Export limit exceeded: 24693 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24693 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-5112 | 1 Iwork | 1 Webglimpse | 2025-04-11 | N/A |
| wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request. | ||||
| CVE-2012-4026 | 1 Johnsoncontrols | 2 Pegasys P2000 Server, Pegasys P2000 Server Software | 2025-04-11 | N/A |
| The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607. | ||||
| CVE-2013-1671 | 1 Mozilla | 1 Firefox | 2025-04-11 | N/A |
| Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site. | ||||
| CVE-2012-4013 | 1 Cybozu | 1 Kunai Browser For Remote Service | 2025-04-11 | N/A |
| The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. | ||||
| CVE-2011-2632 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial of service (application crash) via a web page, as demonstrated by vod.onet.pl. | ||||
| CVE-2012-1464 | 1 Netmechanica | 1 Netdecision | 2025-04-11 | N/A |
| Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-3394 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2012-5785 | 1 Apache | 1 Axis2 | 2025-04-11 | N/A |
| Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2012-2964 | 1 Breakingpointsystems | 2 Breakingpoint Storm Appliance, Breakingpoint Storm Appliance Ctm | 2025-04-11 | N/A |
| The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information by sniffing the network for XML documents. | ||||
| CVE-2012-1466 | 1 Netmechanica | 1 Netdecision | 2025-04-11 | N/A |
| The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-6359 | 1 Munin-monitoring | 1 Munin | 2025-04-11 | N/A |
| Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name. | ||||
| CVE-2012-4103 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | N/A |
| ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686. | ||||
| CVE-2012-0674 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. | ||||
| CVE-2010-4767 | 1 Otrs | 1 Otrs | 2025-04-11 | N/A |
| Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox. | ||||
| CVE-2012-0687 | 1 Tibco | 7 Activematrix Bpm, Activematrix Businessworks, Activematrix Businessworks Service Engine and 4 more | 2025-04-11 | N/A |
| TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL. | ||||
| CVE-2012-2981 | 1 Gentoo | 1 Webmin | 2025-04-11 | N/A |
| Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter. | ||||
| CVE-2010-2819 | 1 Cisco | 4 Catalyst 6500, Catalyst 7600, Firewall Services Module and 1 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61622. | ||||
| CVE-2009-4961 | 1 Lanai-core | 1 Lanai-core | 2025-04-11 | N/A |
| Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function. | ||||
| CVE-2012-1783 | 1 Saurabh Gupta | 1 Tiny Server | 2025-04-11 | N/A |
| Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number. | ||||
| CVE-2010-0024 | 1 Microsoft | 6 Exchange Server, Windows 2000, Windows 2003 Server and 3 more | 2025-04-11 | N/A |
| The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." | ||||