Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1637 | 1 Squirrelmail | 1 Squirrelmail | 2012-02-13 | 4.0 MEDIUM | N/A |
| The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | |||||
| CVE-2009-3999 | 1 Hp | 1 Power Manager | 2012-02-13 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter. | |||||
| CVE-2011-4534 | 1 Copadata | 1 Zenon | 2012-02-13 | 7.5 HIGH | N/A |
| ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via a series of connections and disconnections on TCP port 1101, aka Reference Number 25212. | |||||
| CVE-2011-4533 | 1 Copadata | 1 Zenon | 2012-02-12 | 7.5 HIGH | N/A |
| zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted packet to TCP port 50777, aka Reference Number 25240. | |||||
| CVE-2012-1046 | 1 Ibm | 1 Cognos Tm1 | 2012-02-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696. | |||||
| CVE-2011-4659 | 1 Cisco | 2 Ip Video Phone E20, Telepresence E20 Software | 2012-02-09 | 10.0 HIGH | N/A |
| Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555. | |||||
| CVE-2011-4804 | 2 Foobla, Joomla | 2 Com Obsuggest, Joomla\! | 2012-02-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2011-4806 | 1 Phpalbum | 1 Phpalbum | 2012-02-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters. | |||||
| CVE-2011-4807 | 1 Phpalbum | 1 Phpalbum | 2012-02-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter. | |||||
| CVE-2011-4808 | 2 Joomla, Joomlaextensions | 2 Joomla\!, Com Hmcommunity | 2012-02-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php. | |||||
| CVE-2011-4809 | 2 Joomla, Joomlaextensions | 2 Joomla\!, Com Hmcommunity | 2012-02-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4810 | 1 Whmcs | 1 Whmcompletesolution | 2012-02-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php. | |||||
| CVE-2011-4811 | 1 Bst | 1 Bestshoppro | 2012-02-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter. | |||||
| CVE-2011-4812 | 1 Bst | 1 Bestshoppro | 2012-02-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro allows remote attackers to inject arbitrary web script or HTML via the str parameter. | |||||
| CVE-2011-4823 | 2 Extensionsforjoomla, Joomla | 2 Com Vikrealestate, Joomla\! | 2012-02-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php. | |||||
| CVE-2011-4826 | 1 Autosectools | 1 V-cms | 2012-02-08 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4827 | 1 Autosectools | 1 V-cms | 2012-02-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) p parameter to redirect.php and (2) box parameter to includes/TrueColorPicker/index.php, which is not properly handled in includes/TrueColorPicker/class.TrueColorPicker.php. | |||||
| CVE-2011-4831 | 1 David Azoulay | 1 Web File Browser | 2012-02-08 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action. | |||||
| CVE-2011-5078 | 1 Sybase | 1 M-business Anywhere | 2012-02-08 | 6.5 MEDIUM | N/A |
| The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP requests, aka Bug IDs 678497 and 678499. | |||||
| CVE-2012-0928 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-02-08 | 9.3 HIGH | N/A |
| The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file. | |||||