Search Results (121301 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-5766 1 Oracle 3 Enterprise Manager Database Control, Enterprise Manager Grid Control, Enterprise Manager Plugin For Database Control 2025-04-11 N/A
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows remote attackers to affect integrity via unknown vectors related to DB Performance Advisories/UIs.
CVE-2013-4955 1 Puppet 1 Puppet Enterprise 2025-04-11 N/A
Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.
CVE-2013-6191 1 Hp 1 Operations Orchestration 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4627 1 Bitcoin 1 Bitcoin Core 2025-04-11 N/A
Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data.
CVE-2011-2733 1 Emc 1 Rsa Adaptive Authentication On-premise 2025-04-11 N/A
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information.
CVE-2012-1616 2 Argyllcms, Color 2 Argyllcms, Icclib 2025-04-11 N/A
Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file.
CVE-2013-3707 1 Novell 1 Open Enterprise Server 2025-04-11 N/A
The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.
CVE-2013-4633 1 Huawei 1 Seco Versatile Security Manager 2025-04-11 N/A
Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting.
CVE-2013-4378 1 Emeric Vernat 1 Javamelody 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header.
CVE-2010-2983 1 Cisco 1 Unified Wireless Network Solution Software 2025-04-11 N/A
The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an "EAPoL logoff attack," aka Bug ID CSCte43374.
CVE-2011-3773 1 Phpdevshell 1 Phpdevshell 2025-04-11 N/A
PHPDevShell 3.0.0-Beta-4b allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by gzip.php.
CVE-2010-2494 1 Bogofilter 1 Bogofilter 2025-04-11 N/A
Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.
CVE-2011-3132 1 Tibco 2 Spotfire Analytics Server, Spotfire Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4961 1 Puppet 1 Puppet Enterprise 2025-04-11 N/A
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.
CVE-2013-5765 1 Oracle 1 Peoplesoft Products 2025-04-11 N/A
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect availability via vectors related to XML Publisher.
CVE-2013-6189 1 Hp 1 Application Information Optimizer 2025-04-11 N/A
Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666.
CVE-2010-1267 1 Kjetiltroan 1 Webmaid Cms 2025-04-11 N/A
Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php.
CVE-2011-3594 2 Pidgin, Redhat 3 Libpurple, Pidgin, Enterprise Linux 2025-04-11 N/A
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
CVE-2010-1274 1 Webtoolkit 1 Wt 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to "insertions of the URL" that occur during a redirection.
CVE-2013-5309 2 Fudforum, Ilia Alshanetsky 2 Fudforum, Fudforum 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.