Vulnerabilities (CVE)

Filter

130145 total CVE
CVE Vendors Products Updated CVSS
CVE-2010-4580 1 Opera 1 Opera Browser 2011-01-22 5.0
Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site.
CVE-2010-4579 1 Opera 1 Opera Browser 2011-01-22 5.0
Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs the (1) security information dialog or...
CVE-2010-4335 1 Cakefoundation 1 Cakephp 2011-01-22 7.5
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is...
CVE-2010-3703 1 Poppler 1 Poppler 2011-01-22 4.3
The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service...
CVE-2010-3495 1 Zope 1 Zodb 2011-01-22 4.3
Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function...
CVE-2010-1676 1 Tor 1 Tor 2011-01-22 10.0
Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2011-0016 1 Tor 1 Tor 2011-01-22 2.1
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.
CVE-2011-0513 1 Securstar 1 Drivecrypt 2011-01-21 7.2
DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL.
CVE-2011-0502 1 Musanim 1 Music Animation Machine Midi Player 2011-01-21 9.3
Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a long line in a MIDI (.mid) file.
CVE-2011-0500 1 Verytools 2 Videospirit Lite, Videospirit Pro 2011-01-21 9.3
Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and VideoSpirit Lite 1.4.0.1 and possibly other versions; allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem...
CVE-2010-4703 1 Hotwebscripts 1 Hotweb Rentals 2011-01-21 7.5
SQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely...
CVE-2010-3932 2011-01-21 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none.
CVE-2010-4535 1 Djangoproject 1 Django 2011-01-20 5.0
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a...
CVE-2010-4534 1 Djangoproject 1 Django 2011-01-20 4.0
The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated...
CVE-2010-4262 1 Xfig 1 Xfig 2011-01-20 6.8
Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition.
CVE-2010-4013 1 Apple 2 Mac Os X, Mac Os X Server 2011-01-20 6.8
Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software...
CVE-2009-4228 1 Xfig 1 Xfig 2011-01-20 4.3
Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the...
CVE-2009-3024 1 Io-socket-ssl 1 Io-socket-ssl 2011-01-20 4.3
The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname...
CVE-2010-4588 1 Microsoft 1 Wmi Administrative Tools 2011-01-19 9.3
The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973,...
CVE-2010-4524 1 Mhonarc 1 Mhonarc 2011-01-19 4.3
Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and...