258501
|
4.3 |
MEDIUM
|
monkeysaudio
|
monkey\'s_audio
|
Monkey's Audio before 4.02 allows remote attackers to cause a denial of service (application crash) via a malformed APE file.
|
CWE-399
リソース管理の問題
|
CVE-2009-5075
|
2011-05-24 13:00 |
2011-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258502
|
5.0 |
MEDIUM
|
php
|
php
|
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archi…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-1460
|
2011-05-24 13:00 |
2007-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258503
|
10.0 |
HIGH
|
ffmpeg mplayerhq mandriva
|
ffmpeg mplayer corporate_server enterprise_server linux
|
Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mand…
|
NVD-CWE-noinfo
|
CVE-2011-2162
|
2011-05-23 13:00 |
2011-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258504
|
7.8 |
HIGH
|
trend_micro
|
serverprotect_earthagent
|
Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allow…
|
CWE-399
リソース管理の問題
|
CVE-2005-1928
|
2011-05-20 13:00 |
2005-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258505
|
7.5 |
HIGH
|
eric_fichot
|
downfile
|
DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2005-2819
|
2011-05-19 13:00 |
2005-09-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258506
|
7.2 |
HIGH
|
realnetworks
|
realone_player realplayer
|
Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2005-2936
|
2011-05-19 13:00 |
2005-11-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258507
|
4.3 |
MEDIUM
|
horde
|
horde
|
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2005-3570
|
2011-05-19 13:00 |
2005-11-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258508
|
7.5 |
HIGH
|
sun
|
java_communications_services_delegated_administrator
|
Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (…
|
NVD-CWE-noinfo
|
CVE-2005-4045
|
2011-05-19 13:00 |
2005-12-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258509
|
9.3 |
HIGH
|
apple
|
quicktime
|
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-define…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-2388
|
2011-05-18 13:00 |
2007-05-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258510
|
5.0 |
MEDIUM
|
cisco
|
cli cbos ids ios ios_xr
|
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions…
|
NVD-CWE-noinfo CWE-20
不適切な入力確認
|
CVE-2007-4430
|
2011-05-18 13:00 |
2007-08-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258511
|
10.0 |
HIGH
|
aertherwide
|
exiftags
|
Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability t…
|
NVD-CWE-noinfo
|
CVE-2007-6354
|
2011-05-13 13:00 |
2007-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258512
|
10.0 |
HIGH
|
aertherwide
|
exiftags
|
Integer overflow in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2…
|
NVD-CWE-noinfo CWE-189
数値処理の問題
|
CVE-2007-6355
|
2011-05-13 13:00 |
2007-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258513
|
6.5 |
MEDIUM
|
oracle
|
database_server warehouse_builder
|
Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 (OWB) and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and a…
|
NVD-CWE-noinfo
|
CVE-2011-0792
|
2011-05-12 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258514
|
7.8 |
HIGH
|
ibm
|
db2
|
IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger …
|
CWE-119
バッファエラー
|
CVE-2007-5652
|
2011-05-12 13:00 |
2007-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258515
|
2.1 |
LOW
|
skype
|
skype_for_android
|
Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of bir…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-1717
|
2011-05-12 04:25 |
2011-04-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258516
|
5.0 |
MEDIUM
|
fedoraproject
|
389_directory_server
|
Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved application…
|
CWE-399
リソース管理の問題
|
CVE-2010-4746
|
2011-05-11 13:00 |
2011-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258517
|
5.0 |
MEDIUM
|
zeus
|
zeus_web_server
|
Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses.
|
CWE-310
暗号の問題
|
CVE-2010-0362
|
2011-05-6 13:00 |
2010-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258518
|
5.0 |
MEDIUM
|
scottmac
|
libmbfl
|
The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (a…
|
CWE-20
不適切な入力確認
|
CVE-2010-4156
|
2011-05-4 11:52 |
2010-11-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258519
|
6.8 |
MEDIUM
|
php
|
php
|
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbi…
|
CWE-134
書式文字列の問題
|
CVE-2010-2950
|
2011-05-4 11:49 |
2010-09-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258520
|
7.5 |
HIGH
|
arco_van_geest
|
goof_fotoboek
|
Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors.
|
CWE-22
パス・トラバーサル
|
CVE-2010-0350
|
2011-05-2 13:00 |
2010-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258521
|
5.0 |
MEDIUM
|
typo3
|
kiddog_mysqldumper
|
Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
|
NVD-CWE-noinfo
|
CVE-2010-0336
|
2011-04-29 13:00 |
2010-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258522
|
7.5 |
HIGH
|
typo3
|
dl3_tt_news_alerts
|
SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-0337
|
2011-04-29 13:00 |
2010-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258523
|
7.5 |
HIGH
|
typo3
|
vm19_userlinks
|
SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-0339
|
2011-04-29 13:00 |
2010-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258524
|
7.5 |
HIGH
|
typo3
|
mjseventpro
|
SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-0340
|
2011-04-29 13:00 |
2010-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258525
|
7.5 |
HIGH
|
typo3
|
bb_simplejobs
|
SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-0341
|
2011-04-29 13:00 |
2010-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258526
|
7.5 |
HIGH
|
typo3
|
job_reports
|
SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-0342
|
2011-04-29 13:00 |
2010-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258527
|
7.5 |
HIGH
|
typo3
|
pb_clanlist
|
SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-0343
|
2011-04-29 13:00 |
2010-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258528
|
7.5 |
HIGH
|
typo3
|
zak_store_management
|
SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-0344
|
2011-04-29 13:00 |
2010-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258529
|
4.3 |
MEDIUM
|
typo3
|
mimi_tipfriends
|
Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-0346
|
2011-04-29 13:00 |
2010-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258530
|
4.3 |
MEDIUM
|
typo3
|
vd_gemomap
|
Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-0347
|
2011-04-29 13:00 |
2010-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258531
|
5.0 |
MEDIUM
|
c-3.co.jp
|
webcalenderc3
|
Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to read arbitrary files via unknown vectors.
|
CWE-22
パス・トラバーサル
|
CVE-2010-0348
|
2011-04-29 13:00 |
2010-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258532
|
4.3 |
MEDIUM
|
c-3.co.jp
|
webcalenderc3
|
Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-0349
|
2011-04-29 13:00 |
2010-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258533
|
7.8 |
HIGH
|
juniper
|
junos
|
Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session fla…
|
CWE-20
不適切な入力確認
|
CVE-2007-6372
|
2011-04-29 13:00 |
2007-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258534
|
6.9 |
MEDIUM
|
apple
|
mac_os_x
|
Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via c…
|
CWE-16
環境設定
|
CVE-2011-0639
|
2011-04-28 13:00 |
2011-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258535
|
7.5 |
HIGH
|
suse
|
opensuse suse_linux
|
SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-0230
|
2011-04-28 13:00 |
2010-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258536
|
10.0 |
HIGH
|
ibm
|
lotus_domino
|
Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long str…
|
CWE-119
バッファエラー
|
CVE-2010-0358
|
2011-04-28 13:00 |
2010-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258537
|
10.0 |
HIGH
|
sun
|
java_system_web_server
|
Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request…
|
CWE-20
不適切な入力確認
|
CVE-2010-0360
|
2011-04-28 13:00 |
2010-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258538
|
10.0 |
HIGH
|
sun
|
java_system_web_server
|
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and poss…
|
CWE-119
バッファエラー
|
CVE-2010-0361
|
2011-04-28 13:00 |
2010-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258539
|
2.1 |
LOW
|
tor
|
tor
|
Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for…
|
CWE-200
情報漏えい
|
CVE-2010-0384
|
2011-04-27 13:00 |
2010-01-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258540
|
6.8 |
MEDIUM
|
fetchmail
|
fetchmail
|
The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (applic…
|
CWE-119
バッファエラー
|
CVE-2010-0562
|
2011-04-27 13:00 |
2010-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258541
|
10.0 |
HIGH
|
hp
|
palm_pre_webos
|
Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors related to an "included contact template file."
|
NVD-CWE-noinfo
|
CVE-2009-5071
|
2011-04-27 13:00 |
2011-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258542
|
10.0 |
HIGH
|
novell
|
groupwise
|
Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in …
|
CWE-399
リソース管理の問題
|
CVE-2010-4711
|
2011-04-27 05:54 |
2011-02-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258543
|
10.0 |
HIGH
|
novell
|
groupwise
|
Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header conta…
|
CWE-119
バッファエラー
|
CVE-2010-4712
|
2011-04-27 05:16 |
2011-02-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258544
|
10.0 |
HIGH
|
novell
|
groupwise
|
Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-T…
|
CWE-189
数値処理の問題
|
CVE-2010-4713
|
2011-04-26 13:00 |
2011-02-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258545
|
10.0 |
HIGH
|
novell
|
groupwise
|
Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwm…
|
CWE-119
バッファエラー
|
CVE-2010-4714
|
2011-04-26 13:00 |
2011-02-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258546
|
9.3 |
HIGH
|
moxa
|
device_manager mdm_tool
|
Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port …
|
CWE-119
バッファエラー
|
CVE-2010-4741
|
2011-04-26 13:00 |
2011-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258547
|
10.0 |
HIGH
|
moxa
|
activex_sdk
|
Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property valu…
|
CWE-119
バッファエラー
|
CVE-2010-4742
|
2011-04-26 13:00 |
2011-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258548
|
4.3 |
MEDIUM
|
novell
|
opensuse_build_service
|
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-0462
|
2011-04-22 13:00 |
2011-04-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258549
|
4.0 |
MEDIUM
|
ibm
|
tivoli_directory_server
|
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search.
|
CWE-399
リソース管理の問題
|
CVE-2011-1821
|
2011-04-21 19:55 |
2011-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
258550
|
2.1 |
LOW
|
ibm
|
tivoli_directory_server
|
The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitiv…
|
CWE-255
証明書・パスワード管理
|
CVE-2011-1822
|
2011-04-21 19:55 |
2011-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|