Total
248749 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4453 | 1 Pmwiki | 1 Pmwiki | 2023-12-10 | 7.5 HIGH | N/A |
| The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function. | |||||
| CVE-2009-4377 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | N/A |
| The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap. | |||||
| CVE-2011-1681 | 1 Vmware | 1 Open-vm-tools | 2023-12-10 | 3.3 LOW | N/A |
| vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | |||||
| CVE-2011-2747 | 1 Google | 1 Picasa | 2023-12-10 | 9.3 HIGH | N/A |
| Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file. | |||||
| CVE-2011-1566 | 1 7t | 1 Igss | 2023-12-10 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397. | |||||
| CVE-2010-3485 | 1 Lightneasy | 1 Lightneasy | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1874 | 2 Com-property, Joomla | 2 Com Properties, Joomla\! | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1062 | 1 Taskfreak | 1 Taskfreak\! | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1975 | 1 Postgresql | 1 Postgresql | 2023-12-10 | 5.5 MEDIUM | N/A |
| PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement. | |||||
| CVE-2011-2676 | 2 Ark-web, Six Apart | 5 A-form, A-form Bamboo, A-form Pc and 2 more | 2023-12-10 | 5.5 MEDIUM | N/A |
| The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors. | |||||
| CVE-2011-0638 | 1 Microsoft | 1 Windows | 2023-12-10 | 6.9 MEDIUM | N/A |
| Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. | |||||
| CVE-2011-3422 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 4.3 MEDIUM | N/A |
| The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. | |||||
| CVE-2011-3394 | 1 Myrephp | 1 Myre Real Estate Software | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2010-0578 | 1 Cisco | 4 7200 Router, 7301 Router, Ios and 1 more | 2023-12-10 | 7.8 HIGH | N/A |
| The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491. | |||||
| CVE-2009-4511 | 1 Vsecurity | 1 Tandberg Video Communication Server | 2023-12-10 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Video Communication Server (VCS) before X5.1 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to (1) helppage.php or (2) user/helppage.php. | |||||
| CVE-2010-5008 | 1 Denaliintranet | 1 Brightsuite Groupware | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter. | |||||
| CVE-2010-2829 | 1 Cisco | 2 Ios, Ios Xe | 2023-12-10 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via crafted H.323 packets, aka Bug ID CSCtd33567. | |||||
| CVE-2011-1064 | 1 Qibosoft | 1 Qi Bo Cms | 2023-12-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter. | |||||
| CVE-2009-4381 | 1 Texmedia | 1 Million Pixel Script | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-0601 | 1 Apple | 2 Iphone Os, Itunes | 2023-12-10 | 9.3 HIGH | N/A |
| WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | |||||