CVE List for February 2012 (343 vulnerabilities)

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string se...

Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before...

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the...

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 thr...

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 a...

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize ...

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation pol...

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow re...

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon im...

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to c...

Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow l...

Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to execute arbitrary code via unknown vectors.

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that us...

net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding d...

The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (...

Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to o...

Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary co...

Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by ...

The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a ...

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote...

Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web...

Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to ...

Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX Control 2.1.5.5 and other versions before 2.1.5.11 allows remote attackers to execute...

Stack-based buffer overflow in npjp2.dll in LuraWave JP2 Browser Plug-In 1.1.1.11 and other versions before 2.1.1.11 allows remote attackers to execut...

Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profi...

SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter.

Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r...

SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL co...

SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action ...

Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote...

Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execut...

CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to ...

Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service...

Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of servic...

CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbi...

Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to o...

Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap mem...

The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remot...

QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrar...

Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (applicat...

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (applicati...

Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attac...

WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leverag...

Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4...

Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-...

DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing...

Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and...

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Co...

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels...

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA por...

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA por...

CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before ...

Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; W...

The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels ...

Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP,...

Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); t...

HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mo...

Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka...

miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the...

Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40...

webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an...

The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of servi...

Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management S...

EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated ...

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a lar...

Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argu...

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML vi...

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the ...

Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authenticatio...

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formn...

interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file p...

Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web scrip...

Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrar...

actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitra...

SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQ...

Unrestricted file upload vulnerability in attachement.php in HDWiki 5.0 allows remote attackers to execute arbitrary code by uploading a file with an ...

Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbit...

Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! a...

Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ...

Multiple cross-site scripting (XSS) vulnerabilities in login.php in NexorONE Online Banking allow remote attackers to inject arbitrary web script or H...

Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via ...

SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id paramet...

Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing...

Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot do...

Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary...

Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username o...

Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remot...

Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject a...

SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL comman...

SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid param...

Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges ...

OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message.

Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated user...

Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web...

rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute ...

The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the fram...

RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code v...

Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allo...

The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height a...

Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attacker...

The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 d...

OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent a...

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A re...

The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentica...

AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predi...

Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vect...

Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of d...

Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact vi...

The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to byp...

Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of ...

Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause...

Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have...

Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) ...

Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility pro...

Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds re...

Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds re...

Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL ba...

Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) vi...

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified oth...

Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted c...

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified oth...

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified oth...

libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vector...

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have u...

The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via...

Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report befo...

Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assis...

zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute ...

ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (service crash) or possibly execute a...

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash coll...

Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via uns...

PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which ...

Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause...

Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web scri...

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users wi...

Multiple SQL injection vulnerabilities in symphony/content/content.publish.php in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow re...

Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to incl...

Cross-site scripting (XSS) vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions,...

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web scrip...

Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the * construct for mass virtual hosting, allows remot...

Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2)...

Buffer overflow in IvanView 1.2.15 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QC...

Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remo...

Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of...

Heap-based buffer overflow in PhotoLine 17.01 and possibly other versions before 17.02 allows remote attackers to execute arbitrary code via a JPEG200...

The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Mo...

Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x b...

Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that a...

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows re...

Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versi...

SQL injection vulnerability in GForge Advanced Server 6.0.0 and other versions before 6.0.1 allows remote attackers to execute arbitrary SQL commands ...

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web s...

Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via ...

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of ...

Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering ...

Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect us...

Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TY...

NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a ma...

Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to ...

Cross-site scripting (XSS) vulnerability in the template module in SmartyCMS 0.9.4 allows remote attackers to inject arbitrary web script or HTML via ...

SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id p...

Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote ...

Cross-site scripting (XSS) vulnerability in module/kb/search_word in the search module in lknSupport allows remote attackers to inject arbitrary web s...

Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers t...

SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL comma...

SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary S...

Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject...

SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL com...

SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL co...

Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbi...

SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execut...

The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors ...

Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execut...

Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script ...

Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers ...

Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users ...

Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to ...

Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary we...

Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via u...

Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script o...

Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attack...

SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter i...

The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the adm...

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/update_user in Hulihan Amethyst 0.1.5, and possibly earlier, allow remote attacker...

Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read conte...

Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessi...

Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data f...

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmana...

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute a...

Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbit...

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitra...

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitra...

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitra...

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitra...

Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitra...

Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold ...

Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gol...

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 ...

afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which ...

Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attack...

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2,...

Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a delet...

The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (...

Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code via unspecified vectors.

Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified v...

The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (...

The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (...

The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (...

The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (...

The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (...

Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 8 and 9 for Word allow remote attackers to inject arbitrary web script or HTML v...

The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (...

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Updat...

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allow...

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 U...

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Updat...

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaF...

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 U...

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Updat...

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Updat...

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allow...

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update ...

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Updat...

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX, 1.3.0 and earlier, and 1.2.2 and earlier allows remote attackers to affect...

The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or caus...

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; ...

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; ...

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; ...

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; ...

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; ...

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris...

Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have ...

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified oth...

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified oth...

Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other...

Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other...

Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vecto...

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified oth...

translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, ...

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have u...

Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.

Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) v...

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspeci...

Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers...

Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x befo...

common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of servic...

The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a res...

The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record q...

The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a respo...

The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during t...

LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.

SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors relat...

Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject...

The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite lo...

PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4...

Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arb...

Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to in...

Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkMa...

Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote ...

Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build 137 allows remote attackers to execute arbitrary code via crafted "image dimension...

base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the fil...

Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary PHP ...

Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType para...

Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitr...

Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject a...

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 allow remote attackers to hijack the authentication of admini...

Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the te...

The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code ...

Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a craft...

Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arb...

Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the c...

Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phis...

Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows re...

SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute...

Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg pa...

Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (...

Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit 2.35 allow remote attackers to inject arbitrary web script or HTML via the (1) ti...

Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the aut...

Directory traversal vulnerability in the telnet server in RabidHamster R2/Extreme 1.65 and earlier allows remote attackers to read arbitrary files via...

Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string ...

RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN numbe...

Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script o...

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via ...

Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary...

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for...

Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server b...

SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string in...

Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web scr...

Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web scri...

Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified pa...

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client syste...

Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long str...

The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT...

The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a de...

Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via...

SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL.

Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of uns...

Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor ...

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted...

Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified...

uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an admini...

GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitr...

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a...

Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers ...

Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by ...

Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted...

SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed UR...

Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of ...

Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the...

Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management S...

Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that ...

The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account pa...

Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via craf...

Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 ...

The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for re...

Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the l...

Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attack...

Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive inf...

Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Messag...

VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt in...

Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via t...

SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the...

Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authenticati...

Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via...

SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id ...

Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web scr...

PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute ...

Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG ima...

Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote atta...

Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow r...

Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote atta...

SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via...

Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMW_Initialize.php in Semantic Enterpris...

Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x befor...

The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows ...

Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to re...

Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U...

Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows ...

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer d...

Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject...

Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unkn...