55 matches found
Directory traversal
Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. dot dot in the mapid parameter...
ZTE ZXV10 W300 3.1.0c_DR0 UI Session Delete
Document Title: =============== ZTE ZXV10 W300 v3.1.0cDR0 - UI Session Delete Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1522 Release Date: ============= 2015-06-16 Vulnerability Laboratory ID VL-ID: ===================================...
CVE-2015-0967
Multiple cross-site scripting XSS vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via 1 the search field in plugin/index.html or 2 the title field in the Create Featured Result form in admin/main.jsp...
CVE-2014-3848
The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4wdbinfo parameter...
TYPO3 mailforms Unspecified Arbitrary Mail Relay Vulnerability
TYPO3 is prone to arbitrary mail relay vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...
CVE-2013-4620
Cross-site scripting XSS vulnerability in interface/main/onotes/officecommentsfull.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter...
CVE-2013-4165
The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack...
CVE-2012-4700
Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document...
CVE-2012-3552
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service slab corruption and system crash by sending packets to an application that sets socket options during the handling of network traffic...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 "user names in page titles" and 2 "autocomplete callbacks."...
CVE-2012-3124
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL...
CLscript CMS 3.0 SQL Injection / Cross Site Scripting
Title: ====== CLscript CMS v3.0 - Multiple Web Vulnerabilities Date: ===== 2012-05-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=574 VL-ID: ===== 574 Common Vulnerability Scoring System: ==================================== 8.6 Introduction: ============= With the...
Null pointer dereference
The tidydiagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153...
CVE-2011-3990
Cross-site scripting XSS vulnerability in plugin/comment.inc.php in PukiWiki Plus! 1.4.7plus-u2-i18n and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-3749
ka-Map 1.0-20070205 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test.php and certain other files...
CVE-2011-2275
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote attackers to affect integrity via unknown vectors...
CVE-2011-1574
Stack-based buffer overflow in the ReadS3M method in loads3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file...
CVE-2011-0436
The registeruser function in client/newaccountform.php in Domain Technologie Control DTC before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...
CVE-2010-2940
The authsend function in providers/ldap/ldapauth.c in System Security Services Daemon SSSD 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pamauthenticate via an empty password...
CVE-2010-0700
Cross-site scripting XSS vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter...