Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-2470 | 1 Reallysimplechat | 1 Really Simple Chat | 2011-06-29 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in chat/base/admin/login.php in A Really Simple Chat (ARSC) 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsc_message parameter. | |||||
CVE-2011-1332 | 1 Cybozu | 1 Garoon | 2011-06-29 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570. | |||||
CVE-2002-2019 | 1 Oscommerce | 1 Oscommerce | 2011-06-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter. | |||||
CVE-2011-1127 | 1 Simplemachines | 1 Smf | 2011-06-28 | 10.0 HIGH | N/A |
SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors. | |||||
CVE-2011-1128 | 1 Simplemachines | 1 Smf | 2011-06-28 | 7.5 HIGH | N/A |
The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack. | |||||
CVE-2011-1129 | 1 Simplemachines | 1 Smf | 2011-06-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action. | |||||
CVE-2011-1131 | 1 Simplemachines | 1 Smf | 2011-06-27 | 5.0 MEDIUM | N/A |
The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search. | |||||
CVE-2011-1757 | 1 Brad Fitzpatrick | 1 Djabberd | 2011-06-27 | 5.0 MEDIUM | N/A |
DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | |||||
CVE-2011-2206 | 1 Brad Fitzpatrick | 1 Djabberd | 2011-06-27 | 5.5 MEDIUM | N/A |
XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757. | |||||
CVE-2011-2531 | 1 Prosody | 1 Prosody | 2011-06-27 | 4.3 MEDIUM | N/A |
Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation) by sending a large amount of data. | |||||
CVE-2011-2532 | 1 Prosody | 1 Prosody | 2011-06-27 | 5.0 MEDIUM | N/A |
The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service (infinite loop) via invalid JSON data, as demonstrated by truncated data. | |||||
CVE-2011-0181 | 1 Apple | 3 Imageio, Mac Os X, Mac Os X Server | 2011-06-26 | 6.8 MEDIUM | N/A |
Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image. | |||||
CVE-2011-0196 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-06-26 | 7.8 HIGH | N/A |
AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network. | |||||
CVE-2008-3612 | 1 Apple | 2 Iphone, Ipod Touch | 2011-06-19 | 7.5 HIGH | N/A |
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection. | |||||
CVE-2011-1056 | 2 Metasploit, Microsoft | 2 Metasploit Framework, Windows | 2011-06-19 | 6.2 MEDIUM | N/A |
The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse. | |||||
CVE-2006-6979 | 1 Amarok | 1 Amarok | 2011-06-15 | 7.5 HIGH | N/A |
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters. | |||||
CVE-2007-2552 | 1 Wikkawiki | 1 Wikkawiki | 2011-06-15 | 5.0 MEDIUM | N/A |
The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds. | |||||
CVE-2011-1766 | 1 Mediawiki | 1 Mediawiki | 2011-06-15 | 5.8 MEDIUM | N/A |
includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation. | |||||
CVE-2010-4667 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2011-06-14 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2006-6637 | 1 Ibm | 1 Websphere Application Server | 2011-06-13 | 5.0 MEDIUM | N/A |
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." |