Export limit exceeded: 363701 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363701 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363701 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3462 | 1 Mollify | 1 Mollify | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in backend/plugin/Registration/index.php in Mollify 1.6, 1.6.5.5, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the confirm parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-3307 | 1 Dustincowell | 1 Free Simple Cms | 2025-04-11 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) body, (2) footer, (3) header, (4) menu_left, or (5) menu_right parameter. | ||||
| CVE-2010-3252 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2011-4166 | 1 Hp | 1 Managed Printing Administration | 2025-04-11 | N/A |
| Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. | ||||
| CVE-2010-3254 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2010-3253 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2010-3251 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | ||||
| CVE-2011-3874 | 1 Google | 1 Android | 2025-04-11 | N/A |
| Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error. | ||||
| CVE-2010-3249 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "stale pointer" issue. | ||||
| CVE-2011-3999 | 1 Ibc.co.jp | 1 Iwate Portal Bar | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed. | ||||
| CVE-2014-1673 | 1 Checkpoint | 1 Session Authentication Agent | 2025-04-11 | N/A |
| Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors. | ||||
| CVE-2014-1680 | 1 Bandisoft | 1 Bandizip | 2025-04-11 | N/A |
| Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. | ||||
| CVE-2014-1681 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting." | ||||
| CVE-2014-1683 | 1 Skybluecanvas | 1 Skybluecanvas | 2025-04-11 | N/A |
| The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php. | ||||
| CVE-2014-1694 | 1 Otrs | 1 Otrs | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets. | ||||
| CVE-2014-1696 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2025-04-11 | N/A |
| Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2014-1697 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2025-04-11 | N/A |
| The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999. | ||||
| CVE-2014-1698 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2025-04-11 | N/A |
| Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. | ||||
| CVE-2014-1699 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2025-04-11 | N/A |
| Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. | ||||
| CVE-2014-1833 | 1 Devscripts Devel Team | 1 Devscripts | 2025-04-11 | N/A |
| Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. | ||||