Search Results (121293 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6875 1 Nagios 1 Nagios Xi 2025-04-11 N/A
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
CVE-2011-2875 1 Google 1 Chrome 2025-04-11 N/A
Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
CVE-2012-6082 1 Moinmo 1 Moinmoin 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.
CVE-2011-2876 1 Google 1 Chrome 2025-04-11 N/A
Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a text line box.
CVE-2012-4177 1 Ubi 1 Uplay Pc 2025-04-11 N/A
The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.
CVE-2013-6900 1 Cybozu 1 Garoon 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4178 1 Symantec 1 Web Gateway 2025-04-11 N/A
SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter.
CVE-2013-6901 2 Cybozu, Mozilla 2 Garoon, Firefox 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6905 3 Cybozu, Microsoft, Mozilla 3 Garoon, Internet Explorer, Firefox 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6089 1 Swi-prolog 1 Swi-prolog 2025-04-11 N/A
Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
CVE-2013-2328 1 Hp 1 Storage Data Protector 2025-04-11 N/A
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1636.
CVE-2013-6912 2 Cybozu, Microsoft 2 Garoon, Internet Explorer 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6913 2 Cybozu, Microsoft 2 Garoon, Internet Explorer 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6100 1 Moodle 1 Moodle 2025-04-11 N/A
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report.
CVE-2013-6918 1 Satechi 1 Smart Travel Router 2025-04-11 N/A
The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests.
CVE-2012-6103 1 Moodle 1 Moodle 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages.
CVE-2013-6920 1 Siemens 14 Sinamics G110, Sinamics G110d, Sinamics G120 and 11 more 2025-04-11 N/A
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.
CVE-2009-0695 1 Dell 1 Wyse Device Manager 2025-04-11 N/A
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.
CVE-2012-4179 5 Canonical, Debian, Mozilla and 2 more 14 Ubuntu Linux, Debian Linux, Firefox and 11 more 2025-04-11 N/A
Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2011-2886 1 Ibm 1 Lotus Symphony 2025-04-11 N/A
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via a .docx document with empty bullet styles for parent bullets.