Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages.
The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (NULL pointer dereferenc...
The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (daemon exit) via a requ...
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute ar...
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitra...
ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60....
Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via...
Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."
Unspecified vulnerability in the printing functionality in Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (appl...
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web ...
The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a non-array object ...
The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving a path on ...
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content on a web p...
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unknown content on a web...
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to select...
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO...
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a gradient with many stops, related to the implementat...
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving SVG ani...
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to form l...
Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application cr...
Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash...
Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which is not properly hand...
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains many OPTION elements.
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using "injected script" to set the SRC attribute of an ...
Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via...
Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service...
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown content on a web ...
Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly ...
The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which allows remote attacker...
Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial of service (applica...
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via vectors involving a Certi...
Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications.
The Cascading Style Sheets (CSS) implementation in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via vec...
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web ...
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web ...
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web ...
Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU consumption) v...
Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an HTML document that has an empty parameter value for...
Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME ...
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters...
chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asteris...
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk ...
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL poi...
The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the ...
Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file.
The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (i...
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which all...
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote attackers to inject arbitrary web script ...
Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server er...
IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors.
The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license cons...
IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow ma...
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to th...
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 an...
gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid functio...
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential...
dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of ...
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which all...
Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause ...
Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains ...
Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-W...
SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter.
SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via...
Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web scrip...
Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] paramet...
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer...
SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL co...
SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL command...
Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by...
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value...
Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 b...
lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote at...
Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of se...
Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of s...
Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, al...
The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were n...
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP...
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP...
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP...
Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 S...
Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 20...
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 ...
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 ...
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 ...
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R...
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 ...
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 ...
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gol...
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gol...
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 ...
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 ...
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 ...
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gol...
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to r...
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP...
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP...
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which make...
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML v...
Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5...
Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or...
Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allow...
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns valu...
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment clos...
libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly qu...
Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME tra...
Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbit...
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not...
Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x befor...
Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) ...
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows rem...
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls...
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function cal...
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not pro...
NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 C...
SQL injection vulnerability in Parodia before 6.809 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) characte...
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of u...
Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM...
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary...
FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files f...
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary ...
IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for a...
The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an of...
Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet.
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensi...
The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow lo...
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Applicati...
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec...
The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for l...
The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2...
JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Vi...
Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to c...
Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to ...
Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect ...
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via ...
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x b...
The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHa...
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix2011...
Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded d...
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the act...
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows...
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) i...
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and ot...
The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows ...
Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterpr...
Unspecified vulnerability in the CMDB Metadata & Instance APIs component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 1...
Unspecified vulnerability in the Streams, AQ & Replication Mgmt component in Oracle Database Server 10.1.0.5 and 10.2.0.3, and Oracle Enterprise Manag...
Unspecified vulnerability in the Event Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager ...
Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11...
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to ...
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to ...
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to ...
Unspecified vulnerability in the Database Control component in Oracle Enterprise Manager Grid Control 10.1.0.6 allows remote attackers to affect confi...
Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, an...
Unspecified vulnerability in the Security Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4; and Oracle Enterprise Manag...
Unspecified vulnerability in the Schema Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and...
Unspecified vulnerability in the EMCTL component in Oracle Database Server 11.1.0.7 and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and...
Unspecified vulnerability in the Enterprise Manager Console component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2...
Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manag...
Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, a...
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to ...
Unspecified vulnerability in the EMCTL component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7, and Oracle Enterprise Manager Grid Contro...
Unspecified vulnerability in the Content Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7; and Oracle Enterpr...
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.2.3, 10.1.3.5, 10.1.4.0.1, and 10.1.4.3 allows ...
Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Fusion Middleware 11.1.1.3.0, 11.1.1.4.0, and 11.1.1.5.0 allows remot...
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arb...
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows ...
Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1,...
Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 11.1.0.7, and 11.2.0.1, and Oracl...
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote...
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows ...
Unspecified vulnerability in the Oracle Universal Installer component in Oracle Database Server 10.1.0.5 allows local users to affect confidentiality ...
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows ...
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.1 and 11.2.0.2 allows local users to affect confidentiality, re...
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7.3, 11.2.0.1, and 11.2.0.2 allows remote authenticated users t...
Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, an...
Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 9 and 10 allows remote attackers to affect confidentiality, integrity,...
Unspecified vulnerability in the Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allo...
Unspecified vulnerability in the SQL Performance Advisories/UIs component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enter...
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote authenticated users to affect availability, related to TCP/IP.
Unspecified vulnerability in the PeopleSoft Enterprise FIN component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote aut...
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect integrity via unkno...
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, in...
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows ...
Unspecified vulnerability in the Database Target Type Menus component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2...
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unk...
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to UFS.
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentialit...
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, in...
Unspecified vulnerability in Sun Integrated Lights Out Manager in Oracle SysFW 8.0.3.b or earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Bla...
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attac...
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attac...
Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.0, Bundle, #36, 9.1, Bundle, and #13 allows remo...
Unspecified vulnerability in the Agile Core Technology component in Oracle Supply Chain Products Suite 9.3.0.3 and 9.3.1.1 allows remote authenticated...
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote...
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote...
Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote aut...
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9, Bundle, #24, 9.0, Bundle, #17, 9.1, Bundle, a...
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1, Bundle, and #6 allows remote authenticated us...
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote...
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 Update 2011-D allows remote authenticated user...
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50.20 and 8.51.11 allows remote authentic...
Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote aut...
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 Bundle #17 allows remote authenticated users t...
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related t...
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fin...
Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) in SysFW 8.1.0.a and earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Bl...
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade.
Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs.
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions.
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Zones.
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to SSH.
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to Driver/USB.
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to Kernel/SCTP.
Unspecified vulnerability in Oracle Solaris Cluster 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors ...
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to KSSL.
Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, M5000, M8000, and M9000 XCP 1101 and earlier allows remote attackers to affect conf...
Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and av...
Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
Unspecified vulnerability in Oracle SysFW 8.1.0.a in various Oracle SPARC T3, Netra SPARC T3, Sun Fire, and Sun Blade servers allows remote attackers ...
CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client us...
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via ...
CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote we...
ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code ...
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buf...
Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain A...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a J...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (app...
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vec...
WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of ...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently ...
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ap...
fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the back...
Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a cr...
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0...
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 befor...
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss...
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers t...
Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java site packages (aka spacewalk-java) 1.2.39 in Spacewalk, as used in the server in...
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vector...
Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in th...
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss En...
SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allow...
Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line...
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain p...
Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows r...
Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote ...
Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks ...
Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary co...
upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of upload...
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the ...
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the ...
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerab...
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporate...
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via a .docx document with empty bullet styles...
IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document.
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation.
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger ...
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obta...
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the...
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers t...
The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a ...
Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unsp...
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attack...
Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary c...
AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of s...
Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 (CPR9 SR3) allows local users to execute arbitrary cod...
Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script...
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain po...
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote...
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute...
Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco Aggregation Services Routers (ASR) 9000 series devices allows remote attackers t...
Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs...
The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of ...
Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system ...
Stack-based buffer overflow in the Open Database Connectivity (ODBC) service (Odbcixv9se.exe) in 7-Technologies Interactive Graphical SCADA System (IG...
Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (c...
Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetPower allows remote attackers to cause a denial of service (crash) and possibly e...
Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of serv...
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to ...
Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspec...
Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors.
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attacke...
Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5....
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommand...
foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPComman...