Vulnerabilities (CVE)

Filter

125017 total CVE
CVE Vendors Products Updated CVSS
CVE-2009-4926 1 Esoftpro 1 Online Contact Manager 2010-07-12 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to...
CVE-2010-2673 1 Devana 1 Devana 2010-07-09 7.5
SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-2672 1 Ez 1 Ez Publish 2010-07-09 7.5
Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3)...
CVE-2010-2671 1 Ez 1 Ez Publish 2010-07-09 4.3
Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.
CVE-2010-2479 2 Htmlpurifier, Mahara 2 Htmlpurifier, Mahara 2010-07-07 4.3
Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1670 1 Mahara 1 Mahara 2010-07-07 7.5
Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass...
CVE-2009-4641 1 Gnome 1 Screensaver 2010-07-07 7.2
gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen...
CVE-2006-6887 1 Logahead 1 Logahead Unu 2010-07-07 6.8
Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than...
CVE-2010-2627 1 Ea 2 Battlefield 2, Battlefield 2142 2010-07-06 6.8
Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via...
CVE-2010-2625 1 Hitachi 2 Serverconductor %2f Deployment Manager, Jp1%2f Serverconductor %2f Deployment Manager 2010-07-06 7.8
Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-00, 01-01, and 06-00 through 06-00-/A; ServerConductor / Deployment Manager Standard Edition and Enterprise Edition 07-50 through 07-55,...
CVE-2010-2620 1 Open-ftpd 1 Open-ftpd 2010-07-06 9.3
Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.
CVE-2010-2619 1 Citrix 1 Xenserver 2010-07-06 1.9
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags."
CVE-2009-4924 1 Dan Pascu 1 Python-cjson 2010-07-06 4.3
Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.
CVE-2004-2769 1 Cerberusftp 1 Ftp Server 2010-07-06 4.0
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.
CVE-2010-2594 1 Intersect Alliance 2 Snare Epilog, Snare Agent 2010-07-02 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX,...
CVE-2010-2517 1 Ibm 1 Rational Clearquest 2010-07-01 7.5
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.
CVE-2010-2516 1 2daybiz 1 Multi Level Marketing Software 2010-06-30 7.5
Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php. NOTE: the provenance of this...
CVE-2009-4923 1 Cisco 1 Asa 5580 2010-06-30 7.8
Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162.
CVE-2009-4922 1 Cisco 1 Asa 5580 2010-06-30 6.8
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote...
CVE-2009-4921 1 Cisco 1 Asa 5580 2010-06-30 7.8
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110.