Total
258075 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-3873 | 1 Openconstructor Project | 1 Openconstructor | 2023-12-10 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php. | |||||
CVE-2013-3643 | 1 Adgjm | 1 Galapagos Browser | 2023-12-10 | 4.3 MEDIUM | N/A |
The Galapagos Browser application for Android does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | |||||
CVE-2013-0881 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format. | |||||
CVE-2013-4097 | 1 Ds3 | 1 Authentication Server | 2023-12-10 | 5.0 MEDIUM | N/A |
ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message. | |||||
CVE-2013-5632 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions | |||||
CVE-2011-4581 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.0 MEDIUM | N/A |
mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface. | |||||
CVE-2013-4216 | 1 Intel | 1 Wimax Network Service | 2023-12-10 | 2.1 LOW | N/A |
The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses world-writable permissions for wimaxd.log, which allows local users to cause a denial of service (data corruption) by modifying this file. | |||||
CVE-2013-0931 | 2 Microsoft, Rsa | 3 Windows 2003 Server, Windows Xp, Authentication Agent For Windows | 2023-12-10 | 5.4 MEDIUM | N/A |
EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration. | |||||
CVE-2012-5479 | 1 Moodle | 1 Moodle | 2023-12-10 | 6.5 MEDIUM | N/A |
The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback. | |||||
CVE-2012-5268 | 5 Adobe, Apple, Google and 2 more | 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more | 2023-12-10 | 10.0 HIGH | N/A |
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. | |||||
CVE-2013-3720 | 2 Feedweb, Wordpress | 2 Feedweb, Wordpress | 2023-12-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter. | |||||
CVE-2010-5286 | 2 Joobi, Joomla | 2 Com Jstore, Joomla\! | 2023-12-10 | 10.0 HIGH | N/A |
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2012-2952 | 1 Jaow | 1 Jaow | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the add_ons parameter. | |||||
CVE-2012-4836 | 1 Ibm | 1 Cognos Business Intelligence | 2023-12-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is not properly handled during rendering of stored data. | |||||
CVE-2013-7281 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.9 MEDIUM | N/A |
The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||
CVE-2013-6003 | 1 Cybozu | 1 Garoon | 2023-12-10 | 3.5 LOW | N/A |
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors. | |||||
CVE-2013-4384 | 2 Drupal, Google Site Search Project | 2 Drupal, Google Site Search Module | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API. | |||||
CVE-2012-1920 | 1 Atmail | 1 Atmail Open | 2023-12-10 | 5.0 MEDIUM | N/A |
@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. | |||||
CVE-2013-3746 | 1 Oracle | 1 Oracle And Sun Systems Product Suite | 2023-12-10 | 7.2 HIGH | N/A |
Unspecified vulnerability in the Solaris Cluster component in Oracle and Sun Systems Products Suite 3.2, 3.3, and 4 prior to 4.1 SRU 3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Cluster Infrastructure. | |||||
CVE-2009-5118 | 1 Mcafee | 1 Virusscan Enterprise | 2023-12-10 | 9.3 HIGH | N/A |
Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share. |