Search Results (121257 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1590 2 Microsoft, Sun 2 Windows, One Web Server 2025-04-11 N/A
Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors.
CVE-2003-1591 1 Novell 1 Netware 2025-04-11 N/A
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload.
CVE-2012-0913 1 Icloudcenter 1 Ictimeattendance 2025-04-11 N/A
SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information.
CVE-2010-1009 2 Joachim-ruhs, Typo3 2 Educator, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-3024 1 Hulihanapplications 1 Diamondlist 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.
CVE-2013-1289 1 Microsoft 5 Groove Server, Infopath, Office Web Apps and 2 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
CVE-2013-5800 2 Oracle, Redhat 4 Jdk, Jre, Enterprise Linux and 1 more 2025-04-11 N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS.
CVE-2013-0765 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Seamonkey and 1 more 2025-04-11 N/A
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2011-0745 1 Sugarcrm 1 Sugarcrm 2025-04-11 N/A
SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.
CVE-2011-1718 2 Broadcom, Ca 2 Siteminder, Siteminder 2025-04-11 N/A
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
CVE-2010-2102 1 Timo Gaik 1 Webby Webserver 2025-04-11 N/A
Buffer overflow in Webby Webserver 1.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVE-2012-1022 1 4homepages 1 4images 2025-04-11 N/A
SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action.
CVE-2013-6960 1 Cisco 1 Webex Meeting Center 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248.
CVE-2013-2175 4 Canonical, Debian, Haproxy and 1 more 6 Ubuntu Linux, Debian Linux, Haproxy and 3 more 2025-04-11 N/A
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.
CVE-2013-6860 1 Sybase 1 Adaptive Server Enterprise 2025-04-11 N/A
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2013-0275 1 Ganglia 1 Ganglia-web 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0823 1 Webmproject 1 Libvpx 2025-04-11 N/A
VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".
CVE-2010-2940 1 Fedoraproject 1 Sssd 2025-04-11 N/A
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
CVE-2013-1526 2 Mariadb, Oracle 2 Mariadb, Mysql 2025-04-11 N/A
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
CVE-2013-3107 1 Vmware 1 Vcenter Server Appliance 2025-04-11 N/A
VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password.