Services
CVE Board
Type de vulnerabilité
CVE
Authentication Issues
110
Buffer Errors
740
Code Injection
499
Configuration
55
Credentials Management
54
Cross-Site Request Forgery (CSRF)
75
Cross-Site Scripting (XSS)
817
Cryptographic Issues
37
Design Error
300
Format String Vulnerability
38
Information Leak / Disclosure
175
Input Validation
377
Insufficient Information
367
Link Following
12
Not in CWE
6
Numeric Errors
143
OS Command Injections
7
Other
14
Path Traversal
355
Permissions, Privileges, and Access Control
295
Race Conditions
13
Resource Management Errors
168
SQL Injection
700
Emacs 21 and XEmacs automatically load and execute ...
field.c in the libid3tag 0.15.0b library allows co ...
The CAPTCHA implementation as used in (1) Francisc ...
Simple Machines Forum (SMF), probably 1.1.4, relie ...
Xiph.org libvorbis before 1.0 does not properly ch ...
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM D ...
The eTrust Common Services (Transport) Daemon (eCS ...
IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 be ...
Foxit Reader 2.2 allows remote attackers to cause ...
The GUI for aptlinex before 0.91 does not sufficie ...
option_Update.asp in Carbon Communities 2.4 and ea ...
Unspecified vulnerability in SmarterMail Web Serve ...
The rfc2231 function in message.c in libclamav in ...
preprocessors/spp_frag3.c in Sourcefire Snort befo ...
ezRADIUS 0.1 stores sensitive information under th ...
The menu system in Drupal 6 before 6.2 has incorre ...
The IBizEBank.FIProfile.1 ActiveX control in fipro ...
MailServer.exe in NoticeWare Email Server 4.6.1.0 ...
Novell NetWare 6.5 allows attackers to cause a den ...
The (1) maketemp and (2) mkstemp builtin functions ...
PowerDNS Recursor before 3.1.5 uses insufficient r ...
The ssm_i emulation in Xen 5.1 on IA64 architectur ...
Double free vulnerability in Web TransferCtrl Clas ...
servlet/MIMEReceiveServlet in the web controller f ...
The connection_state_machine function (connections ...
The send_user_mode function in s_user.c in (1) Und ...
Secure Internet Live Conferencing (SILC) Server be ...
Plone CMS does not record users' authentication st ...
Plone CMS before 3 places a base64 encoded form of ...
The AsteriskGUI HTTP server in Asterisk Open Sourc ...
ClamAV before 0.93 allows remote attackers to caus ...
zabbix_agentd in ZABBIX 1.4.4 allows remote attack ...
The ipsec4_get_ulp function in the kernel in NetBS ...
Unspecified vulnerability in the NetBackup service ...
Untrusted search path and argument injection vulne ...
Unspecified vulnerability in the TFTP server in Pa ...
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 genera ...
Multiple unspecified vulnerabilities in the SMTP s ...
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) fir ...
The ZyXEL P-660HW series router has "admin" as its ...
LiveConnect in Mozilla Firefox before 2.0.0.13 and ...
The administrator interface for Adobe ColdFusion 8 ...
ZyXEL ZyWALL 1050 has a hard-coded password for th ...
Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UD ...
A certain pseudo-random number generator (PRNG) al ...
A certain pseudo-random number generator (PRNG) al ...
A certain pseudo-random number generator (PRNG) al ...
Insecure method vulnerability in the Web Scan Obje ...
The outboxWriteUnsent function in FTPThread.class ...
The tcp_respond function in netinet/tcp_subr.c in ...
The ip6_check_rh0hdr function in netinet6/ip6_inpu ...
Apple QuickTime before 7.4.5 enables deserializati ...
Double-Take 5.0.0.2865 and earlier, distributed un ...
The Mediation server in IPdiva SSL VPN Server 2.2 ...
Apple Safari might allow remote attackers to obtai ...
BEA WebLogic Portal 10.0 and 9.2 through Maintenan ...
freeSSHd 1.2 and earlier allows remote attackers t ...
The LPD server in cyan soft Opium OPI Server 4.10. ...
SNMPd in MicroTik RouterOS 3.2 and earlier allows ...
TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on ...
Multiple unspecified vulnerabilities in Adobe Read ...
Adobe ColdFusion MX 7 and ColdFusion 8 allows remo ...
The init_request_info function in sapi/cgi/cgi_mai ...
Mozilla Firefox before 2.0.0.12 does not always di ...
Mozilla Firefox before 2.0.0.12 and SeaMonkey befo ...
Mozilla Firefox before 2.0.0.12 and Thunderbird be ...
Unspecified vulnerability in the Supervisor Engine ...
The replace_inline_img function in elogd in Electr ...
Unspecified vulnerability in the Upgrade/Downgrade ...
Unspecified vulnerability in the Advanced Queuing ...
Unspecified vulnerability in the XML DB component ...
The ActiveDataInfo.LaunchProcess method in the Sym ...
common.py in Paramiko 1.7.1 and earlier, when usin ...
Unspecified vulnerability in the seat-locking impl ...
ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11 ...
Unspecified vulnerability in the Fileshare module ...
An ActiveX control for Microsoft Visual FoxPro (vf ...
The ipcomp6_input function in sys/netinet6/ipcomp_ ...
Unrestricted file upload vulnerability in GE Fanuc ...
TUTOS 1.3 allows remote attackers to read system i ...
Unspecified vulnerability in the TCP/IP support in ...
The (1) VBScript (VBScript.dll) and (2) JScript (J ...
Unspecified vulnerability in Microsoft Excel 2000 ...
MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, a ...
Unspecified vulnerability in Cisco PIX 500 Series ...
Apache Tomcat 6.0.0 through 6.0.15 processes param ...
The URL rewrite module in Menalto Gallery before 2 ...
The browser plugin in VideoLAN VLC 0.8.6d allows r ...
Format string vulnerability in the httpd_FileCallB ...
The Url_init function in utils/url.c in Netembryo ...
Interpretation conflict in LScube Feng 0.1.15 and ...
LScube Feng 0.1.15 and earlier allows remote attac ...
JIRA Enterprise Edition before 3.12.1 allows remot ...
unp 1.0.12, and other versions before 1.0.14, does ...
Apple Safari 2, when a user accepts an SSL server ...
KDE Konqueror 3.5.5 and 3.95.00, when a user accep ...
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2, Sea ...
form.php in PMOS Help Desk 2.4 and earlier sends a ...
Unspecified vulnerability in RunCMS before 1.6.1 h ...
RunCMS before 1.6.1 does not require entry of the ...
RunCMS before 1.6.1 uses a predictable session id, ...
Websense Enterprise 6.3.1 allows remote attackers ...
The HPRulesEngine.ContentCollection.1 ActiveX Cont ...
Multiple cross-site scripting (XSS) vulnerabilitie ...
Unspecified vulnerability in the Device Manager da ...
The Oracle database component in Sun Management Ce ...
Unspecified vulnerability in Adobe Flash Media Ser ...
The ProcGetReservedColormapEntries function in the ...
The balancer_handler function in mod_proxy_balance ...
The Event Dispatch Thread in Robocode before 1.5.1 ...
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDL ...
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDL ...
Meridian Prolog Manager 2007, and 7.5 and earlier, ...
The federated engine in MySQL 5.0.x before 5.0.51a ...
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, a ...
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 thro ...
Absolute News Manager.NET 5.1 allows remote attack ...
portal/server.pt in the Plumtree portal in BEA Aqu ...
Unspecified vulnerability in Ingate Firewall befor ...
Ingate Firewall before 4.6.0 and SIParator before ...
The SIP component in Ingate Firewall before 4.6.0 ...
Audacity 1.3.2 creates a temporary directory with ...
IBM DB2 UDB 9.1 before Fixpak 4 does not properly ...
Buffer overflow in the Sequencer::queueMessage fun ...
Adobe Flash Player 9.0.115.0 and earlier, and 8.0. ...
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 a ...
The LOB functionality in PEAR MDB2 before 2.5.0a1 ...
Stonesoft StoneGate IPS before 4.0 does not proper ...
Array index error in the XFree86-Misc extension in ...
DenyHosts 2.6 processes OpenSSH sshd "not listed i ...
The Component Object Model (COM) functions in PHP ...
The Nortel UNIStim IP Softphone 2050, IP Phone 114 ...
Mortbay Jetty before 6.1.6rc1 does not properly ha ...
CRLF injection vulnerability in the drupal_goto fu ...
The CS1000 signaling server in Nortel Enterprise V ...
Unspecified vulnerability in Cisco Firewall Servic ...
login.php in Pligg CMS 9.5 uses a guessable confir ...
Basic Analysis and Security Engine (BASE) before 1 ...
Unspecified vulnerability in Opera before 9.24 all ...
The XML DB (XMLDB) component in Oracle Database 9. ...
Distributed Checksum Clearinghouse (DCC) 1.3.65 al ...
libgssapi before 0.6-13.7, as used by the ISC BIND ...
The disable_functions feature in PHP 4 and 5 allow ...
kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Pre ...
The Thomson/Alcatel SpeedTouch 7G router, as used ...
Session fixation vulnerability in Rails before 1.2 ...
The Web Proxy Auto-Discovery (WPAD) feature in Mic ...
Unspecified vulnerability in the vuidmice STREAMS ...
ELSEIF CMS Beta 0.6 does not properly unset variab ...
Hitachi Cosminexus Agent 03-00 through 03-05, and ...
The Java Secure Socket Extension (JSSE) in the Hit ...
Microsoft Internet Explorer 6 drops DNS pins based ...
Opera 9 drops DNS pins based on failed connections ...
Sun Java Runtime Environment (JRE) in JDK and JRE ...
Sun Java Runtime Environment (JRE) in JDK and JRE ...
pngrtran.c in libpng before 1.0.29 and 1.2.x befor ...
Unspecified vulnerability in (1) SYS$EI1000.EXE an ...
Visual truncation vulnerability in the Java Runtim ...
Sun Java Runtime Environment (JRE) in JDK and JRE ...
The default configuration for twiki 4.1.2 on Debia ...
The focus handling for the onkeydown event in Micr ...
SimpGB 1.46.02 stores sensitive information under ...
Red Hat Enterprise Linux 4 does not properly compi ...
** DISPUTED ** PHP remote file inclusion vulnerabi ...
ELinks before 0.11.3, when sending a POST request ...
webbatch.exe in WebBatch allows remote attackers t ...
libpurple in Pidgin before 2.2.1 does not properly ...
Certificate Server 7.2 in Red Hat Certificate Syst ...
ImageMagick before 6.3.5-9 allows context-dependen ...
Argument injection vulnerability in the Linden Lab ...
The canvas.createPattern function in Opera 9.x bef ...
The MySQL extension in PHP 5.2.4 and earlier allow ...
The "You are not allowed..." error handler in XWik ...
Mozilla Firefox before Firefox 2.0.0.13, and SeaMo ...
SimpNews 2.41.03 allows remote attackers to obtain ...
Google Picasa allows remote attackers to read imag ...
Sony Micro Vault Fingerprint Access Software, as d ...
The Thomson ST 2030 SIP phone with software 1.52.1 ...
The Aztech DSL600EU router, when WAN access to the ...
The Application Firewall in Apple Mac OS X 10.5 do ...
The Application Firewall in Apple Mac OS X 10.5 do ...
The Application Firewall in Apple Mac OS X 10.5, w ...
The Networking component in Apple Mac OS X 10.4 th ...
Unspecified vulnerability in the Services API in F ...
Unspecified vulnerability in the server in Firebir ...
Unspecified vulnerability in the server in Firebir ...
Unspecified vulnerability in the (1) attach databa ...
The zend_alter_ini_entry function in PHP before 5. ...
The money_format function in PHP 5 before 5.2.4, a ...
Unrestricted file upload vulnerability in config/u ...
eyeOS uses predictable checksum values in the chec ...
fetchmail before 6.3.9 allows context-dependent at ...
Unspecified vulnerability in Hitachi DABroker befo ...
Struts support in OpenSymphony XWork before 1.2.3, ...
Unreal Commander 0.92 build 565 and 573 lists the ...
Asterisk Open Source 1.4.5 through 1.4.11, when co ...
Unspecified vulnerability in the font parsing impl ...
The ricci daemon in Red Hat Conga 0.10.0 allows re ...
lib/vorbisfile.c in libvorbisfile in Xiph.Org libv ...
** DISPUTED ** Guidance Software EnCase does not p ...
libvorbis 1.1.2, and possibly other versions befor ...
Unspecified vulnerability in the attachment filter ...
The DNS server in Microsoft Windows 2000 Server SP ...
Stampit Web uses guessable id values for online st ...
The Linux kernel before 2.6.23-rc1 checks the wron ...
** DISPUTED ** JWIG might allow context-dependent ...
Safari in Apple iPhone 1.1.1, and Safari 3 before ...
Mail in Apple iPhone 1.1.1, when using SSL, does n ...
The Decomposer component in multiple Symantec prod ...
Multiple unspecified vulnerabilities in NMSDVDXU.D ...
The focus handling for the onkeydown event in Mozi ...
The GD Graphics Library (libgd) before 2.0.35 allo ...
Multiple unspecified vulnerabilities in the GIF re ...
The NCTAudioEditor2 ActiveX control in NCTWMAFile2 ...
The (1) session_save_path, (2) ini_set, and (3) er ...
Multiple "pointer overwrite" vulnerabilities in In ...
Multiple array index errors in the (1) get_intra_b ...
A certain ActiveX control in the EDraw Office View ...
Mozilla Firefox before 2.0.0.5 does not prevent us ...
The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PR ...
The sandbox for vim allows dangerous functions suc ...
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, ...
The Prototype (prototypejs) framework before 1.5.1 ...
Progress Webspeed Messenger allows remote attacker ...
rpcrt4.dll (aka the RPC runtime library) in Micros ...
The default SSL cipher configuration in Apache Tom ...
zoo decoder 2.10 (zoo-2.10), as used in multiple p ...
Perl-Compatible Regular Expression (PCRE) library ...
Perl-Compatible Regular Expression (PCRE) library ...
nf_conntrack in netfilter in the Linux kernel befo ...
Mozilla Firefox before 2.0.0.8 and SeaMonkey befor ...
Microsoft Internet Explorer 5.01 SP4 on Windows 20 ...
Clam AntiVirus ClamAV before 0.90 does not close o ...
The DWUpdateService ActiveX control in the agent ( ...
Unspecified vulnerability in the kernel in Microso ...
Perl-Compatible Regular Expression (PCRE) library ...
The libike library, as used by in.iked, elfsign, a ...
MyODBC Japanese conversion edition 3.51.06, 2.50.2 ...
FileZilla Server before 0.9.22 allows remote attac ...
fail2ban 0.7.4 and earlier does not properly parse ...
DenyHosts 2.5 does not properly parse sshd log fil ...
Unspecified vulnerability in the log analyzer in W ...
The Database module in Moodle before 1.6.2 does no ...
The get_server_hello function in the SSLv2 client ...
