Search

Search Results (364053 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-5315 1 Chialab \& Channelweb 1 Bedita 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify credentials via a data array to admin/saveUser.
CVE-2010-5316 1 Basic-cms 1 Sweetrice 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie.
CVE-2010-5317 1 Basic-cms 1 Sweetrice 2025-04-12 N/A
Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action.
CVE-2010-5318 1 Basic-cms 1 Sweetrice 2025-04-12 N/A
The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.
CVE-2010-5319 1 Kan-studio 1 Kandidat Cms 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php, (2) modify pages via the what parameter to admin/edit.php, or (3) modify articles via the edit parameter to admin/news.php.
CVE-2010-5320 1 Memht 1 Memht Portal 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php.
CVE-2010-5323 1 Novell 1 Zenworks Configuration Management 2025-04-12 N/A
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324.
CVE-2010-5324 1 Novell 1 Zenworks Configuration Management 2025-04-12 N/A
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323.
CVE-2010-5325 3 Linuxfoundation, Oracle, Redhat 8 Foomatic-filters, Linux, Enterprise Linux and 5 more 2025-04-12 N/A
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.
CVE-2011-0460 2 Kbd-project, Opensuse 2 Kbd, Opensuse 2025-04-12 N/A
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.
CVE-2011-0993 1 Novell 1 Suse Lifecycle Management Server 2025-04-12 N/A
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2011-1381 1 Ibm 1 Openpages Grc Platform 2025-04-12 N/A
Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors.
CVE-2011-1749 2 Linux-nfs, Redhat 2 Nfs-utils, Enterprise Linux 2025-04-12 N/A
The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
CVE-2011-1793 1 Google 1 Chrome 2025-04-12 N/A
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."
CVE-2011-1794 1 Google 1 Chrome 2025-04-12 N/A
Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted dimensions.
CVE-2011-1795 1 Google 1 Chrome 2025-04-12 N/A
Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document containing a FORM element.
CVE-2011-1796 1 Google 1 Chrome 2025-04-12 N/A
Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that calls the removeChild method during interaction with a FRAME element.
CVE-2011-1798 1 Google 1 Chrome 2025-04-12 N/A
rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown other impact via a crafted text element in an SVG document.
CVE-2011-2198 3 Gnome, Opensuse, Oracle 3 Gnome-terminal, Opensuse, Solaris 2025-04-12 N/A
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
CVE-2011-2513 1 Redhat 3 Enterprise Linux, Icedtea-web, Icedtea6 2025-04-12 N/A
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.