Search Results (26244 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-0837 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."
CVE-2010-3283 1 Hp 1 System Management Homepage 2025-04-11 N/A
Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2011-0413 2 Isc, Redhat 2 Dhcp, Enterprise Linux 2025-04-11 N/A
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
CVE-2012-0690 1 Tibco 4 Spotfire Analytics Server, Spotfire Professional, Spotfire Server and 1 more 2025-04-11 N/A
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.
CVE-2012-0676 1 Apple 1 Safari 2025-04-11 N/A
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.
CVE-2012-2104 1 Munin-monitoring 1 Munin 2025-04-11 N/A
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
CVE-2012-2140 2 Cloudforms Cloudengine, Rubygems 2 1, Mail Gem 2025-04-11 N/A
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
CVE-2012-0652 1 Apple 1 Mac Os X 2025-04-11 N/A
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.
CVE-2012-0651 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.
CVE-2012-2549 1 Microsoft 2 Windows Server 2008, Windows Server 2012 2025-04-11 N/A
The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability."
CVE-2013-2888 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.
CVE-2011-4581 1 Moodle 1 Moodle 2025-04-11 N/A
mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface.
CVE-2013-3469 1 Cisco 1 Mobility Services Engine 2025-04-11 N/A
Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794.
CVE-2012-3419 1 Sgi 1 Performance Co-pilot 2025-04-11 N/A
Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.
CVE-2011-4497 1 Asus 2 Rt-n56u, Rt-n56u Firmware 2025-04-11 N/A
QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request.
CVE-2009-4921 1 Cisco 1 Asa 5580 2025-04-11 N/A
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110.
CVE-2012-3485 1 Google 1 Tunnelblick 2025-04-11 N/A
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
CVE-2013-3511 1 Gwos 1 Groundwork Monitor 2025-04-11 N/A
Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-2848 1 Google 1 Chrome 2025-04-11 N/A
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-2825 1 Elecsyscorp 2 Director Dnp3 Outstation Kernel, Director Industrial Communication Gateway 2025-04-11 N/A
The DNP3 service in the Outstation component on Elecsys Director Gateway devices with kernel 2.6.32.11ael1 and earlier allows remote attackers to cause a denial of service (CPU consumption and communication outage) via crafted input.