Search Results (121266 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-0652 1 Cisco 1 Context Directory Agent 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358.
CVE-2011-3789 1 Phpwcms 1 Phpwcms 2025-04-11 N/A
phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/inc_script/frontend_render/disabled/majonavi.php and certain other files.
CVE-2003-1580 1 Apache 1 Http Server 2025-04-11 N/A
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVE-2009-4909 1 Dootzky 1 Oblog 2025-04-11 N/A
admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests.
CVE-2006-7250 2 Openssl, Redhat 2 Openssl, Enterprise Linux 2025-04-11 N/A
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
CVE-2010-3616 1 Isc 1 Dhcp 2025-04-11 N/A
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.
CVE-2010-4788 1 Ibm 1 Tivoli Directory Server 2025-04-11 N/A
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) does not perform certain locking of linked-list access, which allows remote authenticated users to cause a denial of service (daemon crash) via a paged search.
CVE-2011-2773 1 Mahara 1 Mahara 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution.
CVE-2013-3349 1 Adobe 1 Coldfusion 2025-04-11 N/A
Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors.
CVE-2010-2616 1 Paul Mcenery 1 Php Bible Search 2025-04-11 N/A
SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter.
CVE-2011-2840 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction."
CVE-2010-1909 1 Consona 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance 2025-04-11 N/A
Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained from third party information.
CVE-2011-4677 1 Oneclickorgs 1 One Click Orgs 2025-04-11 N/A
One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
CVE-2012-0854 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors, which triggers a heap-based buffer overflow.
CVE-2011-2737 1 Rsa 1 Envision 2025-04-11 N/A
RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to read arbitrary files via unspecified vectors, related to an "arbitrary file retrieval vulnerability."
CVE-2012-1081 2 Roderick Braun, Typo3 2 Ya Googlesearch, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6567 1 Project-redcap 1 Redcap 2025-04-11 N/A
REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule.
CVE-2013-0688 1 Invensys 1 Wonderware Information Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0819 1 Joomla 1 Joomla\! 2025-04-11 N/A
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821.
CVE-2012-0323 2 Paul Lesniewsk, Squirrelmail 2 Autocomplete, Squirrelmail 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.