Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1035 | 1 Adacore | 1 Ada Web Services | 2012-02-09 | 5.0 MEDIUM | N/A |
| AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2012-0314 | 1 Emobile | 2 Pocket Wifi, Pocket Wifi Firmware | 2012-02-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device. | |||||
| CVE-2011-5077 | 1 Hudong | 1 Hdwiki | 2012-02-08 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in attachement.php in HDWiki 5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in image directory. | |||||
| CVE-2011-5076 | 1 Hudong | 1 Hdwiki | 2012-02-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4114 | 1 Roderich Schupp | 1 Par-packer Module | 2012-02-08 | 3.3 LOW | N/A |
| The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier. | |||||
| CVE-2011-5061 | 1 Whmcs | 1 Whmcompletesolution | 2012-02-08 | 7.5 HIGH | N/A |
| functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field. | |||||
| CVE-2011-5066 | 1 Ibm | 1 Websphere Application Server | 2012-02-08 | 2.1 LOW | N/A |
| The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file. | |||||
| CVE-2012-0039 | 1 Gnome | 1 Glib | 2012-02-08 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. | |||||
| CVE-2012-1004 | 1 Foswiki | 1 Foswiki | 2012-02-08 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1019 | 1 Xwiki | 1 Xwiki Enterprise | 2012-02-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/DownloadFeedback. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1025 | 1 Dream-multimedia-tv | 1 Enigma2 Webinterface | 2012-02-08 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter. | |||||
| CVE-2005-3877 | 1 Cafuego | 1 Simple Document Management System | 2012-02-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php. | |||||
| CVE-2010-4986 | 1 Cafuego | 1 Simple Document Management System | 2012-02-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter. | |||||
| CVE-2011-3531 | 1 Oracle | 1 Fusion Middleware | 2012-02-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect availability via unknown vectors related to Web Services Security. | |||||
| CVE-2011-3565 | 1 Oracle | 1 Communications Unified | 2012-02-07 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Calendar Server. | |||||
| CVE-2011-3569 | 1 Oracle | 1 Fusion Middleware | 2012-02-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Web Services Security. | |||||
| CVE-2011-3570 | 1 Oracle | 1 Communications Unified | 2012-02-07 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server. | |||||
| CVE-2011-3573 | 1 Oracle | 1 Communications Unified | 2012-02-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Communications Unified 7.0 allows remote authenticated users to affect availability via unknown vectors related to Calendar Server. | |||||
| CVE-2011-3574 | 1 Oracle | 1 Communications Unified | 2012-02-07 | 3.3 LOW | N/A |
| Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality and integrity via unknown vectors related to Calendar Server. | |||||
| CVE-2011-4508 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-07 | 9.3 HIGH | N/A |
| The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. | |||||
| CVE-2011-4867 | 2 Android, Tencent | 2 Android, Qqpphoto | 2012-02-07 | 5.8 MEDIUM | N/A |
| The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application. | |||||
| CVE-2011-1941 | 1 Phpmyadmin | 1 Phpmyadmin | 2012-02-06 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2011-3444 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-06 | 4.3 MEDIUM | N/A |
| Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network. | |||||
| CVE-2011-3874 | 1 Google | 1 Android | 2012-02-06 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error. | |||||
| CVE-2011-4143 | 1 Rsa | 1 Envision | 2012-02-06 | 5.0 MEDIUM | N/A |
| EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. | |||||
| CVE-2011-4509 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-06 | 10.0 HIGH | N/A |
| The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. | |||||
| CVE-2011-4510 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511. | |||||
| CVE-2011-4511 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510. | |||||
| CVE-2011-4512 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-06 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2011-4513 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-06 | 10.0 HIGH | N/A |
| Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader. | |||||
| CVE-2011-4514 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-06 | 10.0 HIGH | N/A |
| The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. | |||||
| CVE-2012-0311 | 1 Oscommerce | 1 Oscommerce | 2012-02-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-0312 | 1 Oscommerce | 2 Online Merchant, Oscommerce | 2012-02-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-0395 | 1 Emc | 1 Networker | 2012-02-06 | 9.3 HIGH | N/A |
| Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-4559 | 2012-02-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4670, CVE-2010-4671. Reason: This candidate is a duplicate of CVE-2010-4670 and CVE-2010-4671. Notes: All CVE users should reference CVE-2010-4670 and/or CVE-2010-4671 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2010-4560 | 2012-02-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4669. Reason: This candidate is a duplicate of CVE-2010-4669. Notes: All CVE users should reference CVE-2010-4669 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-3657 | 1 Mozilla | 1 Bugzilla | 2012-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when debug mode is used, allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) tabular report, (2) graphical report, or (3) new chart. | |||||
| CVE-2011-2937 | 1 Roundcube | 1 Webmail | 2012-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. | |||||
| CVE-2011-0200 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-04 | 6.8 MEDIUM | N/A |
| Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow. | |||||
| CVE-2011-3452 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 4.3 MEDIUM | N/A |
| Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network. | |||||
| CVE-2010-4562 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2012-02-03 | 4.3 MEDIUM | N/A |
| Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. | |||||
| CVE-2010-4563 | 1 Linux | 1 Linux Kernel | 2012-02-03 | 5.0 MEDIUM | N/A |
| The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. | |||||
| CVE-2011-2393 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2012-02-03 | 7.8 HIGH | N/A |
| The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670. | |||||
| CVE-2011-3446 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 7.5 HIGH | N/A |
| Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book. | |||||
| CVE-2011-3447 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 4.3 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL. | |||||
| CVE-2011-3448 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. | |||||
| CVE-2011-3449 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. | |||||
| CVE-2011-3450 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 6.8 MEDIUM | N/A |
| CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL. | |||||
| CVE-2011-3462 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 5.0 MEDIUM | N/A |
| Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803. | |||||
| CVE-2011-3463 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 7.2 HIGH | N/A |
| WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory. | |||||