Search

Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4572 1 Codefuture 1 Cf Image Hosting Script 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this was originally reported as a file disclosure vulnerability, but this is likely inaccurate.
CVE-2012-3000 1 F5 10 Big-ip Access Policy Manager, Big-ip Analytics, Big-ip Application Security Manager and 7 more 2025-04-11 N/A
Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter.
CVE-2013-5211 3 Ntp, Opensuse, Oracle 3 Ntp, Opensuse, Linux 2025-04-11 N/A
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
CVE-2013-6794 1 Olat 1 Olat 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2014-0793 2 Joomla, Stackideas 2 Joomla\!, Komento 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.
CVE-2009-4183 1 Hp 1 Openview Storage Data Protector 2025-04-11 N/A
Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 and 6.10 allows local users to obtain unspecified "access" via unknown vectors.
CVE-2010-5046 1 Ecocms 1 Ecocms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter.
CVE-2010-5055 1 Almnzm 1 Almnzm 2025-04-11 N/A
SQL injection vulnerability in index.php in Almnzm 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-4332 1 Joomla 1 Joomla\! 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-7184 1 Gomlab 1 Gom Player 2025-04-11 N/A
Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.
CVE-2011-4248 1 Realnetworks 1 Realplayer 2025-04-11 N/A
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file.
CVE-2011-4254 1 Realnetworks 1 Realplayer 2025-04-11 N/A
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request.
CVE-2009-3999 1 Hp 1 Power Manager 2025-04-11 N/A
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
CVE-2011-4684 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."
CVE-2011-4807 1 Phpalbum 1 Phpalbum 2025-04-11 N/A
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.
CVE-2011-4835 1 Homeseer 1 Homeseer Hs2 2025-04-11 N/A
Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors.
CVE-2011-5168 1 Bananadance 1 Banana Dance 2025-04-11 N/A
SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-0695 1 Basic-cms 1 Basic-cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter.
CVE-2010-0904 1 Oracle 1 Secure Backup 2025-04-11 N/A
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors.
CVE-2010-3250 1 Google 1 Chrome 2025-04-11 N/A
Unspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors.