Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5273 | 1 Altova | 1 Diffdog 2011 | 2013-01-03 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Altova DiffDog 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .dbdif file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-6460 | 1 Opera | 1 Opera Browser | 2013-01-02 | 5.0 MEDIUM | N/A |
| Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site. | |||||
| CVE-2012-6471 | 1 Opera | 1 Opera Browser | 2013-01-02 | 5.0 MEDIUM | N/A |
| Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests. | |||||
| CVE-2012-5609 | 1 Owncloud | 1 Owncloud | 2012-12-18 | 6.5 MEDIUM | N/A |
| Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. | |||||
| CVE-2010-2098 | 1 E107 | 1 E107 | 2012-12-12 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter. | |||||
| CVE-2005-3286 | 1 Kerio | 2 Personal Firewall, Serverfirewall | 2012-12-12 | 2.1 LOW | N/A |
| The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout vulnerability." | |||||
| CVE-2003-1219 | 1 Oscommerce | 1 Oscommerce | 2012-12-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter. | |||||
| CVE-2012-1238 | 1 Icz | 1 Sencha Sns | 2012-11-19 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2011-3109 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2012-11-19 | 7.5 HIGH | N/A |
| Google Chrome before 19.0.1084.52 on Linux does not properly perform a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact by leveraging an error in the GTK implementation of the UI. | |||||
| CVE-2007-4149 | 1 Visionsoft | 1 Audit | 2012-11-05 | 10.0 HIGH | N/A |
| The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2007-3660 | 1 Nonnoi Solutions | 1 Asp Barcode | 2012-11-05 | 7.5 HIGH | N/A |
| The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function. | |||||
| CVE-2007-2999 | 1 Microsoft | 1 Windows 2003 Server | 2012-11-05 | 1.8 LOW | N/A |
| Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. | |||||
| CVE-2007-2909 | 1 Jelsoft | 1 Vbulletin | 2012-11-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update. | |||||
| CVE-2007-2710 | 1 Nagiosql | 1 Nagiosql | 2012-11-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2612 | 1 Wikkawiki | 1 Wikkawiki | 2012-11-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modified installation." | |||||
| CVE-2007-2528 | 1 Trend Micro | 1 Serverprotect | 2012-11-05 | 10.0 HIGH | N/A |
| Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. | |||||
| CVE-2007-2448 | 1 Subversion | 1 Subversion | 2012-11-05 | 2.1 LOW | N/A |
| Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit. | |||||
| CVE-2007-6389 | 1 Gnome | 1 Screensaver | 2012-10-30 | 2.1 LOW | N/A |
| The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V. | |||||
| CVE-2007-4321 | 1 Fail2ban | 1 Fail2ban | 2012-10-30 | 6.8 MEDIUM | N/A |
| fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302. | |||||
| CVE-2007-4322 | 1 Ac Zoom | 1 Blockhosts | 2012-10-30 | 6.8 MEDIUM | N/A |
| BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765. | |||||