
| Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message. | |||||
| CVE-2011-3270 | 1 Cisco | 2 10008 Router, Ios | 2012-05-14 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and 15.0S before 15.0(1)S3a on Cisco 10000 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of crafted ICMP packets, aka Bug ID CSCtk62453. | |||||
| CVE-2011-3271 | 1 Cisco | 1 Ios | 2012-05-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165. | |||||
| CVE-2011-3273 | 1 Cisco | 1 Ios | 2012-05-14 | 7.8 HIGH | N/A |
| Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Firewall (aka ZBFW) is configured, allows remote attackers to cause a denial of service (memory consumption or device crash) via vectors that trigger many session creation flows, aka Bug ID CSCti79848. | |||||
| CVE-2011-3274 | 1 Cisco | 2 Ios, Ios Xe | 2012-05-14 | 6.1 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCto07919. | |||||
| CVE-2011-3275 | 1 Cisco | 2 Ios, Ios Xe | 2012-05-14 | 7.8 HIGH | N/A |
| Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted SIP message, aka Bug ID CSCti48504. | |||||
| CVE-2011-3276 | 1 Cisco | 2 Ios, Ios Xe | 2012-05-14 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) by sending crafted SIP packets to TCP port 5060, aka Bug ID CSCso02147. | |||||
| CVE-2011-3281 | 1 Cisco | 1 Ios | 2012-05-14 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTP packet, aka Bug ID CSCto68554. | |||||
| CVE-2011-3282 | 1 Cisco | 2 Ios, Ios Xe | 2012-05-14 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device reload) via an ICMPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCtj30155. | |||||
| CVE-2011-3287 | 1 Cisco | 1 Jabber Extensible Communications Platform | 2012-05-14 | 7.8 HIGH | N/A |
| Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564. | |||||
| CVE-2011-3288 | 1 Cisco | 1 Unified Presence | 2012-05-14 | 7.8 HIGH | N/A |
| Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564. | |||||
| CVE-2011-4170 | 1 Gnome | 1 Empathy | 2012-05-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635. | |||||
| CVE-2011-4703 | 2 Android, Nathanielkh | 2 Android, Limit My Call | 2012-05-13 | 5.8 MEDIUM | N/A |
| The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application. | |||||
| CVE-2011-4769 | 2 360, Android | 2 Mobilesafe, Android | 2012-05-13 | 5.8 MEDIUM | N/A |
| The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before 2.3.0 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. | |||||
| CVE-2011-4770 | 2 Android, Qiwi | 2 Android, Wallet | 2012-05-13 | 5.8 MEDIUM | N/A |
| The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application. | |||||
| CVE-2011-4771 | 2 Android, Lucion | 2 Android, Scan To Pdf Free | 2012-05-13 | 5.8 MEDIUM | N/A |
| The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application. | |||||
| CVE-2011-4772 | 2 360, Android | 2 Kouxin, Android | 2012-05-13 | 5.8 MEDIUM | N/A |
| The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. | |||||
| CVE-2011-4777 | 2 Microsoft, Parallels | 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel | 2012-05-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to inject arbitrary web script or HTML via the login parameter to preferences.html. | |||||
| CVE-2011-3212 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-12 | 2.1 LOW | N/A |
| CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device. | |||||