| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action. |
| Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to MDSYS. |
| Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party. |
| The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. |
| WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. |
| Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of unspecified functions using XML-RPC. |
| Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed. |
| Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability." |
| SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product action. |
| libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file. |
| The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184. |
| WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. |
| Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557. |
| WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. |
| Multiple cross-site scripting (XSS) vulnerabilities in the Authoritative DNS - DNS Zones page in Barracuda Link Balancer 330 Firmware 1.3.2.005 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) zoneid or (2) scope parameter. |
| Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allows remote attackers to execute arbitrary code by calling the exposed unsafe (1) SetLogFilePath and (2) SigMessage methods to create arbitrary files with arbitrary content. |
| Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property. |
| Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability." |
| Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72850. |