Vulnerabilities (CVE)

Total 243253 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-1842 1 Ubuntu 1 Language-selector 2023-12-10 7.2 HIGH N/A
dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.
CVE-2009-4775 1 Ipswitch 1 Ws Ftp 2023-12-10 4.3 MEDIUM N/A
Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response.
CVE-2009-4143 1 Php 1 Php 2023-12-10 10.0 HIGH N/A
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
CVE-2010-2611 1 I-netsolution 1 Job Search Engine Script 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in show_search_result.php in i-netsolution Job Search Engine allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
CVE-2011-2130 6 Adobe, Apple, Google and 3 more 7 Adobe Air, Flash Player, Mac Os X and 4 more 2023-12-10 10.0 HIGH N/A
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
CVE-2009-4246 3 Apple, Microsoft, Realnetworks 6 Mac Os X, Windows, Helix Player and 3 more 2023-12-10 9.3 HIGH N/A
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.
CVE-2010-3658 1 Adobe 2 Acrobat, Acrobat Reader 2023-12-10 9.3 HIGH N/A
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.
CVE-2010-2674 1 Alanzard 1 Tsoka\ 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action.
CVE-2011-1340 1 Plone 1 Plone 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.
CVE-2010-3275 1 Videolan 1 Vlc Media Player 2023-12-10 9.3 HIGH N/A
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
CVE-2011-1868 1 Microsoft 3 Windows 2003 Server, Windows Server 2003, Windows Xp 2023-12-10 10.0 HIGH N/A
The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
CVE-2010-4993 2 Joomla, Kay Messerschmidt 2 Joomla\!, Com Eventcal 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2011-3448 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 6.8 MEDIUM N/A
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
CVE-2010-1312 2 Ijoomla, Joomla 2 Com News Portal, Joomla\! 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-2090 2 Ibm, Microsoft 3 Aix, Communications Server, Windows 2023-12-10 5.0 MEDIUM N/A
The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small.
CVE-2011-3000 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2023-12-10 4.3 MEDIUM N/A
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.
CVE-2011-1625 1 Cisco 1 Ios 2023-12-10 5.4 MEDIUM N/A
Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing window," aka Bug ID CSCtf74999, a different vulnerability than CVE-2007-0199, CVE-2008-1152, and CVE-2009-0629.
CVE-2010-3126 1 Avast 1 Avast Antivirus Free 2023-12-10 9.3 HIGH N/A
Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file.
CVE-2009-2750 1 Ibm 1 Websphere Service Registry And Repository 2023-12-10 5.5 MEDIUM N/A
IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query.
CVE-2011-0379 1 Cisco 13 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 and 10 more 2023-12-10 7.9 HIGH N/A
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco TelePresence Manager 1.2.x, 1.3.x, 1.4.x, 1.5.x, and 1.6.2 allows remote attackers to execute arbitrary code via a crafted Cisco Discovery Protocol packet, aka Bug IDs CSCtd75769, CSCtd75766, CSCtd75754, and CSCtd75761.