Export limit exceeded: 366897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366897 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-3457 1 Getsymphony 1 Symphony 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.
CVE-2011-2461 1 Adobe 1 Flex Sdk 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.
CVE-2011-4161 1 Hp 41 Color Laserjet 3000, Color Laserjet 3800, Color Laserjet 4700 and 38 more 2025-04-11 N/A
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
CVE-2011-4344 1 Jenkins 1 Jenkins 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
CVE-2011-4540 1 Atmail 1 Atmail Open 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php.
CVE-2011-4544 1 Prestashop 1 Prestashop 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php.
CVE-2013-4937 1 Asus 14 Dsl-n55u, Dsl-n56u Firmware, Rt-ac66u and 11 more 2025-04-11 N/A
Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.
CVE-2013-6799 1 Apple 1 Mac Os X 2025-04-11 N/A
Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105.
CVE-2011-4684 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."
CVE-2011-4807 1 Phpalbum 1 Phpalbum 2025-04-11 N/A
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.
CVE-2011-4835 1 Homeseer 1 Homeseer Hs2 2025-04-11 N/A
Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors.
CVE-2011-5168 1 Bananadance 1 Banana Dance 2025-04-11 N/A
SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-0695 1 Basic-cms 1 Basic-cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter.
CVE-2010-0904 1 Oracle 1 Secure Backup 2025-04-11 N/A
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors.
CVE-2010-3250 1 Google 1 Chrome 2025-04-11 N/A
Unspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors.
CVE-2010-3256 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors.
CVE-2010-3258 1 Google 1 Chrome 2025-04-11 N/A
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors.
CVE-2010-4721 1 Mhproducts 1 Immo Makler 2025-04-11 N/A
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-5675 1 Adobe 1 Coldfusion 2025-04-11 N/A
Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors.
CVE-2010-5081 1 Mini-stream 1 Rm-mp3 Converter 2025-04-11 N/A
Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.