256501
|
4.0 |
MEDIUM
|
openssl
|
openssl
|
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obt…
|
CWE-310
暗号の問題
|
CVE-2011-5095
|
2012-06-21 13:00 |
2012-06-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256502
|
4.3 |
MEDIUM
|
kent-web
|
web_patio
|
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-2636
|
2012-06-20 13:00 |
2012-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256503
|
4.3 |
MEDIUM
|
kent-web
|
web_patio
|
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-2637
|
2012-06-20 13:00 |
2012-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256504
|
4.3 |
MEDIUM
|
wap2
|
smallpict
|
Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT before 2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-2638
|
2012-06-20 13:00 |
2012-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256505
|
7.6 |
HIGH
|
opera
|
opera_browser
|
Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks…
|
NVD-CWE-noinfo
|
CVE-2012-3555
|
2012-06-20 13:00 |
2012-06-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256506
|
10.0 |
HIGH
|
interactivedata
|
esignal
|
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR …
|
CWE-119
バッファエラー
|
CVE-2011-3494
|
2012-06-20 13:00 |
2011-09-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256507
|
7.5 |
HIGH
|
dell
|
wyse_device_manager
|
Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe.
|
CWE-119
バッファエラー
|
CVE-2009-0693
|
2012-06-20 13:00 |
2012-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256508
|
7.5 |
HIGH
|
mozilla
|
firefox seamonkey thunderbird
|
Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote att…
|
CWE-399
リソース管理の問題
|
CVE-2011-3671
|
2012-06-19 13:00 |
2012-06-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256509
|
3.3 |
LOW
|
gnu
|
gnash
|
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/g…
|
CWE-59
リンク解釈の問題
|
CVE-2010-4337
|
2012-06-19 12:35 |
2011-01-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256510
|
2.6 |
LOW
|
seil
|
b1 x1 x2 b1_firmware x86_firmware
|
SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are en…
|
NVD-CWE-Other
|
CVE-2012-2632
|
2012-06-18 13:00 |
2012-06-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256511
|
2.6 |
LOW
|
newsgator
|
feeddemon
|
Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when the feed preview option is enabled, allows remote attackers to inject arbitrary web script or HTML via a feed.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-2634
|
2012-06-18 13:00 |
2012-06-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256512
|
4.3 |
MEDIUM
|
dolphin-browser
|
dolphin_browser_hd dolphin_for_pad
|
The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive i…
|
CWE-200
情報漏えい
|
CVE-2012-2635
|
2012-06-18 13:00 |
2012-06-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256513
|
4.3 |
MEDIUM
|
atmarkweb
|
\@web_shoppingcart_t \@web_shoppingcart
|
Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart before 1.5.2.0, and @WEB ShoppingCart T 1.5.0.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-2631
|
2012-06-15 23:55 |
2012-06-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256514
|
5.0 |
MEDIUM
|
opera
|
opera_browser
|
Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive informatio…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-3557
|
2012-06-15 22:45 |
2012-06-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256515
|
9.3 |
HIGH
|
opera
|
opera_browser
|
Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to condu…
|
CWE-20
不適切な入力確認
|
CVE-2012-3556
|
2012-06-15 22:39 |
2012-06-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256516
|
7.8 |
HIGH
|
vmware
|
workstation player esx esxi
|
VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) v…
|
CWE-94
コード・インジェクション
|
CVE-2012-3289
|
2012-06-15 13:00 |
2012-06-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256517
|
2.6 |
LOW
|
opera
|
opera_browser
|
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-3558
|
2012-06-15 13:00 |
2012-06-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256518
|
4.3 |
MEDIUM
|
opera
|
opera_browser
|
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by de…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-3560
|
2012-06-15 13:00 |
2012-06-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256519
|
10.0 |
HIGH
|
cisco
|
unified_communications_manager unified_presence_server
|
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr …
|
CWE-200
情報漏えい
|
CVE-2011-1643
|
2012-06-15 13:00 |
2011-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256520
|
7.8 |
HIGH
|
cisco
|
unified_communications_manager
|
The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial …
|
CWE-399
リソース管理の問題
|
CVE-2011-2560
|
2012-06-15 13:00 |
2011-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256521
|
7.1 |
HIGH
|
cisco
|
unified_communications_manager
|
The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain sit…
|
CWE-399
リソース管理の問題
|
CVE-2011-2561
|
2012-06-15 13:00 |
2011-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256522
|
7.8 |
HIGH
|
cisco
|
unified_communications_manager
|
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows rem…
|
NVD-CWE-noinfo
|
CVE-2011-2562
|
2012-06-15 13:00 |
2011-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256523
|
5.1 |
MEDIUM
|
redhat
|
system-config-printer
|
pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) Net…
|
CWE-20
不適切な入力確認
|
CVE-2011-2899
|
2012-06-15 13:00 |
2011-09-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256524
|
7.2 |
HIGH
|
ibm
|
infosphere_datastage infosphere_information_server
|
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-3123
|
2012-06-15 13:00 |
2011-08-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256525
|
7.2 |
HIGH
|
ibm
|
infosphere_datastage infosphere_information_server
|
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which al…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-3124
|
2012-06-15 13:00 |
2011-08-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256526
|
6.8 |
MEDIUM
|
perforce
|
perforce_server
|
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.
|
CWE-22
パス・トラバーサル
|
CVE-2010-0933
|
2012-06-15 13:00 |
2010-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256527
|
4.3 |
MEDIUM
|
cisco
|
spa8000_8-port_ip_telephony_gateway_firmware spa8000_8-port_ip_telephony_gateway spa8800_8-port_ip_telephony_gateway_firmware spa8800_ip_telephony_gateway spa2102_phone_adapter_with_route…
|
Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-2545
|
2012-06-14 13:00 |
2012-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256528
|
3.5 |
LOW
|
bradfordnetworks
|
network_sentry_appliance_software network_sentry_appliance
|
Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote au…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-2604
|
2012-06-14 00:55 |
2012-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256529
|
6.8 |
MEDIUM
|
bradfordnetworks
|
network_sentry_appliance_software network_sentry_appliance
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrator…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-2605
|
2012-06-14 00:55 |
2012-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256530
|
5.0 |
MEDIUM
|
bradfordnetworks
|
network_sentry_appliance_software network_sentry_appliance
|
The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted p…
|
CWE-287
不適切な認証
|
CVE-2012-2606
|
2012-06-14 00:55 |
2012-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256531
|
4.3 |
MEDIUM
|
adobe
|
coldfusion
|
CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via un…
|
CWE-94
コード・インジェクション
|
CVE-2012-2041
|
2012-06-13 13:46 |
2012-06-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256532
|
4.3 |
MEDIUM
|
forescout
|
counteract
|
Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web s…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-1825
|
2012-06-12 13:00 |
2012-06-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256533
|
4.3 |
MEDIUM
|
siemens
|
wincc
|
Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-2595
|
2012-06-12 13:00 |
2012-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256534
|
5.5 |
MEDIUM
|
siemens
|
wincc
|
The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to …
|
CWE-94
コード・インジェクション
|
CVE-2012-2596
|
2012-06-12 13:00 |
2012-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256535
|
4.0 |
MEDIUM
|
siemens
|
wincc
|
Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL.
|
CWE-22
パス・トラバーサル
|
CVE-2012-2597
|
2012-06-12 13:00 |
2012-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256536
|
4.3 |
MEDIUM
|
siemens
|
wincc
|
Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input.
|
CWE-119
バッファエラー
|
CVE-2012-2598
|
2012-06-12 13:00 |
2012-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256537
|
5.1 |
MEDIUM
|
bmc
|
identity_management_suite
|
Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrato…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-2959
|
2012-06-12 13:00 |
2012-06-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256538
|
5.8 |
MEDIUM
|
siemens
|
wincc
|
Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks vi…
|
CWE-20
不適切な入力確認
|
CVE-2012-3003
|
2012-06-12 13:00 |
2012-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256539
|
10.0 |
HIGH
|
google acer samsung
|
chrome_os ac700_chromebook cr-48_chromebook chromebox_3 series_5_550_chromebook series_5_chromebook
|
Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack ve…
|
NVD-CWE-noinfo
|
CVE-2012-3290
|
2012-06-12 13:00 |
2012-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256540
|
6.8 |
MEDIUM
|
bloxx
|
web_filtering
|
Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication …
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-3343
|
2012-06-11 13:00 |
2012-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256541
|
6.8 |
MEDIUM
|
janetter
|
janetter
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-1236
|
2012-06-9 12:41 |
2012-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256542
|
4.3 |
MEDIUM
|
cisco
|
ciscoworks_common_services
|
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary H…
|
CWE-94
コード・インジェクション
|
CVE-2011-4237
|
2012-06-9 12:38 |
2012-05-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256543
|
6.8 |
MEDIUM
|
cisco
|
secure_access_control_server
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2011-3293
|
2012-06-9 12:36 |
2012-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256544
|
4.3 |
MEDIUM
|
cisco
|
secure_access_control_server
|
Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecifie…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-3317
|
2012-06-9 12:36 |
2012-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256545
|
7.5 |
HIGH
|
opera
|
opera_browser
|
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.
|
CWE-20
不適切な入力確認
|
CVE-2007-5540
|
2012-06-8 06:14 |
2007-10-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256546
|
4.3 |
MEDIUM
|
opera
|
opera_browser
|
Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handl…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-1082
|
2012-06-8 03:06 |
2008-02-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256547
|
6.8 |
MEDIUM
|
opera
|
opera_browser
|
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.
|
CWE-94
コード・インジェクション
|
CVE-2008-1081
|
2012-06-8 03:02 |
2008-02-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256548
|
6.8 |
MEDIUM
|
opera
|
opera_browser
|
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input.
|
CWE-20
不適切な入力確認
|
CVE-2008-1080
|
2012-06-8 02:58 |
2008-02-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256549
|
4.3 |
MEDIUM
|
opera
|
opera_browser
|
Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.
|
NVD-CWE-Other
|
CVE-2008-5681
|
2012-06-8 02:24 |
2008-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
256550
|
4.3 |
MEDIUM
|
opera
|
opera_browser
|
Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-5682
|
2012-06-8 02:22 |
2008-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|