Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4897 | 1 Tor | 1 Tor | 2011-12-29 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value. | |||||
| CVE-2011-5022 | 1 Pligg | 1 Pligg Cms | 2011-12-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter. | |||||
| CVE-2009-2914 | 1 Xzeroscripts | 1 Xzero Community Classifieds | 2011-12-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2011-5021 | 1 Phpids | 1 Phpids | 2011-12-28 | 7.5 HIGH | N/A |
| PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors. | |||||
| CVE-2009-5111 | 1 Goahead | 1 Goahead Webserver | 2011-12-28 | 5.0 MEDIUM | N/A |
| GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | |||||
| CVE-2009-5110 | 1 Dhttpd | 1 Dhttpd | 2011-12-28 | 5.0 MEDIUM | N/A |
| dhttpd allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | |||||
| CVE-2009-5109 | 1 Mini-stream | 1 Ripper | 2011-12-27 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file. | |||||
| CVE-2010-5081 | 1 Mini-stream | 1 Rm-mp3 Converter | 2011-12-27 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file. | |||||
| CVE-2011-4536 | 1 Wellintech | 1 Kingview | 2011-12-27 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote attackers to execute arbitrary code via a crafted op-code 3 packet. | |||||
| CVE-2011-3372 | 1 Cyrus | 1 Imapd | 2011-12-25 | 7.5 HIGH | N/A |
| imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command. | |||||
| CVE-2011-2286 | 1 Oracle | 1 Solaris | 2011-12-23 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote authenticated users to affect availability, related to ZFS. | |||||
| CVE-2011-2304 | 1 Oracle | 1 Solaris | 2011-12-23 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality, related to Network Services Library (libnsl). | |||||
| CVE-2011-2312 | 1 Oracle | 1 Solaris | 2011-12-23 | 1.7 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, related to ZFS. | |||||
| CVE-2011-2314 | 1 Oracle | 1 Fusion Middleware | 2011-12-23 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors related to JavaServer Pages. | |||||
| CVE-2011-2320 | 1 Oracle | 1 Fusion Middleware | 2011-12-23 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows remote attackers to affect confidentiality via unknown vectors related to Web Services. | |||||
| CVE-2011-4894 | 1 Tor | 1 Tor | 2011-12-22 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections. | |||||
| CVE-2011-4895 | 1 Tor | 1 Tor | 2011-12-22 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building. | |||||
| CVE-2011-4052 | 1 Indusoft | 1 Web Studio | 2011-12-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote attackers to execute arbitrary code via a crafted 0x15 (aka Remove File) operation for a file with a long name. | |||||
| CVE-2009-3091 | 1 Asus | 1 Asus Wl-330ge | 2011-12-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3100 | 2 Sun, X.org | 3 Opensolaris, Solaris, X11 | 2011-12-20 | 4.0 MEDIUM | N/A |
| xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches. | |||||