CVE-2012-2641

Cross-site scripting XSS vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library...

CVE-2013-1163

Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System CG-NMS allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746...

CVE-2012-2602

Multiple cross-site request forgery CSRF vulnerabilities in SolarWinds Orion Network Performance Monitor NPM before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create user accounts via CreateUserStepContainer actions to...

CVE-2013-1208

The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module VSM to Virtual Ethernet Module VEM communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID...

CVE-2010-5320

Multiple cross-site request forgery CSRF vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that 1 modify settings via a configuration action to admin.php, 2 modify articles via an articles action to admin.php, or 3 modify...

CVE-2010-2977

Cisco Unified Wireless Network UWN Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611...

CVE-2013-4611

Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving 1 the Online Designer page or 2 the Manage Survey Participants page...

CVE-2011-1314

The Service Integration Bus SIB messaging engine in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to cause a denial of service daemon hang by performing close operations via network connections to a queue manager...

CVE-2012-4399

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...

CVE-2012-5007

The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdfmergepdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third...

CVE-2014-9444

Cross-site scripting XSS vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errorsfu-disallowed-mime-type0name parameter to the default URI...

CVE-2012-4266

Cross-site scripting XSS vulnerability in clientdetails.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the clcomments parameter. NOTE: some of these details are obtained from third party information...

CVE-2012-4248

The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the 1 dev.log, 2 lipc.set, 3 lipc.get, or 4 todo.scheduleItems method, a different...

CVE-2014-9407

Multiple cross-site request forgery CSRF vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that 1 delete data via a request to agency-delete.php, 2 tracker-delete.php, or 3 userlog-delete.php in admin/ or 4 unlink...

CVE-2017-20041

A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers URL. It is possible to launch the attack remotely...

CVE-2011-5074

Multiple cross-site request forgery CSRF vulnerabilities in Support Incident Tracker aka SiT! before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via 1 userprofileedit.p...

CVE-2011-4713

Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the ID parameter to 1 catalog/shoppingcart.php or 2 catalog/content.php...

CVE-2010-4769

Directory traversal vulnerability in the Jimtawl comjimtawl component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the task parameter to index.php...

CVE-2010-1040

The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing...

CVE-2012-5972

Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... dot dot dot in a URI...