Total
248586 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4268 | 2 Joomla, Pulseinfotech | 2 Joomla\!, Com Flipwall | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
CVE-2011-2776 | 1 Robert Luberda | 1 Super | 2023-12-10 | 4.4 MEDIUM | N/A |
Buffer overflow in the Error function in super.c in Super 3.30.0 might allow local users to execute arbitrary code via vectors related to syslog logging. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-2670 | 1 Brotherscripts | 1 Recipe Website | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2011-0559 | 1 Adobe | 1 Flash Player | 2023-12-10 | 9.3 HIGH | N/A |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a different vulnerability than CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608. | |||||
CVE-2010-0486 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 7 and 4 more | 2023-12-10 | 9.3 HIGH | N/A |
The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability." | |||||
CVE-2010-1731 | 2 Google, Htc | 2 Chrome, Hero | 2023-12-10 | 4.3 MEDIUM | N/A |
Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. | |||||
CVE-2011-4374 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Reader, Macos and 2 more | 2023-12-10 | 9.3 HIGH | N/A |
Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2011-3992 | 1 Dlink | 6 Des-3800, Des-3800 Firmware, Dwl-2100ap and 3 more | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | |||||
CVE-2011-4870 | 1 Invensys | 1 Wonderware Inbatch | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property value, a different issue than CVE-2011-3141. | |||||
CVE-2010-2787 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 4.3 MEDIUM | N/A |
api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim. | |||||
CVE-2010-1150 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 6.0 MEDIUM | N/A |
MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue. | |||||
CVE-2011-4252 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 9.3 HIGH | N/A |
The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height. | |||||
CVE-2011-2374 | 1 Mozilla | 2 Firefox, Thunderbird | 2023-12-10 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2009-4980 | 1 Keil-software | 1 Photokorn Gallery | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php. | |||||
CVE-2010-2414 | 1 Oracle | 1 Sun Products Suite | 2023-12-10 | 2.6 LOW | N/A |
Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality via unknown vectors. | |||||
CVE-2010-0213 | 1 Isc | 1 Bind | 2023-12-10 | 2.6 LOW | N/A |
BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers. | |||||
CVE-2010-0288 | 1 Dokuwiki | 1 Dokuwiki | 2023-12-10 | 7.5 HIGH | N/A |
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010. | |||||
CVE-2010-0783 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2010-4391 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allows remote attackers to execute arbitrary code via a crafted value in an unspecified header field in an RMX file. | |||||
CVE-2011-0434 | 1 Gplhost | 1 Domain Technologie Control | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php. |