VIR Vulnerability Intelligence Relay

Search

Found 2,911 results in 878ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2011-0903 medium 7.8 EXP awcm-cms 16y ago Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (…
CVE-2011-0902 medium 7.9 EXP 16y ago Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LI…
CVE-2011-0901 medium 7.8 EXP erick_woods 16y ago Multiple stack-based buffer overflows in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allow user-assisted remote attackers t…
CVE-2011-0900 medium 7.8 EXP erick_woods 16y ago Stack-based buffer overflow in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allows user-assisted remote attackers to execute…
CVE-2011-0522 medium 7.8 EXPFIX debian debian videolan 16y ago The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows …
CVE-2011-0773 medium 5.3 EXP pivotx 16y ago Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
CVE-2011-0772 medium 5.3 EXP pivotx 16y ago Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color paramete…
CVE-2011-0049 medium 6.0 EXP mj2 16y ago Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the h…
CVE-2011-0740 medium 5.3 EXP pleerwordpress 16y ago Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url para…
CVE-2011-0096 medium 6.1 7.1 EXP windows windows 16y ago The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not …
CVE-2010-4717 medium 7.5 EXP novell 16y ago Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1)…
CVE-2010-4715 medium 6.0 EXP novell 16y ago Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via u…
CVE-2011-0678 medium 7.8 EXP lomtec 16y ago Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDire…
CVE-2011-0652 low 3.1 EXP looknstop 16y ago lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. …
CVE-2011-0643 medium 7.8 EXP phplinkdirectory 16y ago Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link Directory (phpLD) 4.1.0 allows remote attackers to hijack the authentication of administrators for requests th…
CVE-2011-0642 medium 5.3 EXP network-13 16y ago Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new us…
CVE-2011-0635 medium 7.0 EXP simploo 16y ago Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Se…
CVE-2010-4243 medium 5.9 EXPFIX linux-kernel 16y ago fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to caus…
CVE-2010-3879 medium 6.8 EXPFIX debian debian libfuse_project 16y ago FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the moun…
CVE-2011-0518 medium 6.1 EXP lotuscms 16y ago Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via the system…
CVE-2011-0515 low 3.1 EXP kingsoftkingsoftsecurity 16y ago KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry…
CVE-2011-0514 medium 6.0 EXP hp 16y ago The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.
CVE-2011-0512 medium 7.8 EXP jikakaphp-fusion 16y ago SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter.
CVE-2011-0507 medium 5.3 EXP blackmoonftpserver 16y ago FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1736), and possibly other versions before 3.1.8.1737, allows remote attackers to cause a denial of service (crash) via a large num…
CVE-2011-0506 medium 7.8 EXP tsixm 16y ago Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to execute arbitrary code via a .. (dot dot) in the aXconf[default_language] p…
CVE-2011-0505 medium 6.1 EXP remi_jean 16y ago Directory traversal vulnerability in system/system.php in Zwii 2.1.1, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local…
CVE-2011-0504 medium 5.3 EXP vamshop 16y ago Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to …
CVE-2011-0503 medium 7.8 EXP vamsoft 16y ago Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) chan…
CVE-2010-4331 medium 5.3 EXP seopanel 16y ago Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not pr…
CVE-2010-4437 medium 6.8 EXP oracle 16y ago Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integri…
CVE-2009-5018 medium 7.8 EXP catb 16y ago Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI prog…
CVE-2010-4647 medium 5.3 EXP eclipse 16y ago Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTM…
CVE-2010-4052 medium 6.0 EXPFIX debian debian gnu 16y ago Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial…
CVE-2010-4051 medium 6.0 EXPFIX debian debian gnu 16y ago The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via…
CVE-2008-7271 medium 5.3 EXP eclipse 16y ago Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or…
CVE-2011-0443 medium 7.8 EXP tinybb 16y ago SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile ac…
CVE-2010-3683 medium 5.0 EXP mysqloracle 16y ago Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysq…
CVE-2010-3682 medium 5.0 EXP mysqloracle 16y ago Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY …
CVE-2010-3681 medium 5.0 EXP mysqloracle 16y ago Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads…
CVE-2010-3680 medium 5.0 EXP mysqloracle 16y ago Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which trigge…
CVE-2010-3679 medium 5.0 EXP mysqloracle 16y ago Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitiali…
CVE-2010-3678 medium 5.0 EXP mysqloracle 16y ago Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly…
CVE-2010-3676 medium 5.0 EXP mysqloracle 16y ago storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_forma…
CVE-2011-0405 medium 7.8 EXP phpgedview 16y ago Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory trave…
CVE-2011-0005 medium 5.3 EXP joomla 16y ago Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.p…
CVE-2010-4693 medium 5.3 EXP coppermine-gallery 16y ago Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to …
CVE-2010-4645 medium 6.0 EXP php 16y ago strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a …
CVE-2010-3201 medium 5.3 EXP netwin 16y ago Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
CVE-2010-3847 medium 7.9 EXPFIX debian debian gnu 16y ago elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which al…
CVE-2010-4350 medium 6.1 EXP mantisbt 16y ago Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type param…
CVE-2010-4349 medium 6.0 EXP mantisbt 16y ago admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message…
CVE-2010-4348 medium 5.3 EXP mantisbt 16y ago Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to …
CVE-2010-1677 medium 6.0 EXPFIX debian debian mhonarc 16y ago MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> seque…
CVE-2010-4638 medium 7.8 EXP iptechinsidejoomla 16y ago SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to exec…
CVE-2010-4631 medium 5.3 EXP pilotcart 16y ago Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME …
CVE-2010-4276 medium 5.3 EXP livezilla 16y ago Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML vi…
CVE-2010-4258 medium 7.2 EXPFIX linux-kernelsuse susefedora fedora 16y ago The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwr…
CVE-2010-4158 low 3.1 EXPFIX linux-kernelsuse susefedora fedora 16y ago The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BP…
CVE-2010-3850 low 3.1 EXPFIX linux-kernelsuse susedebian debian 16y ago The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions …
CVE-2010-3849 medium 5.7 EXPFIX linux-kernelsuse susedebian debian 16y ago The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer derefere…
CVE-2010-3848 medium 7.9 EXPFIX linux-kernelsuse susedebian debian 16y ago Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges b…
CVE-2010-4617 medium 7.8 EXP kanichjoomla 16y ago Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section paramet…
CVE-2010-4612 medium 7.8 EXP hycus 16y ago Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_e…
CVE-2010-4611 medium 6.0 EXP html-edit 16y ago Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to (1) pages.php and (2) menu.php in includes/core_files and (3) extensions/login/frontend/pages/antih…
CVE-2010-4610 medium 5.3 EXP html-edit 16y ago Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2010-4608 medium 6.0 EXP habariproject 16y ago Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an erro…
CVE-2010-4607 low 3.6 EXP habariproject 16y ago Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter…
CVE-2010-4598 medium 6.0 EXP ecava 16y ago Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.
CVE-2010-4347 medium 7.9 EXPFIX linux-kernelsuse suse 16y ago The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACP…
CVE-2010-4111 medium 5.3 EXP linux-kernel hp 16y ago Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4275 low 4.5 EXP dmasoftlab 16y ago Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in…
CVE-2010-3906 medium 5.3 EXPFIX debian debian gitgit-scm 16y ago Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
CVE-2010-3770 medium 5.3 EXP mozilla 16y ago Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arb…
CVE-2010-4518 medium 5.3 EXP wobeowordpress 16y ago Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 …
CVE-2010-4517 medium 7.8 EXP harmistechnologyjoomla 16y ago SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cha…
CVE-2010-4514 medium 5.3 EXP dnnsoftware 16y ago Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. …
CVE-2010-4513 medium 5.3 EXP zimplit 16y ago Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action…
CVE-2010-4480 medium 5.3 EXPFIX debian debian phpmyadmin 16y ago error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as de…
CVE-2010-4412 medium 5.3 EXP bsdperimeter 16y ago Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, …
CVE-2010-4330 medium 7.8 EXP pulsecms 16y ago Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter…
CVE-2010-4259 medium 7.8 EXPFIX debian debian alexej_kryukov 16y ago Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a B…
CVE-2010-4246 medium 5.3 EXP bsdperimeter 16y ago Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2) ifname parameter,…
CVE-2010-4409 medium 6.0 EXP php 16y ago Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an…
CVE-2010-3449 medium 7.8 EXP jesse_mcconnellapache 16y ago Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum…
CVE-2010-4406 medium 7.8 EXP brunetton 16y ago Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files vi…
CVE-2010-4401 medium 6.0 EXP dynpg 16y ago languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
CVE-2010-4399 medium 5.3 EXP dynpg 16y ago Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_D…
CVE-2010-4313 medium 7.0 EXP novo-ws 16y ago Unrestricted file upload vulnerability in fileman_file_upload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a …
CVE-2010-3267 medium 7.5 EXP ifdefined 16y ago Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id param…
CVE-2010-3266 low 4.5 EXP ifdefined 16y ago Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, …
CVE-2010-4366 medium 5.3 EXP abk-soft 16y ago Multiple cross-site scripting (XSS) vulnerabilities in forum_new_topic.php in Chameleon Social Networking allow remote attackers to inject arbitrary web script or HTML via the (1) thread_title and (2…
CVE-2009-5019 medium 6.0 EXP webwiz 16y ago Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb.
CVE-2008-7269 medium 6.8 EXP boka 16y ago Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter…
CVE-2010-3858 medium 5.9 EXPFIX linux-kerneldebian debianubuntu ubuntu 16y ago The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) …
CVE-2010-4249 medium 5.9 EXPFIX linux-kernelfedora fedora 16y ago The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local u…
CVE-2010-4077 low 2.9 EXP linux-kernel 16y ago The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain poten…
CVE-2010-4073 low 2.9 EXPFIX linux-kernelsuse susedebian debian 16y ago The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vecto…
CVE-2010-4172 medium 5.3 EXP apache 16y ago Improper Neutralization of Input During Web Page Generation in Apache Tomcat
CVE-2010-4301 medium 6.0 EXPFIX debian debian wireshark 16y ago epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related t…
CVE-2010-2963 medium 7.2 EXPFIX linux-kernelsuse susefedora fedora 16y ago drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, w…