Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-1320 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 6.8 MEDIUM | N/A |
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation. | |||||
CVE-2011-1443 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | N/A |
Google Chrome before 11.0.696.57 does not properly implement layering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers." | |||||
CVE-2009-2624 | 1 Gnu | 1 Gzip | 2024-02-28 | 6.8 MEDIUM | N/A |
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. | |||||
CVE-2010-4548 | 1 Ibm | 1 Lotus Notes Traveler | 2024-02-28 | 2.1 LOW | N/A |
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client. | |||||
CVE-2012-1198 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2024-02-28 | 7.5 HIGH | N/A |
base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action. | |||||
CVE-2012-0788 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. | |||||
CVE-2011-1538 | 1 Hp | 1 Proliant Support Pack | 2024-02-28 | 4.9 MEDIUM | N/A |
Open redirect vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote authenticated users to redirect other users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2011-3410 | 1 Microsoft | 1 Publisher | 2024-02-28 | 9.3 HIGH | N/A |
Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability." | |||||
CVE-2011-1529 | 1 Mit | 1 Kerberos 5 | 2024-02-28 | 7.8 HIGH | N/A |
The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors. | |||||
CVE-2010-0270 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-02-28 | 10.0 HIGH | N/A |
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability." | |||||
CVE-2012-0992 | 1 Openemr | 1 Openemr | 2024-02-28 | 8.5 HIGH | N/A |
interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. | |||||
CVE-2011-2697 | 1 Hp | 1 Linux Imaging And Printing Project | 2024-02-28 | 6.8 MEDIUM | N/A |
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file. | |||||
CVE-2011-1018 | 1 Logwatch | 1 Logwatch | 2024-02-28 | 10.0 HIGH | N/A |
logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server. | |||||
CVE-2010-3933 | 1 Rubyonrails | 1 Rails | 2024-02-28 | 6.4 MEDIUM | N/A |
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. | |||||
CVE-2010-3231 | 1 Microsoft | 3 Excel, Office, Open Xml File Format Converter | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability." | |||||
CVE-2010-3234 | 1 Microsoft | 1 Excel | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability." | |||||
CVE-2011-1303 | 1 Google | 1 Chrome | 2024-02-28 | 7.5 HIGH | N/A |
Google Chrome before 11.0.696.57 does not properly handle floating objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
CVE-2011-5035 | 1 Oracle | 1 Glassfish Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. | |||||
CVE-2010-2079 | 1 Magnoware | 1 Datatrack System | 2024-02-28 | 5.0 MEDIUM | N/A |
DataTrack System 3.5 allows remote attackers to bypass intended restrictions on file extensions, and read arbitrary files, via a trailing backslash in a URI, as demonstrated by (1) web.config\ and (2) .ascx\ files. | |||||
CVE-2011-0986 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 5.0 MEDIUM | N/A |
phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file. |