Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1035 | 1 Adacore | 1 Ada Web Services | 2012-02-08 | 5.0 MEDIUM | N/A |
| AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2012-0314 | 1 Emobile | 2 Pocket Wifi, Pocket Wifi Firmware | 2012-02-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device. | |||||
| CVE-2011-5077 | 1 Hudong | 1 Hdwiki | 2012-02-08 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in attachement.php in HDWiki 5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in image directory. | |||||
| CVE-2011-5076 | 1 Hudong | 1 Hdwiki | 2012-02-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5061 | 1 Whmcs | 1 Whmcompletesolution | 2012-02-07 | 7.5 HIGH | N/A |
| functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field. | |||||
| CVE-2011-5066 | 1 Ibm | 1 Websphere Application Server | 2012-02-07 | 2.1 LOW | N/A |
| The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file. | |||||
| CVE-2012-1004 | 1 Foswiki | 1 Foswiki | 2012-02-07 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1019 | 1 Xwiki | 1 Xwiki Enterprise | 2012-02-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/DownloadFeedback. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1025 | 1 Dream-multimedia-tv | 1 Enigma2 Webinterface | 2012-02-07 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter. | |||||
| CVE-2005-3877 | 1 Cafuego | 1 Simple Document Management System | 2012-02-06 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php. | |||||
| CVE-2010-4986 | 1 Cafuego | 1 Simple Document Management System | 2012-02-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter. | |||||
| CVE-2011-3531 | 1 Oracle | 1 Fusion Middleware | 2012-02-06 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect availability via unknown vectors related to Web Services Security. | |||||
| CVE-2011-3565 | 1 Oracle | 1 Communications Unified | 2012-02-06 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Calendar Server. | |||||
| CVE-2011-3569 | 1 Oracle | 1 Fusion Middleware | 2012-02-06 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Web Services Security. | |||||
| CVE-2011-3570 | 1 Oracle | 1 Communications Unified | 2012-02-06 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server. | |||||
| CVE-2011-3573 | 1 Oracle | 1 Communications Unified | 2012-02-06 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Communications Unified 7.0 allows remote authenticated users to affect availability via unknown vectors related to Calendar Server. | |||||
| CVE-2011-3574 | 1 Oracle | 1 Communications Unified | 2012-02-06 | 3.3 LOW | N/A |
| Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality and integrity via unknown vectors related to Calendar Server. | |||||
| CVE-2011-4508 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-06 | 9.3 HIGH | N/A |
| The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. | |||||
| CVE-2011-4867 | 2 Android, Tencent | 2 Android, Qqpphoto | 2012-02-06 | 5.8 MEDIUM | N/A |
| The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application. | |||||
| CVE-2011-1941 | 1 Phpmyadmin | 1 Phpmyadmin | 2012-02-05 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||