Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1522 | 1 Doctrine-project | 5 Doctrine, Doctrine1.2.0, Doctrine1.2.1 and 2 more | 2011-05-31 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field. | |||||
| CVE-2011-1900 | 1 Indusoft | 1 Web Studio | 2011-05-31 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request. | |||||
| CVE-2011-1901 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2011-05-31 | 7.5 HIGH | N/A |
| The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2011-1902 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2011-05-31 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2011-1903 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2011-05-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2011-1904 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2011-05-31 | 7.5 HIGH | N/A |
| An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue. | |||||
| CVE-2011-1905 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2011-05-31 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors. | |||||
| CVE-2011-1906 | 1 Trustwave | 1 Webdefend | 2011-05-31 | 5.0 MEDIUM | N/A |
| Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756. | |||||
| CVE-2010-4284 | 1 Samsung | 1 Data Management Server | 2011-05-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-0426 | 1 Vmware | 2 Vcenter, Virtualcenter | 2011-05-27 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2011-1323 | 2 Nec, Yamaha | 52 Ip38x\/1000, Ip38x\/103, Ip38x\/105 and 49 more | 2011-05-27 | 7.8 HIGH | N/A |
| Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted option that triggers access to an invalid memory location. | |||||
| CVE-2011-1324 | 1 Buffalotech | 43 As-100, Bbr-4hg, Bbr-4hg Firmware and 40 more | 2011-05-27 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. | |||||
| CVE-2011-1758 | 1 Fedoraproject | 1 Sssd | 2011-05-27 | 3.7 LOW | N/A |
| The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname. | |||||
| CVE-2010-4806 | 1 Ibm | 1 Web Content Manager | 2011-05-26 | 4.0 MEDIUM | N/A |
| The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges. | |||||
| CVE-2011-1325 | 1 Lockon | 1 Ec-cube | 2011-05-26 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2011-1789 | 1 Vmware | 3 Esx, Esxi, Vcenter | 2011-05-26 | 5.0 MEDIUM | N/A |
| The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer. | |||||
| CVE-2011-2074 | 2 Apple, Skype | 2 Mac Os X, Skype | 2011-05-26 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message. | |||||
| CVE-2006-7245 | 1 Monkeysaudio | 1 Monkey\'s Audio | 2011-05-25 | 4.3 MEDIUM | N/A |
| Monkey's Audio before 4.01b2 allows remote attackers to cause a denial of service (application crash) via an APX file that lacks NULL termination. | |||||
| CVE-2007-4311 | 1 Linux | 1 Linux Kernel | 2011-05-25 | 6.8 MEDIUM | N/A |
| The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator. | |||||
| CVE-2011-0612 | 1 Adobe | 1 Flash Media Server | 2011-05-25 | 5.0 MEDIUM | N/A |
| Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, allows remote attackers to cause a denial of service (XML data corruption) via unspecified vectors. | |||||
| CVE-2011-0613 | 1 Adobe | 2 Robohelp, Robohelp Server | 2011-05-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/. | |||||
| CVE-2011-0615 | 1 Adobe | 1 Audition | 2011-05-25 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data in unspecified fields in the TRKM chunk in an Audition Session (aka .ses) file, related to inconsistent use of character data types. | |||||
| CVE-2011-2169 | 1 Google | 1 Chrome Os | 2011-05-25 | 7.2 HIGH | N/A |
| Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it. | |||||
| CVE-2007-1460 | 1 Php | 1 Php | 2011-05-24 | 5.0 MEDIUM | N/A |
| The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories. | |||||
| CVE-2009-5075 | 1 Monkeysaudio | 1 Monkey\'s Audio | 2011-05-24 | 4.3 MEDIUM | N/A |
| Monkey's Audio before 4.02 allows remote attackers to cause a denial of service (application crash) via a malformed APE file. | |||||
| CVE-2011-1327 | 1 Trendmicro | 1 Trend Micro Internet Security | 2011-05-24 | 2.1 LOW | N/A |
| The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a keylogger. | |||||
| CVE-2011-2164 | 1 Adobe | 1 Photoshop | 2011-05-24 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 have unknown impact and attack vectors. | |||||
| CVE-2010-4705 | 1 Ffmpeg | 1 Ffmpeg | 2011-05-24 | 9.3 HIGH | N/A |
| Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480. | |||||
| CVE-2011-2162 | 3 Ffmpeg, Mandriva, Mplayerhq | 5 Ffmpeg, Corporate Server, Enterprise Server and 2 more | 2011-05-23 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers." | |||||
| CVE-2005-1928 | 1 Trend Micro | 1 Serverprotect Earthagent | 2011-05-20 | 7.8 HIGH | N/A |
| Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak. | |||||
| CVE-2005-2819 | 1 Eric Fichot | 1 Downfile | 2011-05-19 | 7.5 HIGH | N/A |
| DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php. | |||||
| CVE-2005-2936 | 1 Realnetworks | 2 Realone Player, Realplayer | 2011-05-19 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file. | |||||
| CVE-2005-3570 | 1 Horde | 1 Horde | 2011-05-19 | 4.3 MEDIUM | N/A |
| Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages". | |||||
| CVE-2005-4045 | 1 Sun | 1 Java Communications Services Delegated Administrator | 2011-05-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (TLA) default password via unknown vectors, possibly involving configure_toplevel_admin.ldif. | |||||
| CVE-2005-4093 | 1 Checkpoint | 2 Secureclient Ng, Vpn-1 Secureclient | 2011-05-18 | 6.5 MEDIUM | N/A |
| Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint. | |||||
| CVE-2007-0436 | 1 Barron Mccann | 4 Install, X-kryptor Driver, X-kryptor Secure Client and 1 more | 2011-05-18 | 4.6 MEDIUM | N/A |
| Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS1472) in X-Kryptor Secure Client does not drop privileges when launching an Explorer window in response to a help command, which allows local users to gain LocalSystem privileges via interactive use of Explorer. | |||||
| CVE-2007-2388 | 2 Apple, Microsoft | 3 Mac Os X, Quicktime, All Windows | 2011-05-18 | 9.3 HIGH | N/A |
| Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations. | |||||
| CVE-2007-4430 | 1 Cisco | 5 Cbos, Cli, Ids and 2 more | 2011-05-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access. | |||||
| CVE-2007-6354 | 1 Aertherwide | 1 Exiftags | 2011-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6355. | |||||
| CVE-2007-6355 | 1 Aertherwide | 1 Exiftags | 2011-05-13 | 10.0 HIGH | N/A |
| Integer overflow in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6354. | |||||
| CVE-2007-5652 | 1 Ibm | 1 Db2 | 2011-05-12 | 7.8 HIGH | N/A |
| IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related. | |||||
| CVE-2011-0792 | 1 Oracle | 2 Database Server, Warehouse Builder | 2011-05-12 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 (OWB) and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Dimensional Data Modeling. | |||||
| CVE-2011-1717 | 1 Skype | 1 Skype For Android | 2011-05-11 | 2.1 LOW | N/A |
| Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information. | |||||
| CVE-2010-4746 | 1 Fedoraproject | 1 389 Directory Server | 2011-05-11 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019. | |||||
| CVE-2011-1501 | 2011-05-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1571. Reason: This candidate is a duplicate of CVE-2011-1571. Notes: All CVE users should reference CVE-2011-1571 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2010-0362 | 1 Zeus | 1 Zeus Web Server | 2011-05-06 | 5.0 MEDIUM | N/A |
| Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses. | |||||
| CVE-2010-4156 | 2 Php, Scottmac | 2 Php, Libmbfl | 2011-05-04 | 5.0 MEDIUM | N/A |
| The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). | |||||
| CVE-2010-2950 | 1 Php | 1 Php | 2011-05-04 | 6.8 MEDIUM | N/A |
| Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094. | |||||
| CVE-2010-0350 | 2 Arco Van Geest, Typo3 | 2 Goof Fotoboek, Typo3 | 2011-05-02 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors. | |||||
| CVE-2007-6372 | 1 Juniper | 1 Junos | 2011-04-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. | |||||