Low

Cisco Security Advisory: Cisco Security Agent Remote Code Execution Vulnerabilities

Cisco Security Agent is affected by vulnerabilities that could allow an unauthenticated attacker to ...

27 october, 2011

Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras

A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 24 ...

27 october, 2011

Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability

Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive ...

27 october, 2011

MS12-035: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

This security update resolves two privately reported vulnerabilities in the .NET Framework.

09 may, 2012

MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)

This security update resolves three publicly disclosed vulnerabilities and seven privately reported ...

08 may, 2012

MS12-033: Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)

This security update resolves a privately reported vulnerability in Microsoft Windows.

08 may, 2012

National Vulnerability Database 1 - 19 of 12814
First | Prev. | 1 2 3 4 5 6 7 8 9 10 11 | Next | Last 

CVE-2012-2759

Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php.

22 may, 2012

CVE-2012-2567

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted (1) FTP or (2) HTTP session.

22 may, 2012

CVE-2012-1990

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields.

22 may, 2012

CVE-2012-2928

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

22 may, 2012

CVE-2012-2927

The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.

22 may, 2012

CVE-2012-2349

** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2010-5104.  Reason: This candidate is a reservation duplicate of CVE-2010-5104.  Notes: All CVE users should reference CVE-2010-5104 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.

21 may, 2012

CVE-2012-2348

** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2010-5103.  Reason: This candidate is a duplicate of CVE-2010-5103.  Notes: All CVE users should reference CVE-2010-5103 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.

21 may, 2012

CVE-2012-2347

** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2010-5102.  Reason: This candidate is a duplicate of CVE-2010-5102.  Notes: All CVE users should reference CVE-2010-5102 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.

21 may, 2012

CVE-2012-2346

** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2010-5101.  Reason: This candidate is a duplicate of CVE-2010-5101.  Notes: All CVE users should reference CVE-2010-5101 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.

21 may, 2012

CVE-2012-2345

** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2010-5100.  Reason: This candidate is a duplicate of CVE-2010-5100.  Notes: All CVE users should reference CVE-2010-5100 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.

21 may, 2012

CVE-2012-2344

** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2010-5099.  Reason: This candidate is a duplicate of CVE-2010-5099.  Notes: All CVE users should reference CVE-2010-5099 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.

21 may, 2012

CVE-2012-2343

** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2010-5098.  Reason: This candidate is a duplicate of CVE-2010-5098.  Notes: All CVE users should reference CVE-2010-5098 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.

21 may, 2012

CVE-2012-2342

** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2010-5097.  Reason: This candidate is a duplicate of CVE-2010-5097.  Notes: All CVE users should reference CVE-2010-5097 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.

21 may, 2012

CVE-2012-2340

The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors.

21 may, 2012

CVE-2010-5100

Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

21 may, 2012

CVE-2010-5098

Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

21 may, 2012

CVE-2010-5097

Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

21 may, 2012

CVE-2012-2907

Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.

21 may, 2012

CVE-2012-2120

latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

18 may, 2012

National Vulnerability Database 1 - 19 of 12814
First | Prev. | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 | Next | Last

This Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product

This Sun Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product.

14 april, 2010

This Alert Covers CVE-2010-0893 for the Mail Component of the Sun Convergence Product

This Alert covers CVE-2010-0893 for the mail component of the Sun Convergence product.

14 april, 2010

SunOS 5.10_x86: ucode driver patch

6905530 processor microcode code can panic when retrieving microcode revision.

02 february, 2010

[RHSA-2010:1003-01] Moderate: git security update

Red Hat Security Advisory - Moderate: git security update

21 december, 2010

[RHSA-2010:1002-01] Moderate: mod_auth_mysql security update

Red Hat Security Advisory - Moderate: mod_auth_mysql security update

21 december, 2010

[RHSA-2010:1000-01] Important: bind security update

Red Hat Security Advisory - Important: bind security update

20 december, 2010

Firefox 8/9 AttributeChildRemoved() Use-After-Free Exploit

Target: Mozilla Firefox 8.x, 9.x
Impact: Code execution

MS12-027 MSCOMCTL ActiveX Buffer Overflow Exploit (meta)

Target: MSCOMCTL ActiveX
Impact: Code execution

Microsoft Windows RDP PoC (CVE-2012-0002)

Target: Microsoft Windows XP, 2003, Vista, 7, 2008
Impact: Code execution