Max CVSS 10.0 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2001-0949 7.5
Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File,
14-02-2024 - 01:17 04-12-2001 - 05:00
CVE-2008-1763 7.5
SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter.
14-02-2024 - 01:17 12-04-2008 - 20:05
CVE-2002-1349 4.6
Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).
14-02-2024 - 01:17 18-12-2002 - 05:00
CVE-2002-0628 5.0
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.
09-02-2024 - 03:14 07-01-2003 - 05:00
CVE-2018-17191 7.5
Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration lea
23-05-2023 - 13:31 31-12-2018 - 14:29
CVE-2018-20584 4.3
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.
28-02-2023 - 20:44 30-12-2018 - 05:29
CVE-2013-4514 4.7
Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long
13-02-2023 - 04:47 12-11-2013 - 14:35
CVE-2013-4513 4.9
Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation.
13-02-2023 - 04:47 12-11-2013 - 14:35
CVE-2013-4512 4.7
Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write opera
13-02-2023 - 04:47 12-11-2013 - 14:35
CVE-2010-2948 6.5
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Ou
13-02-2023 - 04:21 10-09-2010 - 19:00
CVE-2010-1157 2.6
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the re
13-02-2023 - 04:17 23-04-2010 - 14:30
CVE-2009-2909 4.9
Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation
13-02-2023 - 02:20 20-10-2009 - 17:30
CVE-2016-5624 4.0
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
19-07-2022 - 17:04 25-10-2016 - 14:31
CVE-2018-20482 1.9
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archive
30-11-2021 - 19:52 26-12-2018 - 18:29
CVE-2005-3240 5.1
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder v
23-07-2021 - 12:55 31-12-2005 - 05:00
CVE-2018-8039 6.8
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to ma
16-06-2021 - 12:15 02-07-2018 - 13:29
CVE-2005-3653 10.0
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Len
14-04-2021 - 15:41 31-12-2005 - 05:00
CVE-2007-2139 10.0
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suit
09-04-2021 - 18:54 25-04-2007 - 20:19
CVE-2013-1418 4.3
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon
02-02-2021 - 19:04 18-11-2013 - 03:55
CVE-2013-7339 4.7
The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS
28-08-2020 - 14:35 24-03-2014 - 16:40
CVE-2018-18812 3.5
The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying fil
24-08-2020 - 17:37 16-01-2019 - 22:29
CVE-2018-20483 2.1
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credent
24-08-2020 - 17:37 26-12-2018 - 18:29
CVE-2012-5840 9.3
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attac
06-08-2020 - 17:38 21-11-2012 - 12:55
CVE-2018-18814 7.5
The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attac
09-10-2019 - 23:37 16-01-2019 - 22:29
CVE-2018-18813 4.3
The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affect
09-10-2019 - 23:37 16-01-2019 - 22:29
CVE-2018-8222 4.6
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windo
03-10-2019 - 00:03 11-07-2018 - 00:29
CVE-2017-7746 5.0
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining leng
03-10-2019 - 00:03 12-04-2017 - 23:59
CVE-2018-2729 5.8
Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allow
03-10-2019 - 00:03 18-01-2018 - 02:29
CVE-2018-3134 2.6
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: User Group Management). The supported version that is affected is 6.2.0.0. Difficult to exploit vulnerability al
03-10-2019 - 00:03 17-10-2018 - 01:31
CVE-2018-15335 4.3
When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may
03-10-2019 - 00:03 28-12-2018 - 15:29
CVE-2017-0082 7.2
The kernel-mode drivers in Microsoft Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CV
03-10-2019 - 00:03 17-03-2017 - 00:59
CVE-2014-2683 5.0
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.
16-07-2019 - 12:21 16-11-2014 - 00:59
CVE-2014-2682 6.8
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.
16-07-2019 - 12:21 16-11-2014 - 00:59
CVE-2014-2681 6.4
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.
16-07-2019 - 12:21 16-11-2014 - 00:59
CVE-2019-5524 9.0
VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.
04-04-2019 - 13:32 02-04-2019 - 15:29
CVE-2011-0421 4.3
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer derefer
30-10-2018 - 16:26 20-03-2011 - 02:00
CVE-1999-0691 7.2
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
30-10-2018 - 16:26 13-09-1999 - 04:00
CVE-2006-0423 7.5
BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.
30-10-2018 - 16:25 25-01-2006 - 23:07
CVE-2006-0425 5.0
BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors.
30-10-2018 - 16:25 25-01-2006 - 23:07
CVE-2006-0428 7.5
Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs.
30-10-2018 - 16:25 25-01-2006 - 23:07
CVE-2006-0407 4.3
Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the
19-10-2018 - 15:44 25-01-2006 - 02:03
CVE-2006-0224 4.6
Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuratio
19-10-2018 - 15:43 25-01-2006 - 02:03
CVE-2002-1344 5.0
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.
19-10-2018 - 15:29 18-12-2002 - 05:00
CVE-2003-1558 5.0
Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function.
19-10-2018 - 15:29 31-12-2003 - 05:00
CVE-2006-4926 7.2
The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary
17-10-2018 - 21:40 20-10-2006 - 22:07
CVE-2007-1050 4.3
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the use
16-10-2018 - 16:36 21-02-2007 - 23:28
CVE-2008-0661 6.8
Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.
15-10-2018 - 22:02 08-02-2008 - 02:00
CVE-2007-5918 6.0
Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change th
15-10-2018 - 21:47 10-11-2007 - 02:46
CVE-2007-5741 7.5
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
15-10-2018 - 21:46 07-11-2007 - 21:46
CVE-2007-5116 7.5
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
15-10-2018 - 21:40 07-11-2007 - 23:46
CVE-2016-0084 9.3
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
12-10-2018 - 22:11 10-02-2016 - 11:59
CVE-2014-1492 4.3
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which
09-10-2018 - 19:42 25-03-2014 - 13:25
CVE-2007-5925 4.0
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, wh
03-10-2018 - 21:50 10-11-2007 - 02:46
CVE-2006-1057 3.7
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
03-10-2018 - 21:36 25-04-2006 - 01:02
CVE-2007-4829 6.8
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
08-08-2018 - 13:48 02-11-2007 - 16:46
CVE-2014-2532 5.8
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
19-07-2018 - 01:29 18-03-2014 - 05:18
CVE-2002-1158 7.2
Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user.
03-05-2018 - 01:29 18-12-2002 - 05:00
CVE-2002-1159 6.4
Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.
03-05-2018 - 01:29 18-12-2002 - 05:00
CVE-2017-6162 4.3
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulner
16-11-2017 - 20:21 27-10-2017 - 14:29
CVE-2015-5177 5.0
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.
07-11-2017 - 13:01 22-10-2017 - 18:29
CVE-2014-2685 7.5
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remot
04-11-2017 - 01:29 04-09-2014 - 17:55
CVE-2014-2684 6.4
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provide
04-11-2017 - 01:29 16-11-2014 - 00:59
CVE-2007-3404 5.0
Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3.44 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
11-10-2017 - 01:32 26-06-2007 - 17:30
CVE-2002-2262 5.0
Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via unknown attack vectors.
11-10-2017 - 01:29 31-12-2002 - 05:00
CVE-2001-0444 2.1
Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
10-10-2017 - 01:29 02-07-2001 - 04:00
CVE-2009-1405 6.8
Directory traversal vulnerability in index.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set_lng parameter.
29-09-2017 - 01:34 24-04-2009 - 14:30
CVE-2009-1404 6.8
SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter.
29-09-2017 - 01:34 24-04-2009 - 14:30
CVE-2008-5955 7.5
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:32 23-01-2009 - 19:00
CVE-2008-2745 9.3
Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in Black Ice Software Annotation Plugin 10.95 allows remote attackers to execute arbitrary code via a long parameter to the AnnoSaveToTiff method.
29-09-2017 - 01:31 17-06-2008 - 15:41
CVE-2007-4890 5.8
Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the ar
29-09-2017 - 01:29 14-09-2007 - 01:17
CVE-2007-5911 6.8
Multiple stack-based buffer overflows in the AxMetaStream ActiveX control in AxMetaStream.dll 3.3.2.26 in Viewpoint Media Player 3.2 allow remote attackers to execute arbitrary code via a long string argument to the (1) BroadcastKey, (2) BroadcastKey
29-09-2017 - 01:29 10-11-2007 - 02:46
CVE-2015-4315 5.5
The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted
21-09-2017 - 01:29 20-08-2015 - 00:59
CVE-2015-4316 5.5
The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impe
21-09-2017 - 01:29 20-08-2015 - 10:59
CVE-2015-4320 4.0
The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340.
21-09-2017 - 01:29 20-08-2015 - 00:59
CVE-2015-4317 5.0
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469.
21-09-2017 - 01:29 20-08-2015 - 00:59
CVE-2017-9150 2.1
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address informa
09-09-2017 - 01:29 22-05-2017 - 22:29
CVE-2015-0621 7.8
Cisco TelePresence MCU devices with software 4.5(1.45) allow remote attackers to cause a denial of service (device reload) via an unspecified series of TCP packets, aka Bug ID CSCur50347.
08-09-2017 - 01:29 18-02-2015 - 02:59
CVE-2014-4427 7.5
App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.
29-08-2017 - 01:35 18-10-2014 - 01:55
CVE-2013-6163 4.3
Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main
29-08-2017 - 01:33 14-11-2013 - 20:55
CVE-2013-6164 7.5
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
29-08-2017 - 01:33 14-11-2013 - 20:55
CVE-2013-5387 4.3
Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request data.
29-08-2017 - 01:33 06-11-2013 - 15:55
CVE-2013-4425 1.9
The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key. According to several reference l
29-08-2017 - 01:33 18-11-2013 - 02:55
CVE-2012-4233 4.3
LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.d
29-08-2017 - 01:32 19-11-2012 - 12:10
CVE-2011-0987 6.5
The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's e
17-08-2017 - 01:33 14-02-2011 - 22:00
CVE-2009-2805 6.8
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow
17-08-2017 - 01:30 14-09-2009 - 16:30
CVE-2009-2803 6.8
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.
17-08-2017 - 01:30 14-09-2009 - 16:30
CVE-2009-2809 6.8
ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."
17-08-2017 - 01:30 14-09-2009 - 16:30
CVE-2009-2804 6.8
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an
17-08-2017 - 01:30 14-09-2009 - 16:30
CVE-2009-2800 6.8
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
17-08-2017 - 01:30 11-09-2009 - 18:30
CVE-2009-2807 7.2
Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.
17-08-2017 - 01:30 14-09-2009 - 16:30
CVE-2008-6141 5.0
Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data.
17-08-2017 - 01:29 14-02-2009 - 02:30
CVE-2009-0532 4.3
Cross-site scripting (XSS) vulnerability in password.php in Scripts For Sites (SFS) EZ Baby allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this inf
08-08-2017 - 01:33 11-02-2009 - 20:30
CVE-2008-4424 4.3
Cross-site scripting (XSS) vulnerability in index.php in Domain Group Network GooCMS 1.02 allows remote attackers to inject arbitrary web script or HTML via the s parameter in a comments action. NOTE: the provenance of this information is unknown; t
08-08-2017 - 01:32 03-10-2008 - 22:22
CVE-2007-6196 4.3
Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
29-07-2017 - 01:34 01-12-2007 - 06:46
CVE-2007-5931 5.0
The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this informati
29-07-2017 - 01:33 10-11-2007 - 11:46
CVE-2007-5888 4.3
Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
29-07-2017 - 01:33 07-11-2007 - 21:46
CVE-2007-4223 10.0
Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors.
29-07-2017 - 01:32 08-11-2007 - 11:46
CVE-2002-2263 6.6
The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files.
29-07-2017 - 01:29 31-12-2002 - 05:00
CVE-2002-2240 5.0
Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP GET request.
29-07-2017 - 01:29 31-12-2002 - 05:00
CVE-2002-2238 5.0
Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in a GET request.
29-07-2017 - 01:29 31-12-2002 - 05:00
CVE-2002-2239 7.8
The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet.
29-07-2017 - 01:29 31-12-2002 - 05:00
CVE-2017-3794 6.8
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fix
26-07-2017 - 01:29 26-01-2017 - 07:59
CVE-2006-3225 2.6
Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arb
20-07-2017 - 01:32 26-06-2006 - 16:05
CVE-2006-0710 7.5
Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 allows remote attackers to execute arbitrary code via a crafted LDAP request, as demonstrated by ProtoVer Sample LDAP.
20-07-2017 - 01:30 15-02-2006 - 11:06
CVE-2006-0424 4.0
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information.
20-07-2017 - 01:29 25-01-2006 - 23:07
CVE-2006-0353 3.6
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed infor
20-07-2017 - 01:29 22-01-2006 - 19:03
CVE-2006-0422 6.4
Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vect
20-07-2017 - 01:29 25-01-2006 - 23:07
CVE-2005-4010 7.5
SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.
20-07-2017 - 01:29 05-12-2005 - 11:03
CVE-2006-0432 2.1
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properl
20-07-2017 - 01:29 25-01-2006 - 23:07
CVE-2006-0429 2.1
BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions.
20-07-2017 - 01:29 25-01-2006 - 23:07
CVE-2006-0430 5.0
Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of se
20-07-2017 - 01:29 25-01-2006 - 23:07
CVE-2006-0431 2.1
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors.
20-07-2017 - 01:29 25-01-2006 - 23:07
CVE-2006-0426 7.5
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain pri
20-07-2017 - 01:29 25-01-2006 - 23:07
CVE-2006-0421 4.6
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow admini
20-07-2017 - 01:29 25-01-2006 - 23:07
CVE-2006-0427 2.1
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.
20-07-2017 - 01:29 25-01-2006 - 23:07
CVE-2004-2409 7.2
Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code.
11-07-2017 - 01:31 31-12-2004 - 05:00
CVE-2016-9012 6.5
CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.
26-01-2017 - 15:02 23-01-2017 - 21:59
CVE-2016-4270 10.0
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of se
28-11-2016 - 20:17 26-08-2016 - 19:59
CVE-2015-5406 9.0
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2
28-11-2016 - 19:33 22-08-2015 - 23:59
CVE-2015-5407 6.0
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2
28-11-2016 - 19:33 22-08-2015 - 23:59
CVE-2015-5408 6.0
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2
28-11-2016 - 19:33 22-08-2015 - 23:59
CVE-2014-2114 4.3
Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.
16-09-2015 - 19:11 04-04-2014 - 15:10
CVE-2013-4596 5.8
The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing.
03-06-2014 - 14:49 02-06-2014 - 15:55
CVE-2012-5552 5.0
The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks."
20-07-2013 - 03:33 03-12-2012 - 21:55
CVE-2007-5953 5.0
Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors.
08-03-2011 - 03:01 14-11-2007 - 01:46
CVE-2005-3880 7.5
Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in users/comments.php, (2) category_id and (3) id parameters in users/kb.php.
08-03-2011 - 02:27 29-11-2005 - 11:03
CVE-2005-2689 2.6
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.
05-09-2008 - 20:52 24-08-2005 - 04:00
CVE-2005-0523 7.5
Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header.
05-09-2008 - 20:46 02-05-2005 - 04:00
Back to Top Mark selected
Back to Top