Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1236 | 1 Janetter | 1 Janetter | 2012-06-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands. | |||||
| CVE-2011-4237 | 1 Cisco | 2 Ciscoworks Common Services, Prime Lan Management Solution | 2012-06-08 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693. | |||||
| CVE-2011-3293 | 1 Cisco | 1 Secure Access Control Server | 2012-06-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143. | |||||
| CVE-2011-3317 | 1 Cisco | 1 Secure Access Control Server | 2012-06-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192. | |||||
| CVE-2007-5540 | 1 Opera | 1 Opera Browser | 2012-06-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors. | |||||
| CVE-2011-4964 | 2012-06-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2667. Reason: This candidate is a duplicate of CVE-2012-2667. Notes: All CVE users should reference CVE-2012-2667 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2008-1082 | 1 Opera | 1 Opera Browser | 2012-06-07 | 4.3 MEDIUM | N/A |
| Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. | |||||
| CVE-2008-1081 | 1 Opera | 1 Opera Browser | 2012-06-07 | 6.8 MEDIUM | N/A |
| Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. | |||||
| CVE-2008-1080 | 1 Opera | 1 Opera Browser | 2012-06-07 | 6.8 MEDIUM | N/A |
| Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. | |||||
| CVE-2008-5681 | 1 Opera | 1 Opera Browser | 2012-06-07 | 4.3 MEDIUM | N/A |
| Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs. | |||||
| CVE-2008-5682 | 1 Opera | 1 Opera Browser | 2012-06-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. | |||||
| CVE-2008-5683 | 1 Opera | 1 Opera Browser | 2012-06-07 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. | |||||
| CVE-2009-2070 | 1 Opera | 1 Opera Browser | 2012-06-07 | 6.8 MEDIUM | N/A |
| Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | |||||
| CVE-2009-0916 | 1 Opera | 1 Opera Browser | 2012-06-06 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue." | |||||
| CVE-2012-2630 | 1 Bandainamcogames | 1 Madomagi-ip Android | 2012-06-05 | 4.3 MEDIUM | N/A |
| The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2011-5093 | 1 Bestpractical | 1 Rt | 2012-06-05 | 6.5 MEDIUM | N/A |
| Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092. | |||||
| CVE-2011-5092 | 1 Bestpractical | 1 Rt | 2012-06-05 | 7.5 HIGH | N/A |
| Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093. | |||||
| CVE-2012-1252 | 1 Rssowl | 1 Rssowl | 2012-06-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760. | |||||
| CVE-2011-3493 | 1 Cogentdatahub | 1 Cogent Datahub | 2012-06-03 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands. | |||||
| CVE-2010-3714 | 1 Typo3 | 1 Typo3 | 2012-05-31 | 7.1 HIGH | N/A |
| The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors. | |||||