| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The user-access-manager plugin before 1.2 for WordPress has CSRF. |
| In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. |
| mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled. |
| Pacemaker before 1.1.6 configure script creates temporary files insecurely |
| Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. |
| Snare for Linux before 1.7.0 has CSRF in the web interface. |
| Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword. |
| An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011. |
| Koala Framework before 2011-11-21 has XSS via the request_uri parameter. |
| Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password. |
| hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request. |
| nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) |
| tog-Pegasus has a package hash collision DoS vulnerability |
| cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE |
| cobbler: Web interface lacks CSRF protection when using Django framework |
| ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13) |
| Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php. |
| Joomla! 1.7.1 has core information disclosure due to inadequate error checking. |
| gpw generates shorter passwords than required |
| Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104 |
