CVE List for December 2011 (340 vulnerabilities)

Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML v...

Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to read and modify arbitrary files via unspecifie...

Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is us...

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digi...

Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary we...

Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1)...

Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earli...

Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earli...

Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADARepo...

Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.1...

CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP...

IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program use...

SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitr...

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via ...

SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote at...

Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField ...

SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands vi...

SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbit...

Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files vi...

The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that trigger...

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows rem...

Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote atta...

The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Devi...

Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid an...

Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot...

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-direc...

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors invo...

Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via t...

Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct ...

One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an or...

One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of s...

One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtai...

The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail...

The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, whi...

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly hand...

The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of va...

The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obt...

The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers t...

The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle ...

The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object retu...

The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the getComputedStyle meth...

The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle...

The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited li...

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9....

Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web ...

vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to byp...

Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web s...

Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domain...

The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Polic...

Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue."

Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."

Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as dem...

Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service (application cr...

Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a web page, as demonst...

Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, wh...

Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attemp...

Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes ...

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempt...

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image...

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SW...

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SW...

Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and ...

Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary c...

The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read fr...

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authenticati...

Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbi...

Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vec...

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote at...

SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via t...

Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script...

Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager before 7.5.1 allows remote attackers to inject arbitrary web script or HTML via...

Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary w...

Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user ...

Multiple directory traversal vulnerabilities in namazu.cgi in Namazu before 2.0.16 allow remote attackers to read arbitrary files via a .. (dot dot) i...

Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.

Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot...

Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) i...

Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows r...

Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file p...

The BlackBerry PlayBook service on the Research In Motion (RIM) BlackBerry PlayBook tablet with software before 1.0.8.6067 allows local users to gain ...

The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authent...

Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a c...

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial o...

Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unkn...

Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arb...

Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQ...

Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier ...

remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in...

The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions (www write access) for unspecified scripts, which allows local users to gain priv...

Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that...

Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds r...

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified oth...

libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vector...

The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.

Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read...

The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, whic...

Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds ...

Google Chrome before 16.0.912.63 does not properly handle PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds rea...

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified oth...

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified oth...

The internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial...

Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via...

Google Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bou...

Stack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have u...

Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remo...

Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execut...

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error...

The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pi...

The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does n...

Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local user...

Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the curr...

The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code v...

Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary ...

ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote a...

Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via...

Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, whic...

Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsof...

Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Wi...

Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher fil...

Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of value...

Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages inco...

Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Vi...

Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list a...

SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0....

Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands vi...

SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ...

Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files vi...

Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or...

Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script...

Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in t...

SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL c...

Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to ...

Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templat...

SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter.

Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro allows remote attackers to inject arbitrary web script or HTML via the str para...

Directory traversal vulnerability in clientarea.php in WHMCompleteSolution (WHMCS) 3.x.x allows remote attackers to read arbitrary files via an invali...

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or...

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vect...

EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recov...

EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evalu...

Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject ...

ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora...

Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitra...

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows ...

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbe...

The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enab...

Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndia...

Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arb...

Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQ...

SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username ...

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 ...

SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter...

Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (...

Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary cod...

SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL co...

Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated ...

Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%...

Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arb...

Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0be...

The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local us...

Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vect...

Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML ...

Cross-site request forgery (CSRF) vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentic...

Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to...

Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote...

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage...

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, whic...

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a coo...

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete ...

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows rem...

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for certain resou...

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 sends incorrect Content-Type headers for certain resources, which m...

Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitr...

Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to i...

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obta...

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a submitted password within an HTTP response body, which allows remote at...

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which make...

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which ...

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET requests with que...

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attac...

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence...

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 omits the Content-Type header's charset parameter for certain resources, which mig...

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remo...

Multiple cross-site scripting (XSS) vulnerabilities in the billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 allow remote attackers t...

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not disable the SSL 2.0 protocol, which makes it easier for remote attacke...

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not prevent the use of weak ciphers for SSL sessions, which makes it easie...

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for corresponde...

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, whi...

Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTM...

SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted....

SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecifi...

Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via cra...

Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web scri...

Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remot...

Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote a...

Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remo...

Parallels Plesk Small Business Panel 10.2.0 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information...

Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/...

Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local applica...

Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attacker...

Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an ...

Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attack...

Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow ...

The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for...

The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direc...

The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intend...

The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain...

Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allow remote attackers to in...

Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote a...

SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL com...

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote att...

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easie...

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes...

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which m...

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with quer...

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to...

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not ensure that Content-Type HTTP headers match the corresponding Content-Type...

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 omits the Content-Type header's charset parameter for certain resources, which migh...

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sends incorrect Content-Type headers for certain resources, which might allow remot...

Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a cra...

Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on ...

Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message ...

Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (...

Untrusted search path vulnerability in EMC RSA SecurID Software Token 4.1 before 4.1.1 allows local users to gain privileges via a Trojan horse DLL in...

The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, wh...

The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 valida...

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the ...

The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the...

The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows rem...

Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS ser...

Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (ak...

The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors...

validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to...

The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, whic...

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 a...

YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of ...

Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web p...

Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins...

Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (applicatio...

Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted ...

Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary ...

CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and ...

The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a...

Cross-site scripting (XSS) vulnerability in plugin/comment.inc.php in PukiWiki Plus! 1.4.7plus-u2-i18n and earlier allows remote attackers to inject a...

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via...

Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inj...

Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remot...

Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote re...

Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection tha...

Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execut...

Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it eas...

Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easie...

Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote...

Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which ...

The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and othe...

The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and othe...

The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and othe...

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method ar...

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO US...

RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitr...

Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header ...

Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requ...

Directory traversal vulnerability in blog_system/data_functions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in...

Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) ep...

The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie.

Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 be...

Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.

Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.

family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, whi...

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, H...

Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control ...

Multiple stack-based buffer overflows in Final Draft 8 before 8.02 allow remote attackers to execute arbitrary code via a .fdx or .fdxt file with long...

Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to exec...

Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticat...

Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an exe...

Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attackers to execute arbitrary code via a crafted PnSize value in a MOV file.

Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other p...

Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size valu...

The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer de...

apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PING...

Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authen...

Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Re...

Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via ...

Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote at...

Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code vi...

Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to creat...

Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or ...

Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote...

Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11355 and earlier allow remote attackers to execute a...

The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properly handle commands sent to a named pipe, which allows local users to gain privile...

Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause ...

Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote at...

The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to impr...

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by ...

dhttpd allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets a...

Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inje...

SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.

Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the se...

Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbit...

Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML...

Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-12...

Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-12...

Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-12...

Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gnam...

Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vector...

Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel ...

Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web scrip...

Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certai...

Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL comm...

WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted...

Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users t...

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0...

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 ...

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenti...

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry i...

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which all...

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows ...

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-d...

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attac...

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote ...

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, whi...

Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other pro...

Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash...

Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attacke...

SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the userna...

Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (...

Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the ...

Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) d...

Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in SASHA 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the...

TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a b...

SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Di...

Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTM...

The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis...

Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) ...

virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.

Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote a...