Total
246534 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-2483 | 3 Php, Postgresql, Solar Designer | 3 Php, Postgresql, Crypt Blowfish | 2023-12-10 | 5.0 MEDIUM | N/A |
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. | |||||
CVE-2010-3466 | 1 Netartmedia | 1 Iboutique.mall | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in the hosted_signup module in NetArt Media iBoutique.MALL 1.2 allows remote attackers to inject arbitrary web script or HTML via the tmpl parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-1106 | 1 Ibm | 1 Lotus Sametime | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action. | |||||
CVE-2011-0771 | 2 Drupal, Janrain | 2 Drupal, Rpx | 2023-12-10 | 6.8 MEDIUM | N/A |
The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site. | |||||
CVE-2009-4777 | 4 Hitachi, Hp, Microsoft and 1 more | 17 Job Management Partner 1\/automatic Job Management System 2-view, Job Management Partner 1\/integrated Management-view, Job Management Partner 1\/integrated Manager-console View and 14 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file." | |||||
CVE-2010-2574 | 1 Mantisbt | 1 Mantisbt | 2023-12-10 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action. | |||||
CVE-2011-3262 | 1 Citrix | 1 Xen | 2023-12-10 | 2.1 LOW | N/A |
tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop." | |||||
CVE-2012-1464 | 1 Netmechanica | 1 Netdecision | 2023-12-10 | 5.0 MEDIUM | N/A |
Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-2766 | 2 Debian, Fast Cgi Project | 2 Debian Linux, Fast Cgi | 2023-12-10 | 7.5 HIGH | N/A |
The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. | |||||
CVE-2011-3546 | 2 Oracle, Sun | 5 Javafx, Jdk, Jre and 2 more | 2023-12-10 | 5.8 MEDIUM | N/A |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment. | |||||
CVE-2011-0641 | 2 Heart5, Wordpress | 2 Statpresscn, Wordpress | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) what1, (2) what2, (3) what3, (4) what4, and (5) what5 parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2011-4496 | 1 Aviosoft | 1 Dtv Player | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers to execute arbitrary code via a crafted .plf (aka playlist) file. | |||||
CVE-2010-0893 | 1 Oracle | 1 Sun Products Suite | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the Sun Convergence component in Oracle Sun Product Suite 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Mail. | |||||
CVE-2009-4687 | 1 Hypersilence | 1 Silentum Guestbook | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter. | |||||
CVE-2009-4638 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | N/A |
Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. | |||||
CVE-2011-3218 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 2.6 LOW | N/A |
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. | |||||
CVE-2011-0470 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | 5.0 MEDIUM | N/A |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
CVE-2010-0517 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation. | |||||
CVE-2010-2769 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled. | |||||
CVE-2010-1961 | 1 Hp | 1 Openview Network Node Manager | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function. |