Total
272 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4506 | 1 Technicolor | 2 Tg585 Router, Tg585 Router Firmware | 2025-04-11 | 7.5 HIGH | N/A |
| The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | |||||
| CVE-2013-5167 | 1 Apple | 1 Mac Os X | 2025-04-11 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers. | |||||
| CVE-2011-1652 | 1 Microsoft | 1 Windows 7 | 2025-04-11 | 5.0 MEDIUM | N/A |
| The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems | |||||
| CVE-2011-4585 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
| login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network. | |||||
| CVE-2012-3413 | 1 Kde | 1 Kde Pim | 2025-04-11 | 4.3 MEDIUM | N/A |
| The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. | |||||
| CVE-2011-2166 | 1 Dovecot | 1 Dovecot | 2025-04-11 | 6.5 MEDIUM | N/A |
| script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script. | |||||
| CVE-2013-4221 | 1 Restlet | 1 Restlet | 2025-04-11 | 7.5 HIGH | N/A |
| The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML. | |||||
| CVE-2010-0717 | 1 Moinmo | 1 Moinmoin | 2025-04-11 | 7.5 HIGH | N/A |
| The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors. | |||||
| CVE-2013-0118 | 1 Cs-cart | 1 Cs-cart | 2025-04-11 | 5.0 MEDIUM | N/A |
| CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self. | |||||
| CVE-2011-4504 | 2 Genmei Mori, Zyxel | 2 Pseudoics, P-330w Router | 2025-04-11 | 7.5 HIGH | N/A |
| The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | |||||
| CVE-2010-3279 | 1 Alcatel-lucent | 2 Ccagent, Omnitouch Contact Center | 2025-04-11 | 7.6 HIGH | N/A |
| The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe. | |||||
| CVE-2012-5512 | 1 Citrix | 1 Xenserver | 2025-04-11 | 3.2 LOW | N/A |
| Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-0224 | 2 Drupal, Video Project | 2 Drupal, Video | 2025-04-11 | 4.4 MEDIUM | N/A |
| The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. | |||||
| CVE-2009-5119 | 1 Websense | 2 Websense Web Filter, Websense Web Security | 2025-04-11 | 4.3 MEDIUM | N/A |
| The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. | |||||
| CVE-2012-5526 | 1 Andy Armstrong | 1 Cgi.pm | 2025-04-11 | 5.0 MEDIUM | N/A |
| CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. | |||||
| CVE-2011-1681 | 1 Vmware | 1 Open-vm-tools | 2025-04-11 | 3.3 LOW | N/A |
| vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | |||||
| CVE-2011-4503 | 2 Broadcom, Sitecom | 2 Broadcom Linux, Wl-111 | 2025-04-11 | 7.5 HIGH | N/A |
| The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | |||||
| CVE-2013-0470 | 1 Ibm | 1 Netezza Performance Portal | 2025-04-11 | 4.0 MEDIUM | N/A |
| HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files. | |||||
| CVE-2010-3315 | 1 Apache | 1 Subversion | 2025-04-11 | 6.0 MEDIUM | N/A |
| authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. | |||||
| CVE-2010-2276 | 1 Dojotoolkit | 1 Dojo | 2025-04-11 | 10.0 HIGH | N/A |
| The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component. | |||||