Search Results (26185 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4304 1 Moodle 1 Moodle 2025-04-11 N/A
The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation.
CVE-2013-6682 1 Cisco 1 Adaptive Security Appliance Software 2025-04-11 N/A
The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial of service (connection-database corruption) via an invalid entry, aka Bug ID CSCui33299.
CVE-2011-2442 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2025-04-11 N/A
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability."
CVE-2011-4895 1 Tor 1 Tor 2025-04-11 N/A
Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building.
CVE-2011-4896 1 Tor 1 Tor 2025-04-11 N/A
Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port.
CVE-2013-5481 1 Cisco 1 Ios 2025-04-11 N/A
The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
CVE-2010-3491 1 Tibco 4 Activematrix Businessworks Service Engine, Activematrix Service Bus, Activematrix Service Grid and 1 more 2025-04-11 N/A
The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.
CVE-2011-5126 1 Bluecoat 1 Sgos 2025-04-11 N/A
Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file.
CVE-2010-4535 1 Djangoproject 1 Django 2025-04-11 N/A
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.
CVE-2010-4600 2 Dojofoundation, Ibm 2 Dojo Toolkit, Rational Clearquest 2025-04-11 N/A
Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.
CVE-2010-4611 1 Html-edit 1 Html-edit Cms 2025-04-11 N/A
Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to (1) pages.php and (2) menu.php in includes/core_files and (3) extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message.
CVE-2010-4822 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters.
CVE-2013-5605 2 Mozilla, Redhat 4 Network Security Services, Enterprise Linux, Rhel Eus and 1 more 2025-04-11 N/A
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.
CVE-2013-6789 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653.
CVE-2013-6791 1 Microsoft 1 Enhanced Mitigation Experience Toolkit 2025-04-11 N/A
Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming (ROP) attack.
CVE-2011-0178 1 Apple 3 Carboncore, Mac Os X, Mac Os X Server 2025-04-11 N/A
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.
CVE-2012-0690 1 Tibco 4 Spotfire Analytics Server, Spotfire Professional, Spotfire Server and 1 more 2025-04-11 N/A
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.
CVE-2012-0818 1 Redhat 10 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 7 more 2025-04-11 N/A
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
CVE-2011-0687 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.
CVE-2012-4398 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application.