CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2011-0697 Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file u... | N/A | NONE | — | 0 |
| CVE-2011-0698 Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session c... | N/A | NONE | — | 0 |
| CVE-2025-5895 A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to ineff... | 4.3 | MEDIUM | — | 0 |
| CVE-2011-0702 The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file. | N/A | NONE | — | 0 |
| CVE-2011-0986 phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the ... | N/A | NONE | — | 0 |
| CVE-2011-0987 The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remo... | N/A | NONE | — | 0 |
| CVE-2011-1029 Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report. | N/A | NONE | — | 0 |
| CVE-2011-1030 Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page... | N/A | NONE | — | 0 |
| CVE-2011-1031 The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability th... | N/A | NONE | — | 0 |
| CVE-2008-7274 IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2)... | N/A | NONE | — | 0 |
| CVE-2010-4730 Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100... | N/A | NONE | — | 0 |
| CVE-2010-4731 Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter N... | N/A | NONE | — | 0 |
| CVE-2010-4732 cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote au... | N/A | NONE | — | 0 |
| CVE-2010-4733 WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms have a default username and password... | N/A | NONE | — | 0 |
| CVE-2011-1032 IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. | N/A | NONE | — | 0 |
| CVE-2011-1033 Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment opt... | N/A | NONE | — | 0 |
| CVE-2010-2928 The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this fi... | N/A | NONE | — | 0 |
| CVE-2011-0654 Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3... | N/A | NONE | — | 0 |
| CVE-2010-4734 Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the ... | N/A | NONE | — | 0 |
| CVE-2010-4735 SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter. | N/A | NONE | — | 0 |
| CVE-2010-4736 SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtaine... | N/A | NONE | — | 0 |
| CVE-2010-4737 SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter. | N/A | NONE | — | 0 |
| CVE-2010-4738 Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city... | N/A | NONE | — | 0 |
| CVE-2010-4739 SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.... | N/A | NONE | — | 0 |
| CVE-2010-4740 Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a status... | N/A | NONE | — | 0 |
| CVE-2011-1034 Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Build Forge 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter to the fullcontrol program. N... | N/A | NONE | — | 0 |
| CVE-2010-3272 accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and conseq... | N/A | NONE | — | 0 |
| CVE-2010-3273 ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to account... | N/A | NONE | — | 0 |
| CVE-2010-3274 Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject ar... | N/A | NONE | — | 0 |
| CVE-2011-0355 Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS u... | N/A | NONE | — | 0 |
| CVE-2011-0533 Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrar... | N/A | NONE | — | 0 |
| CVE-2010-4447 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untru... | N/A | NONE | — | 0 |
| CVE-2010-4448 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted... | N/A | NONE | — | 0 |
| CVE-2010-4450 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; ... | N/A | NONE | — | 0 |
| CVE-2010-4451 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect c... | N/A | NONE | — | 0 |
| CVE-2010-4452 Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applicati... | N/A | NONE | — | 0 |
| CVE-2010-4454 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attac... | N/A | NONE | — | 0 |
| CVE-2010-4462 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attac... | N/A | NONE | — | 0 |
| CVE-2010-4463 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untruste... | N/A | NONE | — | 0 |
| CVE-2010-4465 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untru... | N/A | NONE | — | 0 |
| CVE-2010-4466 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows;... | N/A | NONE | — | 0 |
| CVE-2010-4467 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untruste... | N/A | NONE | — | 0 |
| CVE-2010-4468 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start a... | N/A | NONE | — | 0 |
| CVE-2010-4469 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untru... | N/A | NONE | — | 0 |
| CVE-2010-4470 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors... | N/A | NONE | — | 0 |
| CVE-2010-4471 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start ap... | N/A | NONE | — | 0 |
| CVE-2010-4472 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital S... | N/A | NONE | — | 0 |
| CVE-2010-4473 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attac... | N/A | NONE | — | 0 |
| CVE-2010-4474 Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Sec... | N/A | NONE | — | 0 |
| CVE-2010-4475 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untru... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.