Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7636 total CVE
CVE Vendors Products Updated CVSS
CVE-2006-6852 1 Tdiary 1 Tdiary 2011-03-08 6.0
Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. ...
CVE-2005-3467 1 Serv-u 1 Serv-u 2011-03-08 5.0
Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory...
CVE-2005-2923 1 Ipswitch 2 Ipswitch Collaboration Suite, Imail Server 2011-03-08 4.0
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory.
CVE-2010-1152 1 Memcachedb 1 Memcached 2011-03-01 5.0
memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information.
CVE-2009-1697 1 Apple 1 Safari 2011-02-17 4.3
CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML...
CVE-2009-1686 1 Apple 1 Safari 2011-02-17 9.3
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which...
CVE-2010-4196 1 Adobe 1 Shockwave Player 2011-02-17 9.3
The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
CVE-2010-4193 1 Adobe 1 Shockwave Player 2011-02-17 9.3
Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
CVE-2010-4194 1 Adobe 1 Shockwave Player 2011-02-17 9.3
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
CVE-2010-4195 1 Adobe 1 Shockwave Player 2011-02-17 9.3
The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
CVE-2002-0146 1 Fetchmail 1 Fetchmail 2011-02-15 5.0
fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.
CVE-2008-7274 1 Ibm 1 Websphere Application Server 2011-02-15 4.3
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password.
CVE-2010-4727 1 Smarty 1 Smarty 2011-02-04 10.0
Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors.
CVE-2010-4254 2 Mono, Novell 2 Moonlight, Mono 2011-02-02 7.5
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
CVE-2010-4384 1 Realnetworks 1 Realplayer 2011-01-26 9.3
Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute...
CVE-2010-4335 1 Cakefoundation 1 Cakephp 2011-01-22 7.5
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is...
CVE-2010-3703 1 Poppler 1 Poppler 2011-01-22 4.3
The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service...
CVE-2011-0513 1 Securstar 1 Drivecrypt 2011-01-21 7.2
DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL.
CVE-2010-4535 1 Djangoproject 1 Django 2011-01-20 5.0
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a...
CVE-2010-4396 1 Realnetworks 2 Realplayer, Realplayer Sp 2011-01-19 4.3
Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary...