Max CVSS 10.0 Min CVSS 1.7 Total Count117
IDCVSSSummaryLast (major) updatePublished
CVE-2019-0615 4.3
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0616, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2018-15444 4.9
A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to imp
08-11-2018 - 13:29 08-11-2018 - 13:29
CVE-2018-0351 7.2
A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validati
18-07-2018 - 19:29 18-07-2018 - 19:29
CVE-2018-2860 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows high privileged attacker with log
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-0839 4.3
Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0763.
14-02-2018 - 21:29 14-02-2018 - 21:29
CVE-2017-12837 5.0
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and th
19-09-2017 - 14:29 19-09-2017 - 14:29
CVE-2017-10072 5.5
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-8485 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-7505 6.5
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user objec
26-05-2017 - 12:29 26-05-2017 - 12:29
CVE-2017-9144 4.3
In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.
22-05-2017 - 10:29 22-05-2017 - 10:29
CVE-2017-9141 4.3
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.
22-05-2017 - 10:29 22-05-2017 - 10:29
CVE-2017-9049 5.0
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an in
18-05-2017 - 02:29 18-05-2017 - 02:29
CVE-2017-6886 7.5
An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.
16-05-2017 - 12:29 16-05-2017 - 12:29
CVE-2017-2124 4.3
Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php.
05-05-2017 - 09:23 28-04-2017 - 12:59
CVE-2017-3612 3.7
Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes
01-05-2017 - 13:38 24-04-2017 - 15:59
CVE-2017-7607 4.3
The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
13-04-2017 - 09:57 09-04-2017 - 10:59
CVE-2017-7608 4.3
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
13-04-2017 - 09:51 09-04-2017 - 10:59
CVE-2016-9011 4.3
The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure.
27-03-2017 - 11:51 23-03-2017 - 14:59
CVE-2017-2997 10.0
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitation could lead to arbitrary code execution.
15-03-2017 - 21:59 14-03-2017 - 12:59
CVE-2016-3401 4.0
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810.
31-01-2017 - 21:59 18-01-2017 - 17:59
CVE-2016-5319 4.3
Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.
20-01-2017 - 14:23 20-01-2017 - 10:59
CVE-2016-5318 4.3
Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.
20-01-2017 - 14:23 20-01-2017 - 10:59
CVE-2014-4270 4.0
Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface, a different vulnerability than CVE-20
06-01-2017 - 22:00 17-07-2014 - 07:17
CVE-2014-4240 3.6
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.
06-01-2017 - 22:00 17-07-2014 - 07:17
CVE-2014-4230 4.3
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI, a different vulnerability than CVE-2014-2468.
06-01-2017 - 22:00 17-07-2014 - 01:10
CVE-2014-4227 10.0
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
06-01-2017 - 22:00 17-07-2014 - 01:10
CVE-2014-4214 3.3
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.
06-01-2017 - 22:00 17-07-2014 - 01:10
CVE-2014-2483 9.3
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CV
06-01-2017 - 21:59 17-07-2014 - 01:10
CVE-2013-1679 10.0
Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute a
06-01-2017 - 21:59 16-05-2013 - 07:45
CVE-2016-4009 10.0
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.
02-01-2017 - 22:00 13-04-2016 - 12:59
CVE-2016-2118 6.8
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersona
30-12-2016 - 21:59 12-04-2016 - 19:59
CVE-2016-2114 4.3
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client
30-12-2016 - 21:59 24-04-2016 - 20:59
CVE-2016-9888 4.3
An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
14-12-2016 - 22:00 08-12-2016 - 03:59
CVE-2015-0556 5.8
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
07-12-2016 - 22:06 08-04-2015 - 14:59
CVE-2013-1796 6.8
The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow
07-12-2016 - 22:03 22-03-2013 - 07:59
CVE-2015-4059 10.0
Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header.
05-12-2016 - 22:02 29-05-2015 - 11:59
CVE-2016-4024 7.5
Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.
30-11-2016 - 22:10 13-05-2016 - 12:59
CVE-2016-0171 7.2
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted a
29-11-2016 - 22:02 10-05-2016 - 21:59
CVE-2016-4020 2.1
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
28-11-2016 - 15:14 25-05-2016 - 11:59
CVE-2016-3961 2.1
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
28-11-2016 - 15:14 15-04-2016 - 10:59
CVE-2016-3886 7.2
systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attackers to gain privileges by modifying a setting, aka in
28-11-2016 - 15:13 11-09-2016 - 17:59
CVE-2016-3612 4.3
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core.
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2015-4993 4.3
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web scri
28-11-2016 - 14:31 21-12-2015 - 06:59
CVE-2015-1926 5.5
Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 and 11.1.1.9.0, and the Oracle Applications Framework component in Oracle E-Business Suite 12.2.3 and 12.2.4, allows remote authenticated users
28-11-2016 - 14:18 16-07-2015 - 06:59
CVE-2014-4232 4.3
Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related to Workspace Web Application, a different vulnerab
21-11-2016 - 22:01 17-07-2014 - 01:10
CVE-2008-1086 9.3
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, wh
08-11-2016 - 11:39 08-04-2008 - 19:05
CVE-2005-0841 7.5
SQL injection vulnerability in (1) people.php, (2) track.php, (3) edit.php, (4) document.php, (5) census.php, (6) passthru.php and possibly other php files in phpMyFamily 1.4.0 allows remote attackers to execute arbitrary SQL commands, as demonstrate
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-1999-0865 5.0
Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port.
17-10-2016 - 21:59 03-12-1999 - 00:00
CVE-2016-3990 6.8
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
04-10-2016 - 21:59 21-09-2016 - 14:59
CVE-2014-2776 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
06-09-2016 - 09:13 11-06-2014 - 00:56
CVE-2014-4211 5.0
Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7 and 11.1.1.8 allows remote attackers to affect integrity via unknown vectors related to Portlet Services.
01-12-2015 - 13:59 17-07-2014 - 01:10
CVE-2014-4228 4.4
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WD
01-12-2015 - 13:52 17-07-2014 - 01:10
CVE-2014-4249 5.0
Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to Mobile Service.
11-12-2014 - 22:02 17-07-2014 - 07:17
CVE-2011-0609 9.3
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9
11-02-2014 - 23:27 15-03-2011 - 13:55
CVE-2012-0131 10.0
Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
05-12-2013 - 00:09 05-04-2012 - 09:55
CVE-2013-2279 7.5
CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows
22-03-2013 - 23:16 21-03-2013 - 13:55
CVE-2012-4990 7.5
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action.
08-11-2012 - 00:00 22-10-2012 - 19:55
CVE-2012-4989 4.3
Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action.
08-11-2012 - 00:00 22-10-2012 - 19:55
CVE-2010-1136 7.5
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in
24-10-2012 - 00:00 27-03-2010 - 15:07
CVE-2010-1135 7.5
The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.
24-10-2012 - 00:00 27-03-2010 - 15:07
CVE-2010-1134 7.5
SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable.
24-10-2012 - 00:00 27-03-2010 - 15:07
CVE-2010-1133 7.5
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php.
24-10-2012 - 00:00 27-03-2010 - 15:07
CVE-2011-5180 4.3
Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third pa
21-09-2012 - 00:00 20-09-2012 - 06:55
CVE-2011-1887 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref
04-10-2011 - 22:54 13-07-2011 - 19:55
CVE-2011-1886 2.1
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer derefer
04-10-2011 - 22:54 13-07-2011 - 19:55
CVE-2011-1885 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
04-10-2011 - 22:54 13-07-2011 - 19:55
CVE-2011-1870 7.2
Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a
04-10-2011 - 22:54 13-07-2011 - 19:55
CVE-2006-2200 5.1
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_ut
02-08-2011 - 00:00 27-06-2006 - 21:45
CVE-2007-4349 4.3
The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service
14-06-2011 - 00:00 23-10-2008 - 18:00
CVE-2006-3423 9.3
WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls t
10-03-2011 - 00:00 06-07-2006 - 20:05
CVE-2008-5664 9.3
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
07-03-2011 - 22:14 18-12-2008 - 20:52
CVE-2008-1771 7.5
Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request wi
07-03-2011 - 22:07 16-04-2008 - 11:05
CVE-2008-1088 9.3
Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
07-03-2011 - 22:05 08-04-2008 - 19:05
CVE-2008-0311 9.3
Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.
07-03-2011 - 22:04 06-04-2008 - 19:44
CVE-2007-5149 6.8
PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter.
07-03-2011 - 22:00 01-10-2007 - 01:17
CVE-2007-4620 9.0
Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager
07-03-2011 - 21:58 07-04-2008 - 14:44
CVE-2007-0939 4.3
Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Sc
07-03-2011 - 21:50 10-04-2007 - 17:19
CVE-2006-5721 4.9
The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) allows local users to cause a denial of service (system crash) via an invalid argument to the DeviceIoControl function that triggers an invalid memory operation.
07-03-2011 - 21:43 03-11-2006 - 20:07
CVE-2006-4642 1.7
AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.
07-03-2011 - 21:41 08-09-2006 - 17:04
CVE-2006-3276 7.5
Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schem
07-03-2011 - 21:38 28-06-2006 - 18:05
CVE-2006-3271 7.5
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter i
07-03-2011 - 21:38 28-06-2006 - 18:05
CVE-2006-3201 4.9
Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
07-03-2011 - 21:38 23-06-2006 - 16:06
CVE-2006-2252 6.4
Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
07-03-2011 - 21:35 09-05-2006 - 06:02
CVE-2005-4255 4.3
Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter.
07-03-2011 - 21:27 15-12-2005 - 06:03
CVE-2006-3127 7.8
Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large num
07-03-2011 - 00:00 21-06-2006 - 19:02
CVE-2010-4429 3.5
Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-350
26-01-2011 - 01:52 19-01-2011 - 12:00
CVE-2009-2049 5.4
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t a
21-08-2010 - 01:33 30-07-2009 - 14:30
CVE-2006-6958 7.5
Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_a
01-07-2010 - 00:00 29-01-2007 - 11:28
CVE-2010-0956 7.5
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
23-06-2010 - 00:00 10-03-2010 - 15:14
CVE-2010-1740 7.5
SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter.
07-05-2010 - 00:00 06-05-2010 - 14:30
CVE-2008-4057 10.0
Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem."
26-08-2009 - 01:15 11-09-2008 - 17:06
CVE-2009-0729 6.8
Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 Basic and Pro allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the fPrefix parameter to (1) modules/recent_poll_include.php, (
23-06-2009 - 00:00 24-02-2009 - 18:30
CVE-2009-1646 9.3
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file.
15-05-2009 - 00:00 15-05-2009 - 11:30
CVE-2009-1645 9.3
Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
15-05-2009 - 00:00 15-05-2009 - 11:30
CVE-2009-1642 9.3
Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NO
15-05-2009 - 00:00 15-05-2009 - 11:30
CVE-2009-1641 9.3
Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
15-05-2009 - 00:00 15-05-2009 - 11:30
CVE-2008-6550 4.3
Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained solely
25-04-2009 - 01:40 29-03-2009 - 21:30
CVE-2008-2895 7.5
Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
08-04-2009 - 01:27 27-06-2008 - 14:41
CVE-2008-6520 10.0
Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a
25-03-2009 - 00:00 25-03-2009 - 14:30
CVE-2008-6519 10.0
Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running W
25-03-2009 - 00:00 25-03-2009 - 14:30
CVE-2008-1797 7.1
Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service (freeze) via a crafted URL.
29-01-2009 - 01:48 15-04-2008 - 13:05
CVE-2003-0049 7.5
Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.
10-09-2008 - 20:05 03-03-2003 - 00:00
CVE-2003-0775 5.0
saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).
10-09-2008 - 15:20 22-09-2003 - 00:00
CVE-2008-0849 7.5
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652.
05-09-2008 - 17:36 20-02-2008 - 19:44
CVE-2007-6467 7.5
SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.
05-09-2008 - 17:33 19-12-2007 - 19:46
CVE-2006-3313 2.6
Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter.
05-09-2008 - 17:06 29-06-2006 - 15:05
CVE-2005-1413 7.5
Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID paramete
05-09-2008 - 16:49 03-05-2005 - 00:00
CVE-2004-2624 4.3
Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter.
05-09-2008 - 16:44 31-12-2004 - 00:00
CVE-2004-2278 4.3
Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2003-1517 5.0
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message.
05-09-2008 - 16:37 31-12-2003 - 00:00
CVE-2002-1885 7.5
PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlogger (PPhlogger) 2.0.9 through 2.2.2 allows remote attackers to execute arbitrary PHP code via the rel_path parameter.
05-09-2008 - 16:31 31-12-2002 - 00:00
CVE-2002-1441 7.5
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a lo
05-09-2008 - 16:30 11-04-2003 - 00:00
CVE-2001-1344 7.5
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot).
05-09-2008 - 16:26 12-06-2001 - 00:00
CVE-2000-1033 7.5
Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users.
05-09-2008 - 16:22 11-12-2000 - 00:00
CVE-2008-1787 4.3
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; t
05-09-2008 - 00:00 15-04-2008 - 13:05
CVE-2008-1775 3.5
Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the deta
05-09-2008 - 00:00 14-04-2008 - 12:05
CVE-2008-1759 7.5
SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922.
05-09-2008 - 00:00 12-04-2008 - 16:05
Back to Top Mark selected
Back to Top