Total
246430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-0764 | 1 Kuwaitphp | 1 Esmile | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action. | |||||
CVE-2009-4669 | 1 Beaussier | 1 Roomphplanning | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php, and allow (3) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/userform.php. | |||||
CVE-2010-0860 | 1 Oracle | 1 Database Server | 2023-12-10 | 7.1 HIGH | N/A |
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to the Create User privilege. | |||||
CVE-2010-3269 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2023-12-10 | 9.3 HIGH | N/A |
Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism. | |||||
CVE-2009-4957 | 1 Interspire | 1 Activekb | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter. | |||||
CVE-2010-2167 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2023-12-10 | 9.3 HIGH | N/A |
Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data. | |||||
CVE-2010-1929 | 1 Novell | 1 Imanager | 2023-12-10 | 9.0 HIGH | N/A |
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc. | |||||
CVE-2010-2703 | 2 Hp, Microsoft | 2 Openview Network Node Manager, Windows | 2023-12-10 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe. | |||||
CVE-2011-1244 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2023-12-10 | 5.8 MEDIUM | N/A |
Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." | |||||
CVE-2011-0406 | 1 Wellintech | 1 Kingview | 2023-12-10 | 10.0 HIGH | N/A |
Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777. | |||||
CVE-2010-4738 | 1 Raemedia | 1 Real Estate Single And Multi Agent System | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System. | |||||
CVE-2011-0729 | 1 Ubuntu | 1 Language-selector | 2023-12-10 | 7.2 HIGH | N/A |
dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call. | |||||
CVE-2010-0563 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. | |||||
CVE-2010-1397 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type. | |||||
CVE-2010-3742 | 1 Dustincowell | 1 Free Simple Cms | 2023-12-10 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) meta or (2) phpincdir parameter, a different issue than CVE-2010-3307. | |||||
CVE-2010-0650 | 3 Apple, Canonical, Google | 3 Safari, Ubuntu Linux, Chrome | 2023-12-10 | 2.6 LOW | N/A |
WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. | |||||
CVE-2012-0109 | 1 Sun | 1 Sunos | 2023-12-10 | 3.6 LOW | N/A |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP. | |||||
CVE-2011-1715 | 2 Eyeos, Qooxdoo | 2 Eyeos, Qooxdoo | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter. | |||||
CVE-2011-4564 | 1 Activedev | 1 Active Cms | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action. | |||||
CVE-2010-2079 | 1 Magnoware | 1 Datatrack System | 2023-12-10 | 5.0 MEDIUM | N/A |
DataTrack System 3.5 allows remote attackers to bypass intended restrictions on file extensions, and read arbitrary files, via a trailing backslash in a URI, as demonstrated by (1) web.config\ and (2) .ascx\ files. |