http://web.nvd.nist.gov/view/vuln/searchThis feed contains the most recent fully analyzed CVE cyber vulnerabilities published within the National Vulnerability Database.en-usThis material is not copywritten and may be freely used, however, attribution is requested.2012-05-16T03:33:58-05:00nvd@nist.govhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3085The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values.2012-05-15http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3084Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page.2012-05-15http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3083browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page.2012-05-15http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1248app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain.2012-05-15http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1247Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions.2012-05-15http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1246Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie.2012-05-15http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2612The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.2012-05-15http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2611The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.2012-05-15http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2514The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.2012-05-15http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2513The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.2012-05-15http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2512The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.2012-05-15http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2511The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.2012-05-15http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2333Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.2012-05-14http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2277The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands.2012-05-14http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2276The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number.2012-05-14http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1390SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.2012-05-14http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1804The OPC server in Progea Movicon before 11.3 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted HTTP request.2012-05-14