Total
248679 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4989 | 1 Ajsquare | 1 Aj Auction Pro-oopd | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action. | |||||
CVE-2011-2221 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2023-12-10 | 5.0 MEDIUM | N/A |
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors. | |||||
CVE-2011-3503 | 1 Interactivedata | 1 Esignal | 2023-12-10 | 9.3 HIGH | N/A |
Untrusted search path vulnerability in eSignal 10.6.2425.1208, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse JRS_UT.dll that is located in the same folder as a .quo (QUOTE) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2011-5050 | 1 Elitecore | 1 Cyberoam Unified Threat Management | 2023-12-10 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-4248 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 9.3 HIGH | N/A |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file. | |||||
CVE-2011-2114 | 1 Adobe | 1 Shockwave Player | 2023-12-10 | 9.3 HIGH | N/A |
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2117, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128. | |||||
CVE-2009-4395 | 2 Fr.simon Rundell, Typo3 | 2 Ste Prayer2, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-4259 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 9.3 HIGH | N/A |
Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file. | |||||
CVE-2011-0818 | 1 Oracle | 6 Enterpriseone Tools, Jd Edwards Enterpriseone, Jd Edwards Enterpriseone Ep and 3 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect availability, related to Enterprise Infrastructure SEC. | |||||
CVE-2011-3987 | 1 Daemon-tools | 1 Daemon Tools | 2023-12-10 | 4.9 MEDIUM | N/A |
dtsoftbus01.sys in DAEMON Tools Lite before 4.41.3, Pro Standard before 4.41.0315, and Pro Advanced before 4.41.0315 allows local users to cause a denial of service (system crash) via an invalid DeviceIoControl request to \\.\dtsoftbusctl. | |||||
CVE-2010-1923 | 1 Phpscripte24 | 1 Web Social Network Freunde Community | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action. | |||||
CVE-2010-1869 | 1 Artifex | 1 Gpl Ghostscript | 2023-12-10 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file. | |||||
CVE-2011-2011 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2023-12-10 | 7.2 HIGH | N/A |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." | |||||
CVE-2010-4802 | 1 Mojolicious | 1 Mojolicious | 2023-12-10 | 10.0 HIGH | N/A |
Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors. | |||||
CVE-2012-0193 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
CVE-2010-4906 | 1 Zenphoto | 1 Zenphoto | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-2508 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 6.0 MEDIUM | N/A |
Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter. | |||||
CVE-2011-4693 | 3 Adobe, Apple, Microsoft | 3 Flash Player, Mac Os X, Windows | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2010-1904 | 1 Emc | 1 Rsa Key Manager Client | 2023-12-10 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5.x allows user-assisted remote attackers to execute arbitrary SQL commands via the metadata section of encrypted key data. | |||||
CVE-2011-4704 | 2 Android, Voxofon | 2 Android, Voxofon | 2023-12-10 | 5.8 MEDIUM | N/A |
The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application. |