Total
252366 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-0417 | 1 Realnetworks | 2 Helix Player, Realplayer | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption. | |||||
CVE-2010-3870 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2023-12-10 | 6.8 MEDIUM | N/A |
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. | |||||
CVE-2011-4163 | 1 Hp | 1 Database Archiving Software | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213. | |||||
CVE-2011-4711 | 1 Namazu | 1 Namazu | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in namazu.cgi in Namazu before 2.0.16 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) result parameter. | |||||
CVE-2011-4026 | 1 Xia Zuojie | 1 Nexusphp | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2010-4590 | 1 Ibm | 1 Lotus Mobile Connect | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-3229 | 1 Apple | 1 Safari | 2023-12-10 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. | |||||
CVE-2010-4982 | 1 Mykazaam | 1 Address \& Contact Organizer | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1 parameter. | |||||
CVE-2011-1052 | 1 Hex-rays | 1 Ida | 2023-12-10 | 10.0 HIGH | N/A |
Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation. | |||||
CVE-2011-0812 | 1 Sun | 1 Sunos | 2023-12-10 | 3.7 LOW | N/A |
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel. | |||||
CVE-2010-2971 | 1 Raphael Assenat | 1 Libmikmod | 2023-12-10 | 9.3 HIGH | N/A |
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995. | |||||
CVE-2010-0827 | 1 Tug | 2 Tetex, Tex Live | 2023-12-10 | 6.8 MEDIUM | N/A |
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file. | |||||
CVE-2011-1127 | 1 Simplemachines | 1 Smf | 2023-12-10 | 10.0 HIGH | N/A |
SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors. | |||||
CVE-2010-1276 | 1 Bbsxp | 1 Bbsxp | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) Admin_Default.asp, (4) Bank.asp, (5) Manage.asp, and (6) ShowPost.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2011-3728 | 1 Boonex | 1 Dolphin | 2023-12-10 | 5.0 MEDIUM | N/A |
Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files. | |||||
CVE-2011-3430 | 1 Apple | 1 Iphone Os | 2023-12-10 | 9.3 HIGH | N/A |
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display. | |||||
CVE-2011-1736 | 1 Hp | 1 Openview Storage Data Protector | 2023-12-10 | 8.5 HIGH | N/A |
Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message. | |||||
CVE-2010-3457 | 1 Getsymphony | 1 Symphony | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-2324 | 1 Ibm | 2 Websphere Application Server, Zos | 2023-12-10 | 7.5 HIGH | N/A |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. | |||||
CVE-2011-3393 | 1 Myrephp | 1 Myre Real Estate Software | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1 parameter. |