Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2002-1187 6.8
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting,
12-10-2018 - 21:32 11-12-2002 - 05:00
CVE-2007-3740 4.4
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
29-09-2017 - 01:29 14-09-2007 - 01:17
CVE-2012-5571 3.5
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token f
29-08-2017 - 01:32 18-12-2012 - 01:55
CVE-2012-5563 4.0
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this iss
29-08-2017 - 01:32 18-12-2012 - 01:55
CVE-2012-4862 2.1
The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors.
29-08-2017 - 01:32 05-12-2012 - 11:57
CVE-2009-1977 10.0
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the
17-08-2017 - 01:30 14-07-2009 - 23:30
CVE-2016-10150 10.0
Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the
09-02-2017 - 17:06 06-02-2017 - 06:59
CVE-2012-5590 7.5
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
26-02-2013 - 04:52 26-12-2012 - 17:55
CVE-2012-5586 2.1
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the pa
26-02-2013 - 04:52 26-12-2012 - 17:55
CVE-2012-5159 7.5
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code v
26-01-2013 - 04:57 25-09-2012 - 22:55
CVE-2005-3970 4.3
Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
08-03-2011 - 02:27 03-12-2005 - 19:03
CVE-2005-3969 7.5
SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
08-03-2011 - 02:27 03-12-2005 - 19:03
Back to Top Mark selected
Back to Top