Search Results (26309 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5816 1 Aol 1 Aim 2025-04-11 N/A
AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2012-5815 1 Rackspace 1 Rackspace 2025-04-11 N/A
The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2012-5814 2 Github, Roderick Baier 2 Gaug.es, Weberknecht 2025-04-11 N/A
Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2012-5813 1 Emorym 1 Android Pusher 2025-04-11 N/A
The Android_Pusher library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-0909 1 Google 1 Chrome 2025-04-11 N/A
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors.
CVE-2010-4760 1 Otrs 1 Otrs 2025-04-11 N/A
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.
CVE-2013-0747 4 Canonical, Mozilla, Opensuse and 1 more 9 Ubuntu Linux, Firefox, Seamonkey and 6 more 2025-04-11 N/A
The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.
CVE-2013-1301 1 Microsoft 1 Visio 2025-04-11 N/A
Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
CVE-2010-2876 1 Adobe 1 Shockwave Player 2025-04-11 N/A
Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
CVE-2012-5703 1 Vmware 2 Esx, Esxi 2025-04-11 N/A
The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request.
CVE-2012-5610 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-11 N/A
Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name.
CVE-2012-5589 2 Drupal, Netgenius 2 Drupal, Multilink 2025-04-11 N/A
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link.
CVE-2010-3238 1 Microsoft 2 Excel, Office 2025-04-11 N/A
Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
CVE-2012-5524 1 Gajim 1 Gajim 2025-04-11 N/A
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.
CVE-2013-3887 1 Microsoft 7 Windows 7, Windows 8, Windows Server 2003 and 4 more 2025-04-11 N/A
The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local users to obtain sensitive information from kernel memory by leveraging improper copy operations, aka "Ancillary Function Driver Information Disclosure Vulnerability."
CVE-2012-5520 1 Openvas 1 Openvas Manager 2025-04-11 N/A
The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.
CVE-2013-3909 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2013-4094 1 Imperva 1 Securesphere 2025-04-11 N/A
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.
CVE-2013-4096 1 Ds3 1 Authentication Server 2025-04-11 N/A
ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field.
CVE-2013-4129 1 Linux 1 Linux Kernel 2025-04-11 N/A
The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c.