Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7801 total CVE
CVE Vendors Products Updated CVSS
CVE-2011-4911 1 Joomla 1 Joomla%21 2012-10-08 5.0
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
CVE-2012-4824 1 Ibm 1 Lotus Notes Traveler 2012-10-08 5.8
Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter.
CVE-2012-5234 1 Ocportal 1 Ocportal 2012-10-02 5.8
Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.
CVE-2012-1103 1 Notmuchmail 1 Notmuch 2012-09-26 4.3
emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached...
CVE-2012-3691 1 Apple 1 Safari 2012-09-22 5.8
WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2011-4962 1 Silverstripe 1 Silverstripe 2012-09-18 6.8
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
CVE-2012-0823 1 John Koleszar 1 Libvpx 2012-09-18 5.0
VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related...
CVE-2010-4819 1 X 1 X.org-xserver 2012-09-13 3.6
The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an...
CVE-2012-3572 2 Nurul Hidayah Hamazulan, Oscc 2 Mymeeting, Mymesyuarat 2012-09-12 6.0
Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document.
CVE-2010-4818 1 X.org 1 X.org 2012-09-06 8.5
The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a...
CVE-2012-1608 1 Typo3 1 Typo3 2012-09-05 5.0
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or...
CVE-2010-5185 1 Comodo 1 Comodo Internet Security 2012-09-05 10.0
The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors.
CVE-2012-2374 1 Tornadoweb 1 Tornado 2012-09-05 5.0
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
CVE-2012-2965 1 Caucho 1 Resin 2012-09-04 7.5
Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue.
CVE-2012-4669 1 Isode 1 M-link 2012-08-27 5.8
M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.
CVE-2012-4671 1 Psyced 1 Psyced 2012-08-27 5.8
psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.
CVE-2012-2488 1 Cisco 3 Ios Xr, Asr 9000 Rsp440 Router, Crs Performance Route Processor 2012-08-25 7.8
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.
CVE-2012-4026 1 Johnsoncontrols 2 Pegasys P2000 Server, Pegasys P2000 Server Software 2012-08-24 5.0
The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607.
CVE-2012-2496 1 Cisco 1 Anyconnect Secure Mobility Client 2012-08-24 6.8
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote...
CVE-2012-3371 1 Openstack 3 Folsom, Essex, Compute 2012-08-24 3.5
The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server...