Search Results (26984 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1134 1 S9y 1 Serendipity 2024-11-21 9.8 Critical
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
CVE-2011-1028 2 Debian, Smarty 2 Debian Linux, Smarty 2024-11-21 9.8 Critical
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
CVE-2011-0703 2 Debian, Gksu-polkit Project 2 Debian Linux, Gksu-polkit 2024-11-21 9.8 Critical
In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.
CVE-2010-5333 2 Integard Home Project, Integard Pro Project 2 Integard Home, Integard Pro 2024-11-21 9.8 Critical
The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow.
CVE-2010-4815 1 Coppermine-gallery 1 Coppermine Gallery 2024-11-21 9.8 Critical
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.
CVE-2010-4660 1 Status 1 Statusnet 2024-11-21 9.8 Critical
Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..
CVE-2010-4533 2 Debian, Offlineimap 2 Debian Linux, Offlineimap 2024-11-21 9.8 Critical
offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.
CVE-2010-4239 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 9.8 Critical
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
CVE-2010-3438 3 Debian, Fedoraproject, Libpoe-component-irc-perl Project 3 Debian Linux, Fedora, Libpoe-component-irc-perl 2024-11-21 9.8 Critical
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.
CVE-2010-3375 1 Qtparted Project 1 Qtparted 2024-11-21 9.8 Critical
qtparted has insecure library loading which may allow arbitrary code execution
CVE-2010-2783 1 Redhat 1 Icedtea6 2024-11-21 9.1 Critical
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.
CVE-2010-2548 1 Redhat 1 Icedtea6 2024-11-21 9.1 Critical
IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.
CVE-2010-2476 1 Syscp Project 1 Syscp 2024-11-21 9.8 Critical
syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot.
CVE-2010-2447 1 Gitolite 1 Gitolite 2024-11-21 9.8 Critical
gitolite before 1.4.1 does not filter src/ or hooks/ from path names.
CVE-2010-2446 1 Ruby-rbot 1 Rbot 2024-11-21 9.8 Critical
Rbot Reaction plugin allows command execution
CVE-2010-1435 1 Joomla 1 Joomla\! 2024-11-21 9.8 Critical
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
CVE-2010-1433 1 Joomla 1 Joomla\! 2024-11-21 9.8 Critical
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
CVE-2010-0748 3 Debian, Linux, Transmissionbt 3 Debian Linux, Linux Kernel, Transmission 2024-11-21 9.8 Critical
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
CVE-2009-5043 2 Burn Project, Debian 2 Burn, Debian Linux 2024-11-21 9.8 Critical
burn allows file names to escape via mishandled quotation marks
CVE-2009-5042 2 Debian, Python-docutils Project 2 Debian Linux, Python-docutils 2024-11-21 9.1 Critical
python-docutils allows insecure usage of temporary files