Search Results (121261 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4993 2 Joomla, Kay Messerschmidt 2 Joomla\!, Com Eventcal 2025-04-11 N/A
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2010-4994 2 Instantphp, Joomla 2 Jobs Pro, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html.
CVE-2010-4736 1 Gatesoft 1 Docusafe 2025-04-11 N/A
SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-4995 2 Joomla, Neojoomla 2 Joomla\!, Com Neorecruit 2025-04-11 N/A
SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506.
CVE-2010-4996 1 Esoftpro 1 Online Guestbook Pro 2025-04-11 N/A
SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2012-4192 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2025-04-11 N/A
Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.
CVE-2010-4739 2 Aretimes, Joomla 2 Com Maianmedia, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php.
CVE-2012-4191 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Seamonkey and 1 more 2025-04-11 N/A
The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2013-6979 1 Cisco 1 Ios Xe 2025-04-11 N/A
The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227.
CVE-2011-0941 1 Cisco 2 Ios, Unified Communications Manager 2025-04-11 N/A
Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179.
CVE-2012-4189 1 Mozilla 1 Bugzilla 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field.
CVE-2011-2688 3 Apache, Debian, Mod Authnz External Project 3 Http Server, Debian Linux, Mod Authnz External 2025-04-11 N/A
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
CVE-2012-4188 5 Canonical, Debian, Mozilla and 2 more 14 Ubuntu Linux, Debian Linux, Firefox and 11 more 2025-04-11 N/A
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2010-4745 1 Gareth Watts 1 Phpxref 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2011-2730 2 Redhat, Springsource 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more 2025-04-11 N/A
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."
CVE-2012-6152 2 Pidgin, Redhat 2 Pidgin, Enterprise Linux 2025-04-11 N/A
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.
CVE-2013-6968 1 Cisco 1 Webex Training Center 2025-04-11 N/A
Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003.
CVE-2011-2956 1 Azeotech 1 Daqfactory 2025-04-11 N/A
AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal.
CVE-2012-4186 5 Canonical, Debian, Mozilla and 2 more 14 Ubuntu Linux, Debian Linux, Firefox and 11 more 2025-04-11 N/A
Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-2360 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site.