Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3294 | 1 Typsoft | 1 Typsoft Ftp Server | 2011-01-25 | 5.0 MEDIUM | N/A |
| Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected. | |||||
| CVE-2010-4071 | 1 Otrs | 1 Otrs | 2011-01-23 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail. | |||||
| CVE-2011-0498 | 1 Nokia | 1 Multimedia Player | 2011-01-23 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file. | |||||
| CVE-2011-0501 | 1 Musanim | 1 Music Animation Machine Midi Player | 2011-01-23 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in a .mamx file. | |||||
| CVE-2011-0514 | 1 Hp | 1 Data Protector Manager | 2011-01-23 | 5.0 MEDIUM | N/A |
| The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530. | |||||
| CVE-2011-0519 | 1 Gallarific | 1 Php Photo Gallery Script | 2011-01-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-4579 | 1 Opera | 1 Opera Browser | 2011-01-21 | 5.0 MEDIUM | N/A |
| Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs the (1) security information dialog or (2) download dialog. | |||||
| CVE-2010-4580 | 1 Opera | 1 Opera Browser | 2011-01-21 | 5.0 MEDIUM | N/A |
| Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site. | |||||
| CVE-2010-4581 | 1 Opera | 1 Opera Browser | 2011-01-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Opera before 11.00 has unknown impact and attack vectors, related to "a high severity issue." | |||||
| CVE-2010-4582 | 1 Opera | 1 Opera Browser | 2011-01-21 | 5.0 MEDIUM | N/A |
| Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2010-4583 | 1 Opera | 1 Opera Browser | 2011-01-21 | 2.6 LOW | N/A |
| Opera before 11.00, when Opera Turbo is enabled, does not display a page's security indication, which makes it easier for remote attackers to spoof trusted content via a crafted web site. | |||||
| CVE-2010-4584 | 1 Opera | 1 Opera Browser | 2011-01-21 | 2.6 LOW | N/A |
| Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https web sites, which might make it easier for remote attackers to spoof trusted content via a crafted web site. | |||||
| CVE-2010-4585 | 1 Opera | 1 Opera Browser | 2011-01-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the auto-update functionality in Opera before 11.00 allows remote attackers to cause a denial of service (application crash) by triggering an Opera Unite update. | |||||
| CVE-2010-4586 | 1 Opera | 1 Opera Browser | 2011-01-21 | 10.0 HIGH | N/A |
| The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508. | |||||
| CVE-2010-4335 | 1 Cakefoundation | 1 Cakephp | 2011-01-21 | 7.5 HIGH | N/A |
| The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files. | |||||
| CVE-2010-3495 | 1 Zope | 1 Zodb | 2011-01-21 | 4.3 MEDIUM | N/A |
| Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492. | |||||
| CVE-2010-3703 | 1 Poppler | 1 Poppler | 2011-01-21 | 4.3 MEDIUM | N/A |
| The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference. | |||||
| CVE-2010-1676 | 1 Tor | 1 Tor | 2011-01-21 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-0016 | 1 Tor | 1 Tor | 2011-01-21 | 2.1 LOW | N/A |
| Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process. | |||||
| CVE-2010-4703 | 1 Hotwebscripts | 1 Hotweb Rentals | 2011-01-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||