| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011. |
| Koala Framework before 2011-11-21 has XSS via the request_uri parameter. |
| Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password. |
| hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request. |
| nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) |
| tog-Pegasus has a package hash collision DoS vulnerability |
| cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE |
| cobbler: Web interface lacks CSRF protection when using Django framework |
| ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13) |
| Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php. |
| Joomla! 1.7.1 has core information disclosure due to inadequate error checking. |
| gpw generates shorter passwords than required |
| Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104 |
| mpack 1.6 has information disclosure via eavesdropping on mails sent by other users |
| In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat. |
| Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*. |
| fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. |
| Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. |
| TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. |
| Joomla! 1.5x through 1.5.12: Missing JEXEC Check |
