The Open Source Vulnerability Database

OSVDB is an independent and open source database created by and for the community.
Our goal is to provide accurate, detailed, current, and unbiased technical information.
The database currently covers 61,226 vulnerabilities, spanning 26,590 products from 4,735 researchers, over 45 years.

Latest OSVDB Vulnerabilities Feed

62192 Disclosed: 2010-01-18 SAP BusinessObjects PlatformServices/preferences.do service Arbitrary Site Redirect
62191 Disclosed: 2010-01-18 SAP BusinessObjects PerformanceManagement/jsp/viewCrystalReport.jsp sReportMode Parameter Arbitrary Site Redirect
62190 Disclosed: 2010-01-18 SAP BusinessObjects PerformanceManagement/scripts/docLoadUrl.jsp name Parameter Arbitrary Site Redirect
62189 Disclosed: 2010-01-18 SAP BusinessObjects CrystalReports/jsp/common/progress.jsp name Parameter Arbitrary Site Redirect
62188 Disclosed: 2010-01-18 SAP BusinessObjects CmcApp/App/frameset.jsp name Parameter Arbitrary Site Redirect
62187 Disclosed: 2010-02-05 Samba sid_parse Stack Overflow
62186 Disclosed: 2010-01-29 Samba mount.cifs Symlink Arbitrary File Access
62185 Disclosed: 2010-02-03 Oracle Database DBMS_JAVA.SET_OUTPUT_TO_JAVA Procedure Argument Handling Privilege Escalation
62184 Disclosed: 2010-02-03 Oracle Database DBMS_JVM_EXP_PERMS Package IMPORT_JVM_PERMS Function Privilege Escalation
62183 Disclosed: 2010-02-01 Oracle Times-Ten In-Memory Database timestend Process Remote DoS

Support OSVDB!

Visit the Support Page for other support options.

OSVDB News Feed

2010-02-06Open Security Foundation - State of the Union 2010
Osvdbnews
2010-01-31January Update: OSVDB Winter 2010 Fundraising Goal
2010-01-24Microsoft, Aurora and something about forest and trees?
2010-01-04Challenge: OSVDB Winter 2010 Fundraising Goal
2009-12-19Adobe, Qualys, CVE and Math
2009-12-08OSVDB 2009 Q4 Changelog
2009-11-21Creditee System Overhauled
2009-11-15Responsible Disclosure - Old Debate, Fresh Aspects?!
2009-11-09Search Filters & Custom Exports
2009-11-09What I learned from early CVE entries

Sponsors

Sponsor

Quick Searches

Twitter Feed

Vulnerabilities in OSVDB disclosed by type by quarter

Chart?cht=lc&chs=400x230&chd=t:61,70,76,66,115,72,91,92,183,147,155,145,201,363,297,498,450,793,369,408,339,353,372,312,406,406,405,284,279,325,364,405|12,22,20,14,17,32,40,61,86,71,85,79,128,328,209,503,337,486,237,395,240,226,233,234,401,497,438,526,283,297,308,165|1,2,0,1,0,0,0,0,1,0,0,0,1,6,3,2,0,4,6,9,14,12,26,29,42,24,41,35,44,30,27,56|2,5,4,15,29,12,6,39,18,13,3,8,48,56,76,63,79,740,901,748,443,509,359,285,254,217,243,192,137,111,175,44|80,106,127,133,92,110,132,116,169,192,179,177,206,234,227,237,263,216,184,199,255,257,259,206,208,195,218,172,201,157,258,144|119,176,196,135,106,190,162,124,154,166,182,251,201,197,154,172,195,197,207,205,245,274,251,226,207,205,177,163,184,230,176,145&chdl=xss|sql%20injection|csrf|file%20inclusion|dos|overflow&chxt=x,x,y&chxl=0:|1|2|3|4|1|2|3|4|1|2|3|4|1|2|3|4|1|2|3|4|1|2|3|4|1|2|3|4|1|2|3|4|1:||2002||||2003||||2004||||2005||||2006||||2007||||2008||||2009|||2:|0|150|300|450|600|750|900&chds=0,901&chco=005588,558800,008877,000000,887700,880011 Chart?chbh=a&cht=bvs&chs=400x230&chd=t:61,70,76,66,115,72,91,92,183,147,155,145,201,363,297,498,450,793,369,408,339,353,372,312,406,406,405,284,279,325,364,405|12,22,20,14,17,32,40,61,86,71,85,79,128,328,209,503,337,486,237,395,240,226,233,234,401,497,438,526,283,297,308,165|1,2,0,1,0,0,0,0,1,0,0,0,1,6,3,2,0,4,6,9,14,12,26,29,42,24,41,35,44,30,27,56|2,5,4,15,29,12,6,39,18,13,3,8,48,56,76,63,79,740,901,748,443,509,359,285,254,217,243,192,137,111,175,44|80,106,127,133,92,110,132,116,169,192,179,177,206,234,227,237,263,216,184,199,255,257,259,206,208,195,218,172,201,157,258,144|119,176,196,135,106,190,162,124,154,166,182,251,201,197,154,172,195,197,207,205,245,274,251,226,207,205,177,163,184,230,176,145&chdl=xss|sql%20injection|csrf|file%20inclusion|dos|overflow&chxt=x,x,y&chxl=0:|1|2|3|4|1|2|3|4|1|2|3|4|1|2|3|4|1|2|3|4|1|2|3|4|1|2|3|4|1|2|3|4|1:||2002||||2003||||2004||||2005||||2006||||2007||||2008||||2009|||2:|0|406|812|1218|1624|2030|2436&chds=0,2436&chco=005588,558800,008877,000000,887700,880011
[view larger version] [view larger version]

Top Viewed Vulnerabilities this week Feed

18293 Views: 502 Belkin 54G Routers Admin Account Default Null Password
61697 Views: 247 Microsoft IE mshtml.dll Use-After-Free Arbitrary Code Execution (Aurora)
382 Views: 212 PostgreSQL Server Default Password
40621 Views: 144 Simple PHP Blog (SPHPBlog) add_link.php link_id Parameter CSRF
877 Views: 137 Multiple Web Server Dangerous HTTP Method TRACE
60980 Views: 130 Adobe Reader / Acrobat Doc.media.newPlayer Use-After-Free Arbitrary Code Execution
3092 Views: 127 Interesting Web Document Found
16866 Views: 122 Terminator 3: War of the Machines Client CD-key Overflow
59968 Views: 120 Microsoft IIS SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
44643 Views: 104 Realtek HD Audio Codec Driver RTKVHDA.sys / RTKVHDA64.sys IOCTL Request Handling Overflow

Top Blogged Vulnerabilities this Month Feed

61697 Blogs: 34 Microsoft IE mshtml.dll Use-After-Free Arbitrary Code Execution (Aurora)
61651 Blogs: 6 Microsoft Windows Embedded OpenType Font Engine LZCOMP Decompressor Font Handling Arbitrary Code Execution
60980 Blogs: 5 Adobe Reader / Acrobat Doc.media.newPlayer Use-After-Free Arbitrary Code Execution
61904 Blogs: 2 Adobe Shockwave Player Crafted 3D Model Memory Corruption Overflow
60521 Blogs: 1 Ingate Firewall/SIParator SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
60832 Blogs: 1 Microsoft Windows Internet Authentication Service Protected Extensible Authentication Protocol (PEAP) Message Handling Remote Memory Corruption
62128 Blogs: 1 Apple iPhone OS Recovery Mode USB Control Message Device Locking Bypass

Blogs provided by Technorati

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2010 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use