Search Results (26362 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3909 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2011-1739 1 Freebsd 1 Freebsd 2025-04-11 N/A
The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request.
CVE-2011-1853 1 Hp 1 Intelligent Management Center 2025-04-11 N/A
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table.
CVE-2014-0082 2 Redhat, Rubyonrails 4 Cloudforms Managementengine, Rhel Software Collections, Rails and 1 more 2025-04-11 N/A
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
CVE-2011-2081 1 Inventivetec 1 Mediacast 2025-04-11 N/A
MediaCAST 8 and earlier does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote attackers to obtain sensitive information via unspecified vectors related to the Public/ directory tree.
CVE-2010-0119 2 Becauseinter, Freebsd 2 Bournal, Freebsd 2025-04-11 N/A
Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing."
CVE-2011-2084 1 Bestpractical 1 Rt 2025-04-11 N/A
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account.
CVE-2009-5020 1 Awstats 1 Awstats 2025-04-11 N/A
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2011-2088 2 Apache, Opensymphony 3 Struts, Webwork, Xwork 2025-04-11 N/A
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
CVE-2013-4039 1 Ibm 1 Websphere Extended Deployment Compute Grid 2025-04-11 N/A
IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors.
CVE-2010-2732 1 Microsoft 1 Forefront Unified Access Gateway 2025-04-11 N/A
Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
CVE-2013-4043 1 Ibm 1 Spss Collaboration And Deployment Services 2025-04-11 N/A
The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request.
CVE-2012-0212 1 Devscripts Devel Team 1 Devscripts 2025-04-11 N/A
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.
CVE-2010-0024 1 Microsoft 6 Exchange Server, Windows 2000, Windows 2003 Server and 3 more 2025-04-11 N/A
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
CVE-2010-0022 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more 2025-04-11 N/A
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
CVE-2012-1589 1 Drupal 1 Drupal 2025-04-11 N/A
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.
CVE-2013-7306 1 Brocade 11 Adx, Bigiron Rx, Fastiron and 8 more 2025-04-11 N/A
The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-7299 1 Tntnet 1 Tntnet 2025-04-11 N/A
framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests.
CVE-2013-7294 1 Libreswan 1 Libreswan 2025-04-11 N/A
The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload.
CVE-2013-7281 1 Linux 1 Linux Kernel 2025-04-11 N/A
The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.