Vulnerabilities (CVE)

Filtered by CWE-20
Total 10666 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-3003 1 Siemens 1 Wincc 2012-06-12 5.8 MEDIUM N/A
Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request.
CVE-2007-5540 1 Opera 1 Opera Browser 2012-06-07 7.5 HIGH N/A
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.
CVE-2008-1080 1 Opera 1 Opera Browser 2012-06-07 6.8 MEDIUM N/A
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input.
CVE-2011-1159 1 Tedfelix 1 Acpid 2012-05-14 2.1 LOW N/A
acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.
CVE-2011-4231 1 Cisco 2 Ios, Ios Xe 2012-05-11 6.3 MEDIUM N/A
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128.
CVE-2012-0674 1 Apple 1 Iphone Os 2012-05-08 4.3 MEDIUM N/A
Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.
CVE-2011-5086 1 Nsoftware 1 Unitronics Uniopc 2012-04-20 6.8 MEDIUM N/A
https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site.
CVE-2011-4871 1 Opcsystems 1 Opcsystems.net 2012-04-20 5.0 MEDIUM N/A
Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723.
CVE-2011-4883 1 Atvise 1 Webmi2ads 2012-04-13 5.0 MEDIUM N/A
The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service (resource consumption) via a crafted request.
CVE-2012-0221 1 Rockwellautomation 2 Factorytalk, Rslogix 5000 2012-04-03 5.0 MEDIUM N/A
The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet.
CVE-2010-1181 1 Apple 2 Iphone Os, Ipod Touch 2012-03-30 4.3 MEDIUM N/A
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.
CVE-2012-1472 1 Vmware 1 Vcenter Chargeback Manager 2012-03-13 6.4 MEDIUM N/A
VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors.
CVE-2011-2772 1 Mahara 1 Mahara 2012-03-12 5.0 MEDIUM N/A
The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image.
CVE-2011-4249 1 Realnetworks 1 Realplayer 2012-03-08 10.0 HIGH N/A
Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-4685 1 Opera 1 Opera Browser 2012-03-06 5.0 MEDIUM N/A
Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com.
CVE-2011-5079 2 Netcreators, Typo3 2 Irfaq, Typo3 2012-02-29 5.8 MEDIUM N/A
Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter."
CVE-2012-1191 1 D.j.bernstein 1 Djbdns 2012-02-20 6.4 MEDIUM N/A
The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
CVE-2010-1645 1 Cacti 1 Cacti 2012-02-16 6.5 MEDIUM N/A
Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.
CVE-2011-3496 1 Measuresoft 1 Scadapro 2012-02-14 10.0 HIGH N/A
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
CVE-2011-2628 1 Opera 1 Opera Browser 2012-02-14 10.0 HIGH N/A
Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.