SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote auth...
Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allow...
Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4...
Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows rem...
Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack...
Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to int...
Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20...
Cross-site scripting (XSS) vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HT...
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL com...
Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbit...
Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlie...
SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via u...
Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attacker...
ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to obtain sensitive information vi...
The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determi...
Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance ...
Buffer overflow in an unspecified Android API on the Cisco Desktop Collaboration Experience DX650 allows attackers to execute arbitrary code via vecto...
The SIP implementation in Cisco TelePresence TC Software allows remote attackers to trigger unintended use of NOTIFY messages via unspecified vectors,...
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2.4 and Sterling File Gateway allow remote attackers to inject ar...
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling File Gateway 2.2 and Sterling B2B Integrator allow remote authenticated users to i...
Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 allows remote authenticated users to execute arbitrary command...
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code v...
Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows pla...
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated use...
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, w...
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to hijack sessions via a modified cooki...
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about a...
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated ...
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about a...
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to inject arbitrary FTP commands via unspecified ...
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not properly restrict file types and extensions, which allows remote ...
The console in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to read stack traces by triggerin...
An unspecified third-party component in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 uses short session ID values, wh...
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive information about application...
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated use...
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about a...
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about a...
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecifi...
Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users t...
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about a...
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about a...
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about a...
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial o...
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of servic...
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-...
Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers...
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x befor...
Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows ...
Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a denial of service (daemon crash)...
Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated user...
MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of _...
import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authent...
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information fr...
The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle ...
A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free...
The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) ...
The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain st...
The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows l...
Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Process Manager (BPM) 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenti...
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3C...
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3C...
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-...
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an ...
net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash)...
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow ...
SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x...
Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) a...
The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote att...
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by spec...
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vector...
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allo...
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-...
WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on p...
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vector...
WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration i...
WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload...
moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the prese...
The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to b...
EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive...
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password fro...
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka ci...
The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass ...
The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using ci...
The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly ha...
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password ...
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary sh...
The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request w...
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0,...
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions ...
Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote a...
Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote ...
Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows...
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of ...
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vect...
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrar...
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 ...
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 ...
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 ...
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf...
The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime ...
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWri...
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidime...
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, whi...
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote a...
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of...
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ...
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf...
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web sit...
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si...
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craft...
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf...
Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted w...
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web sit...
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf...
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si...
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf...
The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows...
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ...
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf...
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf...
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web sit...
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML vi...
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 ...
The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delega...
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Serv...
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Serv...
DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows...
Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a den...
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carri...
Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a craft...
common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certai...
Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image.
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a...
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified ot...
Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for re...
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified ot...
Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen ...
core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to c...
browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by e...
parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of servic...
Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the handling of tex...
Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for si...
Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact v...
Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Lin...
Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Andr...
Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before...
Adobe Shockwave Player before 12.0.3.133 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified v...
Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial o...
Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets.
The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash)...
Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbit...
The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) ...
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a cra...
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using t...
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using t...
plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service ...
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause...
The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" a...
The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not co...
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web scri...
The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain priv...
Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Mana...
The Lookout Mobile Security application before 8.17-8a39d3f for Android allows attackers to cause a denial of service (application crash) via a crafte...
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-respo...
Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbu...
Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studio use weak permissions for the MiCOM S1 %PROGRAMFILES% directory, which allows l...
flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT ar...
Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, ...
The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 b...
flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gate...
flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause...
Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX...
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace da...
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and ot...
Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to ca...
Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML...
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite thro...
Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause...
The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 allows remote attackers to cause a denial of service (networking outage) via craf...
Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentic...
Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrar...
Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitra...
Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary ...
Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers t...
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify dat...
BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proxi...
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory c...
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process...
The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated us...
Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted re...
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote attackers to execute arbitr...
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to exec...
The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement...
A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly i...
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a ...
A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL)...
Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authenticat...
Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attack...
The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node ...
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows r...
The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which a...
The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which a...
The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users...
The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with th...
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly h...
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and...
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality via unknown vectors related to Utility/...
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.
Unspecified vulnerability in the Solaris Cluster component in Oracle and Sun Systems Products Suite 3.2, 3.3, and 4 prior to 4.1 SRU 3 allows local us...
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote...
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Driver/IDM (iSCSI Data Mover).
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote au...
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related t...
Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to ...
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect integrity via vectors related to Service Management Facility (SMF).
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework.
Unspecified vulnerability in the Solaris Cluster component in Oracle and Sun Systems Products Suite 3.3 allows local users to affect confidentiality, ...
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 allows remote attackers to affect integrity vi...
Unspecified vulnerability in the Oracle Landed Cost Management component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote authentic...
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/F...
Unspecified vulnerability in the Enterprise Manager (EM) Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, an...
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to af...
Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows loc...
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products Portal 9.1 and PeopleTools 8.52 allows remo...
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to aff...
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to aff...
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Kernel/VM.
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite Access Gate 1.2.1 allows remote attackers to a...
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attacker...
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote a...
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote a...
Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows loc...
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote a...
Unspecified vulnerability in the SPARC Enterprise M Series Servers component in Oracle and Sun Systems Products Suite XCP 1114 and earlier allows remo...
Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allo...
Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect integrity via unknown ...
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent a...
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote at...
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers t...
Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows...
Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect ...
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent a...
Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 prior to 4.63 and 4.7 prior to 4.71 allows remote attack...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability vi...
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect co...
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vector...
Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Kernel.
Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows rem...
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote aut...
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote aut...
Unspecified vulnerability in Enterprise Manager (EM) Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allow...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect avai...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability vi...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability vi...
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Filesystem/DevFS.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availabilit...
Unspecified vulnerability in Oracle Solaris 10 and 11, when running on AMD64, allows local users to affect availability via unknown vectors related to...
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attacker...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect avai...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote a...
Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2....
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote a...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect avai...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability vi...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integ...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability vi...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability vi...
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to...
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality and integrity via vectors related to Libraries/PAM-Un...
Unspecified vulnerability in the Oracle Policy Automation component in Oracle Industry Applications 10.2.0, 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2...
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attacker...
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attacker...
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attacker...
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attacker...
Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote attackers to affect in...
Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to...
Unspecified vulnerability in the Oracle Agile Collaboration Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticate...
Unspecified vulnerability in the Oracle Agile Product Collaboration component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated ...
Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7)sp1E4 allows remote attackers to cause a denial o...
The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules before 7.1(5)E4, IPS 4500 sensors...
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary co...
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privile...
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL com...
Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reloa...
The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 module allow remote attackers to ...
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrar...
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by lev...
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by lev...
Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use th...
Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the...
The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifyi...
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute ...
Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute ...
Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remot...
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1...
Cross-site scripting (XSS) vulnerability in core/handleTw.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Contro...
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1...
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1...
Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration...
The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the ...
The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a cr...
The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and o...
The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers...
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ES...
Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary...
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privi...
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directi...
Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 allows remote attackers to access tenant APIs, and consequently obtain sensitive in...
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for call...
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, ...
The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of ...
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1...
Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script ...
Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remot...
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash)...
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows...
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and condu...
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redir...
Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a...
SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via u...
Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to ...
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via u...
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via u...
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerab...
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unkno...
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unkno...
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unkno...
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unkno...
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or...
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka...
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerab...
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web...
HP Database and Middleware Automation (DMA) 10.x before 10.10, when SSL is used, allows remote attackers to obtain sensitive information via unspecifi...
Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent...
Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) ...
The Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka...
SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary S...
ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform t...
Cisco Aironet 3600 access points allow remote attackers to cause a denial of service (memory corruption and device crash) by disrupting Cisco Wireless...
The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port ...
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availabi...
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affec...
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availabi...
The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6...
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affec...
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6....
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6....
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 befo...
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering...
Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a craf...
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to ...
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a que...
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or sign...
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages...
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions...
The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read...
Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Co...
Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML v...
Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers t...
Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a ...
Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspec...
Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers...
Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected M...
Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmwa...
The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authentic...
The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of serv...
Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject ar...
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669.
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670.
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690.
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734.
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736.
mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not ...
mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated...
Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers...
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement...
mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider t...
The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before ...
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2....
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2....
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10...
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2...
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-...
SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated user...
The TrustGo Antivirus & Mobile Security application before 1.3.6 for Android allows attackers to cause a denial of service (application crash) via a c...
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platfo...
Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cau...
The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout va...
The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function ca...
The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain inf...
The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 c...
Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsheets 2012 8.1.0.3030 allow remote attackers to cause a denial of service (memory...
Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary we...
Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML v...
Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections...
Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "a...
Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1...
Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script ...
Unspecified vulnerability in the update and build database page in Sawmill before 8.6.3 allows remote attackers to have unknown impact and attack vect...
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then a...
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 pa...
Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or...
SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id paramet...
SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "All...
The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of ...
Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before ...
Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator disse...
Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wiresh...
epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index...
Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remot...
epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether ther...
Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1....
Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before...
The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not t...
The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1...
epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet...
Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1...
The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allo...
The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize ce...
The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x befo...
The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MA...
Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbit...
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbit...
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML v...
phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals...
phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in...
phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in...
Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x bef...
Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0....
Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitra...
Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web si...
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impac...
Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified ot...
Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or po...
Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified ot...
Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact v...
Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified ve...
Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown ...
The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists,...
Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-0...
main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18...
EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to p...
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a new...
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which all...
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary c...
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a conn...
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or e...
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permi...
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause ...
Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other imp...
Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x be...
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authe...
Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of servi...
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML v...
Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8...
Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver...
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows ...
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a deni...
Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other imp...
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Univers...
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HT...