213680 matches found
Memory corruption
The MLDP implementation in Cisco IOS 15.33S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service chunk corruption and device reload by establishing many multicast flows, aka Bug ID CSCue22345...
Code injection
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...
Input validation
The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on a tomcat5-initd.log, b...
Authentication flaw
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887...
Code injection
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...
Sql injection
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...
Sql injection
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...
Heap overflow
Heap-based buffer overflow in the LookupMarkMarkPos function in the HarfBuzz module harfbuzz-gpos.c, as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...
Code injection
Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products...
Cross site scripting
Cross-site scripting XSS vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different...
Authentication flaw
Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417...
Code injection
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...
Sql injection
SQL injection vulnerability in ogpshow.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter...
Heap overflow
The LZW decompressor in 1 the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and 2 compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products,...
Integer overflow
Multiple integer overflows in tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers 1 a buffer overflow during a decompression loop or 2 an...
Code injection
Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone RPZ contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service named daemon crash via an unspecified query...
Design/Logic Flaw
The glob implementation in the GNU C Library aka glibc or libc6 allows remote authenticated users to cause a denial of service CPU and memory consumption via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a differen...
Design/Logic Flaw
The vsffilenamepassesfilter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service CPU consumption and process slot exhaustion via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632...
Stack overflow
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overfl...
Directory traversal
Multiple directory traversal vulnerabilities in the modsitemisc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a 1 SITE MKDIR, 2 SITE RMDIR, 3 SITE SYMLINK...
Null pointer dereference
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash via a crafted ZIP archive...
Default credentials
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service...
Memory corruption
Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...
Buffer overflow
Buffer overflow in Microsoft Internet Information Services IIS 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."...
Cross site scripting
JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language EL expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when th...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1767. Reason: This candidate is a duplicate of CVE-2010-1767. Notes: All CVE users should reference CVE-2010-1767 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
Buffer overflow
The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlo...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to area.php; the 2 pagina, 3 sentido, 4 qregistros, and 5 orden parameters to area.php; 6 the qregistros parameter to solicdisplay.php; 7 the...
Cross site scripting
Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header...
Unrestricted file upload
Unrestricted file upload vulnerability in imageupload.php in the SimpleBoard comsimpleboard component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direc...
Design/Logic Flaw
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880,...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action...
Directory traversal
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than...
Integer overflow
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow...
Code injection
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly...
Integer overflow
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528...
Design/Logic Flaw
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers ...
Directory traversal
Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library VBTOVSI.DLL 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can b...
Cross site scripting
Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...
Code injection
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user...
Open redirect
Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth...
Privilege escalation
Windows Error Reporting Service Elevation of Privilege Vulnerability...
Code injection
codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...
Command injection
SOY CMS is an open source CMS content management system that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability enables the executi...
Sql injection
The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins...
Race condition
In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: move mmu notification mechanism inside mm lock Move mmu notification mechanism inside mm lock to prevent race condition in other components which depend on it. The notifier will invalidate memory range. Depending...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Add alignment check for event ring read pointer Though we do check the event ring read pointer by "isvalidringptr" to make sure it is in the buffer range, but there is another risk the pointer may be not aligned...
Command injection
TYPO3 before 13.0.1 allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELT...
Information disclosure
A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajaxloginsubmitform of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs leads to information exposure through error message. The...
Buffer overflow
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input, and possibly remote code execution...