Vulnerabilities (CVE)

Filtered by CWE-16
Total 269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4221 1 Restlet 1 Restlet 2025-04-11 7.5 HIGH N/A
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
CVE-2011-4504 2 Genmei Mori, Zyxel 2 Pseudoics, P-330w Router 2025-04-11 7.5 HIGH N/A
The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
CVE-2013-3051 2 Motorola, Qualcomm 5 Android, Atrix Hd, Razr Hd and 2 more 2025-04-11 6.2 MEDIUM N/A
The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596.
CVE-2013-4316 2 Apache, Oracle 4 Struts, Flexcube Private Banking, Mysql Enterprise Monitor and 1 more 2025-04-11 10.0 HIGH N/A
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
CVE-2010-4586 1 Opera 1 Opera Browser 2025-04-11 10.0 HIGH N/A
The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508.
CVE-2011-1400 2 Canonical, Debian 3 Ubuntu Linux, Debian Linux, Tex-common 2025-04-11 6.8 MEDIUM N/A
The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.
CVE-2009-5120 1 Websense 2 Websense Web Filter, Websense Web Security 2025-04-11 4.3 MEDIUM N/A
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
CVE-2009-2750 1 Ibm 1 Websphere Service Registry And Repository 2025-04-11 5.5 MEDIUM N/A
IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query.
CVE-2012-0147 1 Microsoft 1 Forefront Unified Access Gateway 2025-04-11 5.0 MEDIUM N/A
Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
CVE-2013-5167 1 Apple 1 Mac Os X 2025-04-11 5.0 MEDIUM N/A
CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.
CVE-2012-1909 1 Bitcoin 2 Bitcoin Core, Wxbitcoin 2025-04-11 5.0 MEDIUM N/A
The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction.
CVE-2010-2945 1 Simone Rota 1 Slim Simple Login Manager 2025-04-11 6.9 MEDIUM N/A
The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.
CVE-2010-4312 1 Apache 1 Tomcat 2025-04-11 6.4 MEDIUM N/A
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
CVE-2013-1221 1 Cisco 1 Unified Customer Voice Portal 2025-04-11 10.0 HIGH N/A
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.
CVE-2011-1406 1 Mahara 1 Mahara 2025-04-11 4.3 MEDIUM N/A
Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.
CVE-2010-3315 1 Apache 1 Subversion 2025-04-11 6.0 MEDIUM N/A
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
CVE-2011-4506 1 Technicolor 2 Tg585 Router, Tg585 Router Firmware 2025-04-11 7.5 HIGH N/A
The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
CVE-2011-2166 1 Dovecot 1 Dovecot 2025-04-11 6.5 MEDIUM N/A
script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
CVE-2013-1451 1 Microsoft 1 Internet Explorer 2025-04-11 4.0 MEDIUM N/A
Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.
CVE-2013-7293 1 Asus 1 Wl-330nul 2025-04-11 5.0 MEDIUM N/A
The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname.