CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-2760 264 2 2012-07-25 2017-08-29
2.1
None Local Low Not required Partial None None
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
2 CVE-2010-4734 79 2 XSS 2011-02-16 2011-09-22
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information.
3 CVE-2010-0971 79 2 XSS 2010-03-16 2017-08-17
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.
4 CVE-2014-4701 200 1 +Info 2014-12-05 2016-11-28
2.1
None Local Low Not required Partial None None
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.
5 CVE-2013-5791 1 Exec Code Overflow 2013-10-16 2018-10-12
1.5
None Local Medium ??? None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name.
6 CVE-2013-5099 79 1 XSS 2013-08-09 2017-08-29
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php.
7 CVE-2012-5914 79 1 XSS 2012-11-17 2017-08-29
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the (1) newmsg or (2) rtext parameter. NOTE: some of these details are obtained from third party information.
8 CVE-2012-5349 79 1 XSS 2012-10-09 2017-08-29
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.
9 CVE-2012-5325 79 1 XSS 2012-10-08 2017-08-29
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.
10 CVE-2012-4615 310 1 +Info 2012-11-27 2013-08-17
2.1
None Local Low Not required Partial None None
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors.
11 CVE-2012-2425 20 1 DoS 2012-04-25 2021-07-23
1.8
None Local Network High Not required None None Partial
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (application crash) via a long URI.
12 CVE-2012-0976 79 1 XSS 2012-02-02 2017-08-29
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information.
13 CVE-2012-0933 79 1 XSS 2012-01-29 2017-08-29
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/.
14 CVE-2011-5204 255 1 +Info 2012-10-04 2012-10-05
1.9
None Local Medium Not required Partial None None
Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.
15 CVE-2011-0652 20 1 DoS 2011-01-28 2017-08-17
2.1
None Local Low Not required None None Partial
lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third party information.
16 CVE-2011-0515 1 DoS 2011-01-20 2018-10-30
2.1
None Local Low Not required None None Partial
KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook.
17 CVE-2010-4883 79 1 XSS 2011-10-07 2017-08-29
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter.
18 CVE-2010-4783 79 1 XSS 2011-04-07 2018-10-10
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.
19 CVE-2010-4607 79 1 XSS 2010-12-29 2011-01-04
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.
20 CVE-2010-2038 79 1 XSS 2010-05-25 2018-10-10
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in include/tool/editing_files.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php. NOTE: some of these details are obtained from third party information.
21 CVE-2010-1997 79 1 XSS 2010-05-20 2018-10-10
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter.
22 CVE-2010-1856 79 1 XSS 2010-05-07 2010-05-10
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action.
23 CVE-2010-1584 79 1 XSS 2010-05-19 2017-08-17
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description.
24 CVE-2009-4118 1 DoS 2009-12-01 2012-10-25
2.1
None Local Low Not required None None Partial
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
25 CVE-2009-3562 79 1 XSS 2009-10-05 2017-09-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
26 CVE-2008-0334 79 1 XSS 2008-01-17 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter.
27 CVE-2007-3838 1 XSS 2007-07-17 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
28 CVE-2006-3656 1 Mem. Corr. 2006-07-18 2018-10-18
2.6
None Remote High Not required None Partial None
Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
29 CVE-2004-2502 1 2004-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a symlink attack on the imswitcher[PID] temporary file.
30 CVE-1999-1251 1 DoS 1996-12-24 2017-12-19
2.1
None Local Low Not required None None Partial
Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service.
31 CVE-1999-1205 1 DoS 1996-06-07 2018-05-03
2.1
None Local Low Not required None None Partial
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.
32 CVE-2022-37452 Overflow 2022-08-07 2022-08-07
0.0
None ??? ??? ??? ??? ??? ???
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
33 CVE-2022-37451 2022-08-06 2022-08-07
0.0
None ??? ??? ??? ??? ??? ???
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
34 CVE-2022-37450 2022-08-05 2022-08-06
0.0
None ??? ??? ??? ??? ??? ???
Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.
35 CVE-2022-37434 Overflow 2022-08-05 2022-08-06
0.0
None ??? ??? ??? ??? ??? ???
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
36 CVE-2022-37431 XSS 2022-08-05 2022-08-05
0.0
None ??? ??? ??? ??? ??? ???
A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false.
37 CVE-2022-37416 2022-08-05 2022-08-05
0.0
None ??? ??? ??? ??? ??? ???
Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8.
38 CVE-2022-37415 Overflow 2022-08-05 2022-08-05
0.0
None ??? ??? ??? ??? ??? ???
The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008.
39 CVE-2022-37398 Overflow 2022-08-05 2022-08-06
0.0
None ??? ??? ??? ??? ??? ???
A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below.
40 CVE-2022-37396 Exec Code Bypass 2022-08-03 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution
41 CVE-2022-37394 DoS 2022-08-03 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.
42 CVE-2022-37315 674 2022-08-01 2022-08-05
0.0
None ??? ??? ??? ??? ??? ???
graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser.
43 CVE-2022-37035 Exec Code 2022-08-02 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.
44 CVE-2022-37030 Exec Code 2022-08-04 2022-08-04
0.0
None ??? ??? ??? ??? ??? ???
Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.
45 CVE-2022-37010 20 2022-07-28 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed
46 CVE-2022-37009 94 Exec Code 2022-07-28 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible
47 CVE-2022-37000 2022-07-28 2022-07-28
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
48 CVE-2022-36999 2022-07-28 2022-07-28
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
49 CVE-2022-36998 DoS Overflow 2022-07-28 2022-07-28
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.
50 CVE-2022-36997 DoS 2022-07-28 2022-07-28
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.