244501
|
5.8 |
MEDIUM
|
pywbem_project
|
pywbem
|
PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl…
|
CWE-20
不適切な入力確認
|
CVE-2013-6444
|
2016-11-29 04:09 |
2014-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244502
|
4.3 |
MEDIUM
|
dave_coffin
|
dcraw
|
Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo fil…
|
NVD-CWE-noinfo
|
CVE-2013-1438
|
2016-11-29 04:08 |
2014-01-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244503
|
6.9 |
MEDIUM
|
todd_miller apple
|
sudo mac_os_x
|
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-1775
|
2016-11-29 04:08 |
2013-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244504
|
4.3 |
MEDIUM
|
apache
|
activemq
|
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-1880
|
2016-11-29 04:08 |
2014-02-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244505
|
6.8 |
MEDIUM
|
x canonical
|
libx11 ubuntu_linux
|
Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFon…
|
CWE-189
数値処理の問題
|
CVE-2013-1981
|
2016-11-29 04:08 |
2013-06-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244506
|
6.8 |
MEDIUM
|
x canonical
|
libx11 ubuntu_linux
|
Additional products added per
http://www.ubuntu.com/usn/USN-1854-1/
|
CWE-189
数値処理の問題
|
CVE-2013-1981
|
2016-11-29 04:08 |
2013-06-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244507
|
10.0 |
HIGH
|
lawrence_berkeley_national_laboratory
|
arpwatch
|
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerab…
|
NVD-CWE-Other
|
CVE-2012-2653
|
2016-11-29 04:08 |
2012-07-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244508
|
6.4 |
MEDIUM
|
oracle
|
database_server primavera_p6_enterprise_project_portfolio_management
|
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, wh…
|
CWE-287
不適切な認証
|
CVE-2012-3137
|
2016-11-29 04:08 |
2012-09-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244509
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to R…
|
NVD-CWE-noinfo
|
CVE-2012-3175
|
2016-11-29 04:08 |
2012-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244510
|
5.7 |
MEDIUM
|
isc
|
dhcp
|
Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifi…
|
CWE-119
バッファエラー
|
CVE-2012-3570
|
2016-11-29 04:08 |
2012-07-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244511
|
5.0 |
MEDIUM
|
twiki foswiki
|
twiki foswiki
|
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large i…
|
CWE-189
数値処理の問題
|
CVE-2012-6330
|
2016-11-29 04:08 |
2013-01-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244512
|
5.0 |
MEDIUM
|
apache
|
activemq
|
The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
|
CWE-399
リソース管理の問題
|
CVE-2012-6551
|
2016-11-29 04:08 |
2013-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244513
|
4.3 |
MEDIUM
|
yoast
|
wordpress_seo
|
Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-6692
|
2016-11-29 04:08 |
2015-06-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244514
|
4.3 |
MEDIUM
|
oracle
|
database_server enterprise_manager_grid_control
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Gri…
|
NVD-CWE-noinfo
|
CVE-2012-0526
|
2016-11-29 04:07 |
2012-05-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244515
|
4.3 |
MEDIUM
|
oracle
|
database_server enterprise_manager_grid_control
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Gri…
|
NVD-CWE-noinfo
|
CVE-2012-0527
|
2016-11-29 04:07 |
2012-05-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244516
|
4.9 |
MEDIUM
|
sun
|
sunos
|
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2012-0098.
|
NVD-CWE-noinfo
|
CVE-2011-0813
|
2016-11-29 04:07 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244517
|
5.0 |
MEDIUM
|
oracle
|
enterpriseone_tools jd_edwards_enterpriseone jd_edwards_enterpriseone_ep oneworld_tools peoplesoft_and_jdedwards_product_suite peoplesoft_and_jdedwards_suite_scm
|
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect integrity, related to Enterprise Infrast…
|
NVD-CWE-noinfo
|
CVE-2011-0819
|
2016-11-29 04:07 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244518
|
5.0 |
MEDIUM
|
oracle
|
enterpriseone_tools jd_edwards_enterpriseone jd_edwards_enterpriseone_ep oneworld_tools peoplesoft_and_jdedwards_product_suite peoplesoft_and_jdedwards_suite_scm
|
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect integrity, related to Enterprise Infrast…
|
NVD-CWE-noinfo
|
CVE-2011-0823
|
2016-11-29 04:07 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244519
|
3.5 |
LOW
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Cons…
|
NVD-CWE-noinfo
|
CVE-2011-2237
|
2016-11-29 04:07 |
2011-10-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244520
|
5.0 |
MEDIUM
|
squid-cache
|
squid
|
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record th…
|
CWE-399
リソース管理の問題
|
CVE-2011-4096
|
2016-11-29 04:07 |
2011-11-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244521
|
6.8 |
MEDIUM
|
gnu
|
wget
|
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary…
|
CWE-20
不適切な入力確認
|
CVE-2010-2252
|
2016-11-29 04:07 |
2010-07-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244522
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than C…
|
NVD-CWE-noinfo
|
CVE-2010-2395
|
2016-11-29 04:07 |
2010-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244523
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than C…
|
NVD-CWE-noinfo
|
CVE-2010-2409
|
2016-11-29 04:07 |
2010-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244524
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than C…
|
NVD-CWE-noinfo
|
CVE-2010-2410
|
2016-11-29 04:07 |
2010-10-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244525
|
5.5 |
MEDIUM
|
oracle
|
peoplesoft_and_jdedwards_product_suite
|
Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users …
|
NVD-CWE-noinfo
|
CVE-2010-3538
|
2016-11-29 04:07 |
2010-10-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244526
|
5.5 |
MEDIUM
|
oracle
|
peoplesoft_and_jdedwards_product_suite
|
Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users …
|
NVD-CWE-noinfo
|
CVE-2010-3539
|
2016-11-29 04:07 |
2010-10-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244527
|
5.8 |
MEDIUM
|
gnu
|
gnu_patch
|
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot…
|
CWE-22
パス・トラバーサル
|
CVE-2010-4651
|
2016-11-29 04:07 |
2011-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244528
|
10.0 |
HIGH
|
novell
|
zenworks_configuration_management
|
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary cod…
|
CWE-22
パス・トラバーサル
|
CVE-2010-5324
|
2016-11-29 04:07 |
2015-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244529
|
4.9 |
MEDIUM
|
freebsd
|
freebsd
|
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive i…
|
CWE-20
不適切な入力確認
|
CVE-2009-1436
|
2016-11-29 04:07 |
2009-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244530
|
4.3 |
MEDIUM
|
oracle
|
application_server
|
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CV…
|
NVD-CWE-noinfo
|
CVE-2009-3407
|
2016-11-29 04:07 |
2009-10-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244531
|
6.5 |
MEDIUM
|
oracle
|
authentication_component database_server
|
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2605.
|
NVD-CWE-noinfo
|
CVE-2008-2604
|
2016-11-29 04:07 |
2008-07-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244532
|
4.0 |
MEDIUM
|
oracle
|
authentication_component database_server
|
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2604.
|
NVD-CWE-noinfo
|
CVE-2008-2605
|
2016-11-29 04:07 |
2008-07-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244533
|
6.2 |
MEDIUM
|
microsoft
|
windows_2000 windows_7 windows_server_2008 windows_vista windows_xp
|
Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as…
|
NVD-CWE-Other
|
CVE-2007-6753
|
2016-11-29 04:06 |
2012-03-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244534
|
6.2 |
MEDIUM
|
microsoft
|
windows_2000 windows_7 windows_server_2008 windows_vista windows_xp
|
Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path'
|
NVD-CWE-Other
|
CVE-2007-6753
|
2016-11-29 04:06 |
2012-03-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244535
|
10.0 |
HIGH
|
dotnetnuke
|
dotnetnuke
|
** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack …
|
NVD-CWE-Other
|
CVE-2006-3601
|
2016-11-29 04:06 |
2006-07-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244536
|
7.5 |
HIGH
|
shadowed_portal
|
shadowed_portal
|
PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php…
|
NVD-CWE-Other
|
CVE-2006-4885
|
2016-11-29 04:06 |
2006-09-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244537
|
7.5 |
HIGH
|
sun
|
java_system_web_proxy_server
|
Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors.
|
NVD-CWE-Other
|
CVE-2005-1232
|
2016-11-29 04:06 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244538
|
7.2 |
HIGH
|
gnu gentoo
|
aspell linux
|
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properl…
|
NVD-CWE-Other
|
CVE-2004-0548
|
2016-11-29 04:06 |
2004-08-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244539
|
4.0 |
MEDIUM
|
pablo_software_solutions
|
baby_ftp_server
|
Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via "…
|
NVD-CWE-Other
|
CVE-2003-1299
|
2016-11-29 04:06 |
2003-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244540
|
5.0 |
MEDIUM
|
atari
|
terminator_3_war_of_the_machines
|
Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a large nickname.
|
CWE-119
バッファエラー
|
CVE-2005-1775
|
2016-11-26 03:27 |
2005-05-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244541
|
7.5 |
HIGH
|
phpstat
|
phpstat
|
setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.
|
CWE-20
不適切な入力確認
|
CVE-2005-1787
|
2016-11-26 03:27 |
2005-05-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244542
|
2.6 |
LOW
|
postnuke_software_foundation
|
postnuke
|
Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2005-1778
|
2016-11-26 03:26 |
2005-05-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244543
|
8.5 |
HIGH
ネットワーク
|
ibm
|
tivoli_storage_manager_for_virtual_environments
|
IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-2988
|
2016-11-26 02:09 |
2016-11-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244544
|
6.5 |
MEDIUM
ネットワーク
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors.
|
CWE-20
不適切な入力確認
|
CVE-2016-2996
|
2016-11-26 01:54 |
2016-11-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244545
|
3.6 |
LOW
|
oracle
|
financial_services_software
|
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to…
|
NVD-CWE-noinfo
|
CVE-2012-0545
|
2016-11-26 00:01 |
2012-05-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244546
|
3.6 |
LOW
|
oracle
|
financial_services_software
|
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to…
|
NVD-CWE-noinfo
|
CVE-2012-0546
|
2016-11-26 00:00 |
2012-05-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244547
|
5.5 |
MEDIUM
|
oracle
|
financial_services_software
|
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to…
|
NVD-CWE-noinfo
|
CVE-2012-0567
|
2016-11-25 23:41 |
2012-05-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244548
|
5.0 |
MEDIUM
|
oracle
|
siebel_crm
|
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, …
|
NVD-CWE-noinfo
|
CVE-2013-1510
|
2016-11-25 22:57 |
2013-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244549
|
3.2 |
LOW
|
oracle
|
database_server
|
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via u…
|
NVD-CWE-noinfo
|
CVE-2009-3413
|
2016-11-24 04:42 |
2010-01-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244550
|
4.9 |
MEDIUM
|
oracle
|
database_server
|
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via u…
|
NVD-CWE-noinfo
|
CVE-2009-3414
|
2016-11-24 04:42 |
2010-01-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|