Max CVSS 10.0 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2008-0655 9.3
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
28-06-2024 - 14:15 07-02-2008 - 21:00
CVE-2017-6017 7.8
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP
10-04-2024 - 12:28 30-06-2017 - 03:29
CVE-2014-1505 5.0
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the S
12-09-2023 - 14:45 19-03-2014 - 10:55
CVE-2018-20720 7.8
ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message.
16-05-2023 - 21:02 16-01-2019 - 03:29
CVE-2019-0538 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
31-03-2023 - 19:24 08-01-2019 - 21:29
CVE-2013-4408 8.3
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via
13-02-2023 - 04:46 10-12-2013 - 06:14
CVE-2013-1913 6.8
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code
13-02-2023 - 04:41 12-12-2013 - 18:55
CVE-2011-0711 2.1
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOME
13-02-2023 - 03:23 01-03-2011 - 23:00
CVE-2011-0712 7.2
Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device n
13-02-2023 - 01:18 18-02-2011 - 20:00
CVE-2011-0713 6.8
Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Noki
13-02-2023 - 01:18 03-03-2011 - 01:00
CVE-2012-4461 1.9
The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the gues
13-02-2023 - 00:26 22-01-2013 - 23:55
CVE-2017-6891 6.8
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Co
03-02-2023 - 19:05 22-05-2017 - 19:29
CVE-2013-6707 4.3
Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol management outage) by making multiple management session
23-05-2022 - 16:24 07-12-2013 - 05:33
CVE-2013-2456 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2015-8857 7.5
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging imp
28-10-2021 - 15:05 23-01-2017 - 21:59
CVE-2015-0726 6.8
The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via u
16-04-2021 - 17:27 16-05-2015 - 14:59
CVE-2013-6045 7.5
Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors.
09-09-2020 - 19:56 12-12-2013 - 18:55
CVE-2013-6054 7.5
Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.
09-09-2020 - 19:56 12-12-2013 - 18:55
CVE-2013-6053 5.0
OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.
09-09-2020 - 19:56 27-04-2014 - 22:55
CVE-2013-1447 5.0
OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors.
09-09-2020 - 19:56 12-12-2013 - 18:55
CVE-2018-8279 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-
24-08-2020 - 17:37 11-07-2018 - 00:29
CVE-2019-0565 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge.
24-08-2020 - 17:37 08-01-2019 - 21:29
CVE-2019-0567 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
24-08-2020 - 17:37 08-01-2019 - 21:29
CVE-2019-0554 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
24-08-2020 - 17:37 08-01-2019 - 21:29
CVE-2019-0570 4.6
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka "Windows Runtime Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Window
24-08-2020 - 17:37 08-01-2019 - 21:29
CVE-2019-0569 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
24-08-2020 - 17:37 08-01-2019 - 21:29
CVE-2019-0553 2.1
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka "Windows Subsystem for Linux Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server
24-08-2020 - 17:37 08-01-2019 - 21:29
CVE-2019-0566 6.8
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.
24-08-2020 - 17:37 08-01-2019 - 21:29
CVE-2014-1493 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and app
11-08-2020 - 13:48 19-03-2014 - 10:55
CVE-2013-7091 5.0
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be
04-06-2020 - 12:10 13-12-2013 - 18:07
CVE-2013-7319 4.3
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.
05-05-2020 - 12:10 06-02-2014 - 16:10
CVE-2013-6927 2.1
Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account.
20-02-2020 - 21:22 13-02-2020 - 23:15
CVE-2013-7040 4.3
Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attack
25-10-2019 - 11:53 19-05-2014 - 14:55
CVE-2017-6780 7.8
A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaus
09-10-2019 - 23:29 07-09-2017 - 21:29
CVE-2017-2633 4.0
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use t
09-10-2019 - 23:26 27-07-2018 - 19:29
CVE-2017-12261 7.2
A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete
09-10-2019 - 23:22 02-11-2017 - 16:29
CVE-2018-3141 5.0
Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network
03-10-2019 - 00:03 17-10-2018 - 01:31
CVE-2018-3140 5.8
Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network
03-10-2019 - 00:03 17-10-2018 - 01:31
CVE-2017-6543 6.0
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used t
03-10-2019 - 00:03 08-03-2017 - 23:59
CVE-2018-3142 4.0
Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network a
03-10-2019 - 00:03 17-10-2018 - 01:31
CVE-2018-2594 6.0
Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP
03-10-2019 - 00:03 18-01-2018 - 02:29
CVE-2017-10206 7.5
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Engagement). The supported version that is affected is 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network acc
03-10-2019 - 00:03 08-08-2017 - 15:29
CVE-2005-0545 7.2
Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2016-0639 10.0
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication.
19-02-2019 - 19:33 21-04-2016 - 10:59
CVE-2019-0548 5.0
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564.
15-01-2019 - 14:02 08-01-2019 - 21:29
CVE-2019-0564 5.0
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.
11-01-2019 - 21:30 08-01-2019 - 21:29
CVE-2010-4475 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2009-3266 4.3
Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds
30-10-2018 - 16:26 18-09-2009 - 22:30
CVE-2006-0480 4.3
Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file.
19-10-2018 - 15:45 31-01-2006 - 11:03
CVE-2006-0476 7.6
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
19-10-2018 - 15:45 31-01-2006 - 11:03
CVE-2006-0495 4.3
Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable).
19-10-2018 - 15:45 01-02-2006 - 02:02
CVE-2006-0469 4.3
Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag.
19-10-2018 - 15:44 30-01-2006 - 18:03
CVE-2006-2021 5.0
Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the record
18-10-2018 - 16:37 25-04-2006 - 20:06
CVE-2006-2020 7.8
Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information. This vulnerability is addr
18-10-2018 - 16:37 25-04-2006 - 20:06
CVE-2006-5496 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php.
17-10-2018 - 21:43 25-10-2006 - 10:07
CVE-2008-0667 4.3
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE
15-10-2018 - 22:02 11-02-2008 - 21:00
CVE-2007-5984 7.8
classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calcul
15-10-2018 - 21:48 15-11-2007 - 00:46
CVE-2007-5993 4.3
Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter.
15-10-2018 - 21:48 15-11-2007 - 22:46
CVE-2007-5983 4.3
Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
15-10-2018 - 21:48 15-11-2007 - 00:46
CVE-2007-5979 4.3
Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
15-10-2018 - 21:48 15-11-2007 - 00:46
CVE-2007-5975 6.5
SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third p
15-10-2018 - 21:48 15-11-2007 - 00:46
CVE-2012-1529 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use Af
12-10-2018 - 22:02 21-09-2012 - 21:55
CVE-2008-3003 6.6
Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information an
12-10-2018 - 21:47 12-08-2008 - 23:41
CVE-2008-1807 7.5
FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.
11-10-2018 - 20:36 16-06-2008 - 19:41
CVE-2010-1931 7.5
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.
10-10-2018 - 19:58 10-06-2010 - 00:30
CVE-2009-3263 4.3
Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as
10-10-2018 - 19:43 18-09-2009 - 22:30
CVE-2014-4242 4.3
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console.
09-10-2018 - 19:48 17-07-2014 - 11:17
CVE-2018-1028 9.3
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft S
21-05-2018 - 17:56 12-04-2018 - 01:29
CVE-2000-0901 4.6
Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable.
03-05-2018 - 01:29 19-12-2000 - 05:00
CVE-1999-0693 7.2
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
03-05-2018 - 01:29 02-03-2000 - 05:00
CVE-2013-2929 3.3
The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/p
28-04-2018 - 01:29 09-12-2013 - 18:55
CVE-2013-7025 3.5
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to
12-03-2018 - 17:22 09-12-2013 - 16:36
CVE-2016-10324 7.5
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.
04-11-2017 - 01:29 13-04-2017 - 16:59
CVE-2005-1531 7.5
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL
11-10-2017 - 01:30 12-05-2005 - 04:00
CVE-2004-0078 7.5
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
10-10-2017 - 01:30 03-03-2004 - 05:00
CVE-2008-5950 7.5
SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.
29-09-2017 - 01:32 23-01-2009 - 19:00
CVE-2008-1784 7.5
Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.
29-09-2017 - 01:30 15-04-2008 - 10:05
CVE-2007-5995 6.8
PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter.
29-09-2017 - 01:29 15-11-2007 - 22:46
CVE-2007-6215 5.0
Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter.
29-09-2017 - 01:29 04-12-2007 - 15:46
CVE-2015-4536 3.5
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by readin
21-09-2017 - 01:29 20-08-2015 - 10:59
CVE-2015-4533 9.0
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary cod
21-09-2017 - 01:29 20-08-2015 - 10:59
CVE-2015-4534 9.0
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string t
21-09-2017 - 01:29 20-08-2015 - 10:59
CVE-2012-5121 7.5
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5126 7.5
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of plug-in placeholders.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5123 5.0
Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5124 7.5
Google Chrome before 23.0.1271.64 does not properly handle textures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5127 7.5
Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5128 7.5
Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5116 7.5
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5119 6.8
Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to buffers.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5122 7.5
Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5125 7.5
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5117 7.5
Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2011-0080 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption a
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2009-3751 4.3
Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allows remote attackers to inject arbitrary web script or HTML via the genres_parent parameter.
19-09-2017 - 01:29 22-10-2009 - 17:30
CVE-2009-3753 7.5
Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php
19-09-2017 - 01:29 22-10-2009 - 17:30
CVE-2009-3752 7.5
SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter.
19-09-2017 - 01:29 22-10-2009 - 17:30
CVE-2009-3661 6.8
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
19-09-2017 - 01:29 11-10-2009 - 22:30
CVE-2009-3660 6.8
PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerabilit
19-09-2017 - 01:29 11-10-2009 - 22:30
CVE-2017-5177 5.0
A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafted packet could overflow the fixed length buffer. Th
16-09-2017 - 01:29 19-05-2017 - 03:29
CVE-2013-7103 9.0
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092
29-08-2017 - 01:34 14-12-2013 - 17:21
CVE-2013-7104 9.0
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remo
29-08-2017 - 01:34 14-12-2013 - 17:21
CVE-2013-7092 6.5
Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) event_id, (3) reason, (4) events_order, (5) emailstatu
29-08-2017 - 01:34 13-12-2013 - 18:07
CVE-2013-7067 5.8
The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request.
29-08-2017 - 01:34 19-12-2013 - 04:24
CVE-2013-7187 7.5
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-08-2017 - 01:34 20-12-2013 - 23:55
CVE-2013-6708 5.0
Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889.
29-08-2017 - 01:33 10-12-2013 - 06:14
CVE-2013-5353 6.8
Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a d
29-08-2017 - 01:33 13-06-2014 - 14:55
CVE-2013-5011 7.2
Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges
29-08-2017 - 01:33 10-01-2014 - 16:47
CVE-2013-5356 7.5
Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict access to unspecified AJAX functionality, which allows remote attackers to bypass authentication via unknown vectors.
29-08-2017 - 01:33 13-06-2014 - 14:55
CVE-2013-5352 6.8
Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to services/comments/set, which is not properly handled when
29-08-2017 - 01:33 13-06-2014 - 14:55
CVE-2013-5009 7.4
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authentic
29-08-2017 - 01:33 10-01-2014 - 16:47
CVE-2013-5010 4.6
The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom p
29-08-2017 - 01:33 10-01-2014 - 16:47
CVE-2012-5115 7.5
Google Chrome before 23.0.1271.64 on Mac OS X does not properly mitigate improper write behavior in graphics drivers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigge
29-08-2017 - 01:32 07-11-2012 - 11:43
CVE-2012-5367 6.0
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/inde
29-08-2017 - 01:32 03-12-2012 - 21:55
CVE-2012-5118 7.5
Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vec
29-08-2017 - 01:32 07-11-2012 - 11:43
CVE-2012-5120 7.5
Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-boun
29-08-2017 - 01:32 07-11-2012 - 11:43
CVE-2009-3647 4.3
Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is
17-08-2017 - 01:31 09-10-2009 - 14:30
CVE-2009-0063 4.3
Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
08-08-2017 - 01:33 24-04-2009 - 15:30
CVE-2009-0533 4.3
Cross-site scripting (XSS) vulnerability in password.php in Scripts for Sites EZ Reminder allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this infor
08-08-2017 - 01:33 11-02-2009 - 20:30
CVE-2007-6002 4.3
Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites sectio
29-07-2017 - 01:33 15-11-2007 - 22:46
CVE-2007-3454 10.0
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CG
29-07-2017 - 01:32 27-06-2007 - 00:30
CVE-2007-3455 10.0
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related t
29-07-2017 - 01:32 27-06-2007 - 00:30
CVE-2017-3796 6.5
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6.
26-07-2017 - 01:29 26-01-2017 - 07:59
CVE-2006-0707 5.0
PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.
20-07-2017 - 01:29 15-02-2006 - 11:06
CVE-2006-0035 4.9
The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 and 2.6.15 allows local users to cause a denial of service (infinite loop) via a nlmsg_len field of 0.
20-07-2017 - 01:29 11-01-2006 - 21:03
CVE-2006-0036 7.8
ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows remote attackers to cause a denial of service (memory corruption or crash) via an inbound PPTP_IN_CALL_REQUEST packet that causes a
20-07-2017 - 01:29 23-01-2006 - 22:03
CVE-2006-0478 7.5
CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and
20-07-2017 - 01:29 31-01-2006 - 11:03
CVE-2006-0477 7.5
Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.
20-07-2017 - 01:29 31-01-2006 - 11:03
CVE-2006-0037 4.9
ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows local users to cause a denial of service (memory corruption or crash) via a crafted outbound packet that causes an incorrect offset
20-07-2017 - 01:29 23-01-2006 - 22:03
CVE-2017-0074 2.3
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a de
17-07-2017 - 13:18 17-03-2017 - 00:59
CVE-2004-0668 5.0
Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment.
11-07-2017 - 01:30 06-08-2004 - 04:00
CVE-2017-5358 7.5
Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.
21-03-2017 - 15:17 15-03-2017 - 15:59
CVE-2016-8986 4.0
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.
02-03-2017 - 02:59 22-02-2017 - 19:59
CVE-2016-6080 5.0
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.
07-02-2017 - 19:20 01-02-2017 - 20:59
CVE-2013-7041 4.3
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.
03-12-2016 - 03:00 08-05-2014 - 14:29
CVE-2016-4269 10.0
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of se
28-11-2016 - 20:17 26-08-2016 - 19:59
CVE-2015-4531 9.0
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super
28-11-2016 - 19:29 20-08-2015 - 10:59
CVE-2015-4532 9.0
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run s
28-11-2016 - 19:29 20-08-2015 - 10:59
CVE-2014-0735 4.3
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug I
16-09-2015 - 18:58 20-02-2014 - 05:18
CVE-2013-5354 7.5
Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup.
18-06-2014 - 04:25 09-12-2013 - 16:55
CVE-2013-5355 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) create new administrative users via unspe
18-06-2014 - 04:25 09-12-2013 - 16:55
CVE-2013-7069 6.8
ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched.
06-03-2014 - 04:50 14-12-2013 - 17:21
CVE-2013-7038 6.4
The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.
21-02-2014 - 05:05 13-12-2013 - 18:55
CVE-2013-7039 5.1
Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitr
21-02-2014 - 05:05 13-12-2013 - 18:55
CVE-2013-6840 6.9
Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. Per: https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa
12-12-2013 - 17:11 10-12-2013 - 16:55
CVE-2013-6985 7.5
SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter.
11-12-2013 - 19:22 09-12-2013 - 16:55
CVE-2006-6651 6.8
Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3.9 allows remote attackers to cause memory corruption and execute arbitrary code via a series of crafted beacon frames. NOTE: some details are obtained solely from third party inf
08-03-2011 - 02:46 20-12-2006 - 02:28
CVE-2005-3944 7.5
SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEY_ID parameter.
08-03-2011 - 02:27 01-12-2005 - 06:03
CVE-2009-3264 4.3
The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit
01-10-2009 - 05:24 18-09-2009 - 22:30
CVE-2007-5982 4.3
Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/
15-11-2008 - 07:02 15-11-2007 - 00:46
CVE-2001-0442 7.5
Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command.
05-09-2008 - 20:24 27-06-2001 - 04:00
Back to Top Mark selected
Back to Top