| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Pacemaker before 1.1.6 configure script creates temporary files insecurely |
| Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. |
| Snare for Linux before 1.7.0 has CSRF in the web interface. |
| Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword. |
| An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011. |
| Koala Framework before 2011-11-21 has XSS via the request_uri parameter. |
| Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password. |
| hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request. |
| nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) |
| tog-Pegasus has a package hash collision DoS vulnerability |
| cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE |
| cobbler: Web interface lacks CSRF protection when using Django framework |
| ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13) |
| Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php. |
| Joomla! 1.7.1 has core information disclosure due to inadequate error checking. |
| gpw generates shorter passwords than required |
| Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104 |
| mpack 1.6 has information disclosure via eavesdropping on mails sent by other users |
| In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat. |
| Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*. |
