CVE-2012-1213 CVSS:4.3
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter. (Last Update:2017-11-17) (Publish Update:2012-02-24)
CVE-2014-2023 CVSS:7.5
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/. (Last Update:2017-11-15) (Publish Update:2017-10-26)
CVE-2013-7091 CVSS:5.0
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. (Last Update:2017-11-15) (Publish Update:2013-12-13)
CVE-2014-0160 CVSS:5.0
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. (Last Update:2017-11-14) (Publish Update:2014-04-07)
CVE-2013-3623 CVSS:10.0
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter. (Last Update:2017-11-14) (Publish Update:2013-12-10)
CVE-2014-9322 CVSS:7.2
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. (Last Update:2017-11-09) (Publish Update:2014-12-17)
CVE-2013-5680 CVSS:6.8
Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command. (Last Update:2017-11-07) (Publish Update:2014-04-06)
CVE-2008-2286 CVSS:7.5
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet. (Last Update:2017-11-07) (Publish Update:2008-05-18)
CVE-2006-6199 CVSS:7.5
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist. (Last Update:2017-10-18) (Publish Update:2006-11-30)
CVE-2006-6759 CVSS:5.0
A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments. (Last Update:2017-10-18) (Publish Update:2006-12-26)
CVE-2006-6624 CVSS:4.0
The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command. (Last Update:2017-10-18) (Publish Update:2006-12-18)
CVE-2006-4318 CVSS:6.5
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands. (Last Update:2017-10-18) (Publish Update:2006-08-23)
CVE-2006-1664 CVSS:7.5
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. (Last Update:2017-10-18) (Publish Update:2006-04-07)
CVE-2006-0973 CVSS:7.5
SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. (Last Update:2017-10-18) (Publish Update:2006-03-03)
CVE-2004-2466 CVSS:5.0
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected. (Last Update:2017-10-18) (Publish Update:2004-12-31)
CVE-2007-2222 CVSS:9.3
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. (Last Update:2017-10-10) (Publish Update:2007-06-12)
CVE-2007-2526 CVSS:9.3
Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument. (Last Update:2017-10-10) (Publish Update:2007-05-08)
CVE-2007-3340 CVSS:7.8
BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages. (Last Update:2017-10-10) (Publish Update:2007-06-21)
CVE-2007-3162 CVSS:5.0
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument. (Last Update:2017-10-10) (Publish Update:2007-06-11)
CVE-2007-3133 CVSS:6.8
SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. (Last Update:2017-10-10) (Publish Update:2007-06-08)
CVE-2007-2821 CVSS:7.5
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. (Last Update:2017-10-10) (Publish Update:2007-05-22)
CVE-2007-2792 CVSS:7.5
SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information. (Last Update:2017-10-10) (Publish Update:2007-05-21)
CVE-2007-2586 CVSS:9.3
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259. (Last Update:2017-10-10) (Publish Update:2007-05-09)
CVE-2007-2583 CVSS:4.0
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. (Last Update:2017-10-10) (Publish Update:2007-05-09)
CVE-2007-2373 CVSS:7.5
SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter. (Last Update:2017-10-10) (Publish Update:2007-04-30)
CVE-2007-1162 CVSS:7.8
A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371. (Last Update:2017-10-10) (Publish Update:2007-03-02)
CVE-2006-4704 CVSS:6.8
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." (Last Update:2017-10-10) (Publish Update:2006-11-01)
CVE-2006-0003 CVSS:5.1
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. (Last Update:2017-10-10) (Publish Update:2006-04-11)
CVE-2003-0091 CVSS:7.2
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege. (Last Update:2017-10-10) (Publish Update:2003-04-02)
CVE-2007-2482 CVSS:6.8
Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter. (Last Update:2017-10-09) (Publish Update:2007-05-03)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com