Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-5234 | 1 Scripte24shop | 1 Social Network Community | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in Social Network Community 2 allows remote attackers to execute arbitrary SQL commands via the userId parameter. | |||||
| CVE-2011-5235 | 1 Mnogosearch | 1 Mnogosearch | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link. | |||||
| CVE-2011-5244 | 3 Gnome, T1lib, Tetex | 3 Evince, T1lib, Tetex | 2017-08-28 | 6.8 MEDIUM | N/A |
| Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. | |||||
| CVE-2011-5245 | 1 Redhat | 1 Resteasy | 2017-08-28 | 5.0 MEDIUM | N/A |
| The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. | |||||
| CVE-2011-5252 | 1 Orchardproject | 1 Orchard | 2017-08-28 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter. | |||||
| CVE-2011-5253 | 1 Thegr | 1 Dl | 2017-08-28 | 4.3 MEDIUM | N/A |
| Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by supplying an authorization header. | |||||
| CVE-2011-5255 | 1 X3cms | 1 X3 Cms | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) username, or (3) password parameter. | |||||
| CVE-2011-5261 | 1 Axis | 2 M1054 Network Camera, M10 Series Network Cameras Firmware | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml. | |||||
| CVE-2011-5264 | 2 Marcel Brinkkemper, Wordpress | 2 Lazyest-backup, Wordpress | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the Lazyest Backup plugin before 0.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xml_or_all parameter. | |||||
| CVE-2011-5277 | 1 Advanced Forum Signatures Project | 1 Advanced Forum Signatures | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2011-5278 | 1 Advanced Forum Signatures Project | 1 Advanced Forum Signatures | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter. | |||||
| CVE-2012-0030 | 1 Openstack | 2 Essex, Nova | 2017-08-28 | 4.9 MEDIUM | N/A |
| Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter. | |||||
| CVE-2012-0040 | 1 Simplesamlphp | 1 Simplesamlphp | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter. | |||||
| CVE-2012-0069 | 1 Batavi | 1 Batavi | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter. | |||||
| CVE-2012-0072 | 1 Oracle | 1 Database Server | 2017-08-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors. | |||||
| CVE-2012-0073 | 1 Oracle | 1 E-business Suite | 2017-08-28 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2012-0074 | 1 Oracle | 1 Peoplesoft Products | 2017-08-28 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect integrity via unknown vectors related to Sales. | |||||
| CVE-2012-0076 | 1 Oracle | 1 Peoplesoft Products | 2017-08-28 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance. | |||||
| CVE-2012-0077 | 1 Oracle | 1 Fusion Middleware | 2017-08-28 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related to WLS-Console. | |||||
| CVE-2012-0078 | 1 Oracle | 1 E-business Suite | 2017-08-28 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services (Menu, LOV). | |||||