Max CVSS 10.0 Min CVSS 2.6 Total Count323
IDCVSSSummaryLast (major) updatePublished
CVE-2015-4071 None
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
18-08-2017 - 14:29 18-08-2017 - 14:29
CVE-2015-7571 6.8
Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2014-9262 5.5
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.
07-08-2017 - 13:29 07-08-2017 - 13:29
CVE-2015-2279 10.0
cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, w
24-07-2017 - 21:29 24-07-2017 - 21:29
CVE-2017-6086 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST
27-06-2017 - 16:29 27-06-2017 - 16:29
CVE-2014-8687 10.0
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
08-06-2017 - 12:29 08-06-2017 - 12:29
CVE-2015-7346 7.5
SQL injection vulnerability in ZCMS 1.1.
07-06-2017 - 17:29 07-06-2017 - 17:29
CVE-2017-8917 7.5
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
17-05-2017 - 19:29 17-05-2017 - 19:29
CVE-2017-5638 10.0
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited i
09-05-2017 - 21:29 10-03-2017 - 21:59
CVE-2015-8257 9.0
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_param
02-05-2017 - 10:59 02-05-2017 - 10:59
CVE-2015-7568 7.5
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
28-04-2017 - 12:26 24-04-2017 - 14:59
CVE-2016-5399 6.8
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
27-04-2017 - 15:54 21-04-2017 - 16:59
CVE-2015-7569 7.5
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
27-04-2017 - 15:15 24-04-2017 - 14:59
CVE-2015-7570 6.4
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lit
27-04-2017 - 13:45 24-04-2017 - 14:59
CVE-2017-8051 10.0
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.
26-04-2017 - 15:48 21-04-2017 - 14:59
CVE-2015-8256 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.
24-04-2017 - 20:40 17-04-2017 - 12:59
CVE-2015-7562 4.3
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
20-04-2017 - 09:41 12-04-2017 - 18:59
CVE-2015-7563 6.8
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.
20-04-2017 - 09:40 12-04-2017 - 18:59
CVE-2015-7564 7.5
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in
20-04-2017 - 08:32 12-04-2017 - 18:59
CVE-2016-4337 7.5
SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.
19-04-2017 - 15:47 12-04-2017 - 18:59
CVE-2014-1677 5.0
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
11-04-2017 - 09:36 03-04-2017 - 11:59
CVE-2014-9916 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname par
07-04-2017 - 19:58 23-02-2017 - 21:59
CVE-2017-5850 7.8
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
31-03-2017 - 06:55 27-03-2017 - 11:59
CVE-2015-8309 4.0
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
29-03-2017 - 21:59 27-03-2017 - 11:59
CVE-2016-6174 6.8
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execut
20-03-2017 - 21:59 12-07-2016 - 15:59
CVE-2015-6023 7.5
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to e
09-03-2017 - 15:33 09-02-2017 - 10:59
CVE-2015-6024 10.0
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.
09-03-2017 - 15:28 09-02-2017 - 10:59
CVE-2017-6334 9.0
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-20
07-03-2017 - 20:33 05-03-2017 - 21:59
CVE-2015-2794 7.5
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
01-03-2017 - 21:59 06-02-2017 - 10:59
CVE-2016-10174 10.0
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
24-02-2017 - 07:47 29-01-2017 - 23:59
CVE-2016-3694 7.5
Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status par
23-02-2017 - 13:20 15-02-2017 - 14:59
CVE-2016-4793 5.0
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
31-01-2017 - 21:59 23-01-2017 - 16:59
CVE-2016-4340 6.5
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.
25-01-2017 - 08:59 23-01-2017 - 16:59
CVE-2016-0891 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.
10-01-2017 - 23:10 20-04-2016 - 13:59
CVE-2015-4594 7.5
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.
10-01-2017 - 19:21 10-01-2017 - 10:59
CVE-2015-4591 4.3
eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.
10-01-2017 - 11:33 10-01-2017 - 10:59
CVE-2015-4593 6.8
eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the c
10-01-2017 - 11:33 10-01-2017 - 10:59
CVE-2015-4592 7.5
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
10-01-2017 - 11:33 10-01-2017 - 10:59
CVE-2015-2281 7.5
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.
02-01-2017 - 21:59 19-03-2015 - 10:59
CVE-2015-1635 10.0
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerabilit
02-01-2017 - 21:59 14-04-2015 - 16:59
CVE-2014-6278 10.0
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the Force
02-01-2017 - 21:59 30-09-2014 - 06:55
CVE-2015-4127 4.3
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin
30-12-2016 - 21:59 28-05-2015 - 10:59
CVE-2015-4010 6.8
Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the
30-12-2016 - 21:59 09-06-2015 - 10:59
CVE-2015-1833 6.4
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to
30-12-2016 - 21:59 29-05-2015 - 11:59
CVE-2013-7349 7.5
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.ph
30-12-2016 - 21:59 31-03-2014 - 23:25
CVE-2013-6343 10.0
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
30-12-2016 - 21:59 22-01-2014 - 00:22
CVE-2013-5640 7.5
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php,
30-12-2016 - 21:59 31-03-2014 - 23:24
CVE-2016-6277 9.3
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6
23-12-2016 - 21:59 14-12-2016 - 11:59
CVE-2016-7065 6.5
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
22-12-2016 - 21:59 13-10-2016 - 10:59
CVE-2016-0492 6.4
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing fo
22-12-2016 - 09:39 20-01-2016 - 22:00
CVE-2016-0491 6.4
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for W
22-12-2016 - 09:38 20-01-2016 - 22:00
CVE-2015-7235 7.5
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 act
21-12-2016 - 22:00 17-09-2015 - 12:59
CVE-2015-6973 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2
21-12-2016 - 22:00 16-09-2015 - 15:59
CVE-2015-6962 7.5
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.
21-12-2016 - 22:00 17-09-2015 - 11:59
CVE-2015-6805 3.5
Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message.
21-12-2016 - 22:00 02-09-2015 - 10:59
CVE-2015-6655 6.8
Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.
21-12-2016 - 22:00 31-08-2015 - 15:59
CVE-2015-6545 6.8
Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
21-12-2016 - 22:00 03-09-2015 - 13:59
CVE-2015-2321 4.3
Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field.
21-12-2016 - 21:59 13-08-2015 - 10:59
CVE-2015-6522 7.5
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
09-12-2016 - 09:29 19-08-2015 - 11:59
CVE-2015-5075 6.8
Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.
07-12-2016 - 22:09 29-09-2015 - 15:59
CVE-2015-5074 7.5
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht ext
07-12-2016 - 22:09 29-09-2015 - 15:59
CVE-2015-8562 7.5
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
07-12-2016 - 13:28 16-12-2015 - 16:59
CVE-2015-8358 9.0
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.m
07-12-2016 - 13:27 16-12-2015 - 16:59
CVE-2015-8357 6.5
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the fi
07-12-2016 - 13:27 16-12-2015 - 16:59
CVE-2015-8103 7.5
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the
07-12-2016 - 13:26 25-11-2015 - 15:59
CVE-2015-7984 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that
07-12-2016 - 13:25 19-11-2015 - 15:59
CVE-2015-5603 6.5
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
07-12-2016 - 13:17 21-09-2015 - 15:59
CVE-2015-5354 5.8
Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.
07-12-2016 - 13:16 01-07-2015 - 12:59
CVE-2015-5353 7.5
Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/.
07-12-2016 - 13:16 01-07-2015 - 12:59
CVE-2015-4677 6.8
Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via a request to administrator/admins_create.php.
07-12-2016 - 13:13 19-06-2015 - 10:59
CVE-2015-4659 6.8
Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a config action to index.php.
07-12-2016 - 13:13 18-06-2015 - 14:59
CVE-2015-4414 5.0
Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
07-12-2016 - 13:12 17-06-2015 - 14:59
CVE-2015-4153 5.0
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin
07-12-2016 - 13:11 10-06-2015 - 14:59
CVE-2016-1525 7.8
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
05-12-2016 - 22:07 12-02-2016 - 21:59
CVE-2015-4084 4.3
Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php.
05-12-2016 - 22:02 28-05-2015 - 10:59
CVE-2016-1593 6.5
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-
02-12-2016 - 22:21 22-04-2016 - 06:59
CVE-2016-0854 10.0
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified v
02-12-2016 - 22:18 14-01-2016 - 22:59
CVE-2015-2845 10.0
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
02-12-2016 - 22:06 12-05-2015 - 15:59
CVE-2015-2844 10.0
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.
02-12-2016 - 22:06 12-05-2015 - 15:59
CVE-2015-2843 7.5
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_
02-12-2016 - 22:06 12-05-2015 - 15:59
CVE-2015-2842 10.0
Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executab
02-12-2016 - 22:06 12-05-2015 - 15:59
CVE-2015-2825 7.5
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a dire
02-12-2016 - 22:06 21-04-2015 - 11:59
CVE-2015-2824 7.5
Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in
02-12-2016 - 22:06 06-04-2015 - 11:59
CVE-2015-2805 6.8
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01,
02-12-2016 - 22:06 16-06-2015 - 12:59
CVE-2015-2803 6.0
SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.
02-12-2016 - 22:06 17-06-2015 - 14:59
CVE-2015-2680 6.8
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index
02-12-2016 - 22:05 23-03-2015 - 12:59
CVE-2015-2679 7.5
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
02-12-2016 - 22:05 23-03-2015 - 12:59
CVE-2015-2678 4.3
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index
02-12-2016 - 22:05 23-03-2015 - 12:59
CVE-2015-2562 7.5
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_id
02-12-2016 - 22:05 20-03-2015 - 10:59
CVE-2010-4279 10.0
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in
02-12-2016 - 21:59 02-12-2010 - 12:15
CVE-2016-3081 9.3
Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
30-11-2016 - 22:09 26-04-2016 - 10:59
CVE-2015-2102 7.5
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
29-11-2016 - 22:01 27-02-2015 - 10:59
CVE-2015-2090 7.5
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-a
29-11-2016 - 22:01 26-02-2015 - 10:59
CVE-2015-2084 6.8
Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the ima
29-11-2016 - 22:00 25-02-2015 - 17:59
CVE-2015-2071 4.0
Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.
29-11-2016 - 22:00 24-02-2015 - 12:59
CVE-2015-2070 7.5
SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.
29-11-2016 - 22:00 24-02-2015 - 12:59
CVE-2016-6186 4.3
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to
28-11-2016 - 15:30 05-08-2016 - 11:59
CVE-2016-5734 7.5
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a craf
28-11-2016 - 15:29 02-07-2016 - 21:59
CVE-2016-4309 7.6
Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.
28-11-2016 - 15:17 30-06-2016 - 13:59
CVE-2015-7450 10.0
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerT
28-11-2016 - 14:43 02-01-2016 - 16:59
CVE-2015-4133 7.5
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via
28-11-2016 - 14:27 28-05-2015 - 10:59
CVE-2015-3986 4.3
Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators f
28-11-2016 - 14:27 14-05-2015 - 10:59
CVE-2015-3301 4.0
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box
28-11-2016 - 14:23 14-05-2015 - 10:59
CVE-2015-3300 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via th
28-11-2016 - 14:23 14-05-2015 - 10:59
CVE-2015-1366 4.3
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.
28-11-2016 - 14:18 27-01-2015 - 15:04
CVE-2013-3623 10.0
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execu
28-11-2016 - 14:09 10-12-2013 - 11:11
CVE-2016-8869 7.5
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
07-11-2016 - 14:15 04-11-2016 - 17:59
CVE-2016-8870 6.8
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Al
07-11-2016 - 14:15 04-11-2016 - 17:59
CVE-2014-4034 7.5
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
06-09-2016 - 10:18 11-06-2014 - 10:55
CVE-2014-5370 7.5
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING t
18-08-2016 - 10:59 21-04-2015 - 11:59
CVE-2015-4420 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a host profile, or the (3) plugin_args parameter to
15-06-2016 - 09:22 18-06-2015 - 14:59
CVE-2014-8391 4.0
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.
27-05-2016 - 11:48 02-06-2015 - 10:59
CVE-2016-2784 2.6
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a reques
26-05-2016 - 18:12 26-05-2016 - 10:59
CVE-2014-1683 6.8
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name,
25-05-2016 - 11:16 29-01-2014 - 13:55
CVE-2016-0710 7.5
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
20-04-2016 - 14:24 11-04-2016 - 10:59
CVE-2016-0709 9.0
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot
20-04-2016 - 14:14 11-04-2016 - 10:59
CVE-2016-0784 4.0
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
14-04-2016 - 18:33 11-04-2016 - 10:59
CVE-2014-1635 10.0
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.
31-03-2016 - 13:35 12-11-2014 - 11:55
CVE-2014-5193 4.3
Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.
04-12-2015 - 11:18 07-08-2014 - 07:13
CVE-2015-1365 5.0
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.
23-11-2015 - 13:32 27-01-2015 - 15:04
CVE-2014-7176 6.5
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
20-11-2015 - 11:26 04-11-2014 - 10:55
CVE-2014-8690 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src para
19-11-2015 - 12:24 19-02-2015 - 10:59
CVE-2014-5460 6.5
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-
16-11-2015 - 23:07 11-09-2014 - 11:55
CVE-2014-5082 7.5
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.
04-11-2015 - 11:32 06-08-2014 - 14:55
CVE-2014-2579 7.6
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to inde
08-10-2015 - 10:50 25-04-2014 - 16:55
CVE-2015-7707 6.5
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
06-10-2015 - 14:13 05-10-2015 - 11:59
CVE-2014-4960 7.5
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid
05-10-2015 - 22:37 21-07-2014 - 10:55
CVE-2014-6446 7.5
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
01-10-2015 - 13:08 26-09-2014 - 17:55
CVE-2015-3203 7.5
Unrestricted file upload vulnerability in h5ai before 0.25.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the href
29-09-2015 - 15:25 28-09-2015 - 12:59
CVE-2014-3871 7.5
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. N
29-09-2015 - 14:48 27-05-2014 - 09:55
CVE-2015-7309 6.5
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
23-09-2015 - 15:15 22-09-2015 - 11:59
CVE-2015-6972 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName par
17-09-2015 - 21:54 16-09-2015 - 15:59
CVE-2015-6965 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a f
17-09-2015 - 14:21 16-09-2015 - 10:59
CVE-2015-6809 4.3
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter
04-09-2015 - 14:26 04-09-2015 - 11:59
CVE-2014-4158 7.5
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.
02-09-2015 - 13:03 13-06-2014 - 10:55
CVE-2014-3976 5.0
Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sy
02-09-2015 - 13:01 05-06-2014 - 13:55
CVE-2006-3823 5.1
SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter.
01-09-2015 - 12:59 25-07-2006 - 09:22
CVE-2014-3913 10.0
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
31-08-2015 - 14:29 04-06-2014 - 10:55
CVE-2015-6519 7.5
SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php.
20-08-2015 - 13:38 18-08-2015 - 14:00
CVE-2015-6512 5.0
SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php.
19-08-2015 - 19:10 18-08-2015 - 11:59
CVE-2014-2043 6.5
SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parameter.
13-08-2015 - 14:04 13-03-2014 - 10:55
CVE-2014-0793 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to
13-08-2015 - 13:49 30-01-2014 - 13:55
CVE-2015-4616 5.0
Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter.
11-08-2015 - 10:46 08-07-2015 - 12:59
CVE-2015-4614 7.5
Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-
11-08-2015 - 10:46 08-07-2015 - 12:59
CVE-2014-2009 5.0
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
05-08-2015 - 12:34 12-09-2014 - 10:55
CVE-2014-2008 7.5
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
05-08-2015 - 12:34 12-09-2014 - 10:55
CVE-2014-3740 3.5
Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.
31-07-2015 - 21:41 11-09-2014 - 14:55
CVE-2013-5019 10.0
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
30-07-2015 - 10:55 31-07-2013 - 09:20
CVE-2013-2639 4.3
Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder.
30-07-2015 - 10:43 11-02-2014 - 12:55
CVE-2014-2314 4.3
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
29-07-2015 - 12:21 09-03-2014 - 09:16
CVE-2015-2183 7.5
Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an
28-07-2015 - 11:05 10-03-2015 - 10:59
CVE-2013-6872 6.5
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.
28-07-2015 - 10:49 21-01-2014 - 10:17
CVE-2013-6058 7.5
SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.
27-07-2015 - 12:11 14-11-2013 - 15:55
CVE-2013-6021 9.3
Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie.
27-07-2015 - 12:11 19-10-2013 - 06:36
CVE-2015-5530 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/crea
21-07-2015 - 07:26 16-07-2015 - 11:59
CVE-2015-5529 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to das
21-07-2015 - 07:25 16-07-2015 - 11:59
CVE-2015-5520 4.3
Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly
17-07-2015 - 18:32 14-07-2015 - 12:59
CVE-2014-9734 5.0
Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php
01-07-2015 - 11:12 30-06-2015 - 10:59
CVE-2015-4018 6.5
SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in t
25-06-2015 - 12:22 21-05-2015 - 16:59
CVE-2015-3325 7.5
SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.
25-06-2015 - 11:50 15-05-2015 - 14:59
CVE-2010-5323 10.0
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parame
08-06-2015 - 13:59 07-06-2015 - 19:59
CVE-2014-0999 5.0
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.
03-06-2015 - 08:25 02-06-2015 - 10:59
CVE-2015-4066 6.5
Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add acti
02-06-2015 - 10:08 27-05-2015 - 14:59
CVE-2015-4065 3.5
Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/po
28-05-2015 - 10:57 27-05-2015 - 14:59
CVE-2015-4064 6.5
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-ad
28-05-2015 - 10:56 27-05-2015 - 14:59
CVE-2015-4063 3.5
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-a
28-05-2015 - 10:55 27-05-2015 - 14:59
CVE-2015-4062 6.5
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
28-05-2015 - 10:54 27-05-2015 - 14:59
CVE-2014-9445 7.5
SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) atta
06-04-2015 - 12:55 02-01-2015 - 15:59
CVE-2014-9261 5.0
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
24-03-2015 - 10:45 23-03-2015 - 12:59
CVE-2015-2564 6.5
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.
23-03-2015 - 09:30 20-03-2015 - 10:59
CVE-2015-2208 7.5
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.
12-03-2015 - 12:42 12-03-2015 - 10:59
CVE-2015-2182 4.3
Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The sea
11-03-2015 - 15:38 11-03-2015 - 10:59
CVE-2010-5322 4.3
Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php.
11-03-2015 - 11:05 11-03-2015 - 10:59
CVE-2015-2184 5.0
ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function.
11-03-2015 - 10:55 10-03-2015 - 10:59
CVE-2015-1587 7.5
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a reques
20-02-2015 - 20:33 19-02-2015 - 10:59
CVE-2014-9101 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (X
18-02-2015 - 13:53 26-11-2014 - 10:59
CVE-2015-1482 5.0
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
05-02-2015 - 12:26 04-02-2015 - 13:59
CVE-2015-1481 6.5
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.
05-02-2015 - 11:09 04-02-2015 - 13:59
CVE-2014-9331 6.8
Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to S
04-02-2015 - 12:29 04-02-2015 - 11:59
CVE-2015-1422 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak
02-02-2015 - 11:52 29-01-2015 - 10:59
CVE-2015-1424 6.8
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.
30-01-2015 - 14:05 29-01-2015 - 10:59
CVE-2015-1423 6.5
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.
30-01-2015 - 14:04 29-01-2015 - 10:59
CVE-2015-1368 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) u
28-01-2015 - 14:01 27-01-2015 - 15:04
CVE-2015-1376 4.0
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
28-01-2015 - 12:05 28-01-2015 - 06:59
CVE-2015-1375 7.5
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
28-01-2015 - 11:50 28-01-2015 - 06:59
CVE-2014-6242 6.5
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp
26-01-2015 - 13:53 02-10-2014 - 10:55
CVE-2015-0554 9.4
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (devi
23-01-2015 - 15:43 21-01-2015 - 13:59
CVE-2015-1060 5.8
Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
20-01-2015 - 09:20 16-01-2015 - 10:59
CVE-2015-1059 6.5
Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/u
20-01-2015 - 09:02 16-01-2015 - 10:59
CVE-2015-1058 4.3
Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/
20-01-2015 - 09:01 16-01-2015 - 10:59
CVE-2014-9308 6.5
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an
16-01-2015 - 11:29 15-01-2015 - 10:59
CVE-2014-10033 6.5
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
14-01-2015 - 16:50 13-01-2015 - 10:59
CVE-2014-100012 7.5
SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter.
14-01-2015 - 14:45 13-01-2015 - 10:59
CVE-2014-10023 7.5
Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/.
13-01-2015 - 19:29 13-01-2015 - 06:59
CVE-2014-10018 4.3
Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter.
13-01-2015 - 19:24 13-01-2015 - 06:59
CVE-2014-10010 5.0
Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller.
13-01-2015 - 19:03 13-01-2015 - 06:59
CVE-2014-10001 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][
13-01-2015 - 18:02 13-01-2015 - 06:59
CVE-2014-100002 5.0
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
13-01-2015 - 15:48 13-01-2015 - 06:59
CVE-2014-9582 4.3
Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly
10-01-2015 - 21:59 08-01-2015 - 15:59
CVE-2014-9581 5.0
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; s
10-01-2015 - 21:59 08-01-2015 - 15:59
CVE-2014-9580 4.3
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-11
10-01-2015 - 21:59 08-01-2015 - 14:59
CVE-2014-9440 7.5
SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter.
10-01-2015 - 21:59 02-01-2015 - 14:59
CVE-2011-3713 5.0
cFTP r80 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/session_check.php and certain other files.
09-01-2015 - 21:59 23-09-2011 - 19:55
CVE-2014-9567 7.5
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to th
08-01-2015 - 14:19 07-01-2015 - 13:59
CVE-2014-2223 7.5
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then acce
08-01-2015 - 08:41 11-09-2014 - 10:16
CVE-2014-9522 4.3
Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.
06-01-2015 - 11:55 05-01-2015 - 15:59
CVE-2014-9516 4.3
Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section.
06-01-2015 - 11:48 05-01-2015 - 15:59
CVE-2014-2598 6.8
Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via
06-01-2015 - 11:42 05-01-2015 - 15:59
CVE-2014-8493 5.0
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
16-12-2014 - 22:00 20-11-2014 - 12:50
CVE-2014-9347 7.5
SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter.
16-12-2014 - 11:37 08-12-2014 - 11:59
CVE-2014-9345 7.5
SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi.
09-12-2014 - 16:49 08-12-2014 - 11:59
CVE-2014-9305 6.5
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_p
09-12-2014 - 13:21 08-12-2014 - 11:59
CVE-2014-9178 7.5
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the
08-12-2014 - 10:25 02-12-2014 - 11:59
CVE-2014-9144 7.5
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
05-12-2014 - 20:41 05-12-2014 - 10:59
CVE-2014-9143 4.3
Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter.
05-12-2014 - 15:00 05-12-2014 - 10:59
CVE-2014-9142 4.3
Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.
05-12-2014 - 14:59 05-12-2014 - 10:59
CVE-2014-8800 4.3
Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_up
05-12-2014 - 14:17 05-12-2014 - 10:59
CVE-2014-9173 7.5
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
03-12-2014 - 15:00 02-12-2014 - 11:59
CVE-2014-8801 5.0
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax
28-11-2014 - 14:13 28-11-2014 - 10:59
CVE-2014-8469 4.3
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.
24-11-2014 - 10:31 21-11-2014 - 10:59
CVE-2014-8681 7.5
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issue
24-11-2014 - 10:16 21-11-2014 - 10:59
CVE-2014-8997 7.5
Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct r
20-11-2014 - 09:55 20-11-2014 - 08:55
CVE-2014-8998 6.5
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
20-11-2014 - 09:43 20-11-2014 - 08:55
CVE-2014-2268 5.0
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by ex
18-11-2014 - 11:52 15-11-2014 - 20:59
CVE-2014-8949 6.0
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote
17-11-2014 - 21:04 16-11-2014 - 06:59
CVE-2014-8948 6.8
Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace param
17-11-2014 - 11:30 16-11-2014 - 06:59
CVE-2014-5519 7.5
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party informatio
13-11-2014 - 17:51 11-09-2014 - 10:16
CVE-2014-8586 7.5
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
10-11-2014 - 11:16 04-11-2014 - 10:55
CVE-2014-5520 7.5
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
30-10-2014 - 21:11 26-10-2014 - 16:55
CVE-2014-5275 6.5
Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.
24-10-2014 - 20:22 20-10-2014 - 12:55
CVE-2014-2531 6.5
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search a
24-10-2014 - 14:02 21-10-2014 - 12:55
CVE-2014-5006 7.5
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
24-10-2014 - 10:12 21-10-2014 - 11:55
CVE-2014-5005 7.5
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
24-10-2014 - 09:16 21-10-2014 - 11:55
CVE-2014-5276 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.
22-10-2014 - 21:16 20-10-2014 - 12:55
CVE-2014-6312 4.3
Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site sc
22-10-2014 - 13:33 15-10-2014 - 10:55
CVE-2014-8295 7.5
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
21-10-2014 - 21:40 15-10-2014 - 10:55
CVE-2014-7226 7.5
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.
10-10-2014 - 15:59 09-10-2014 - 21:55
CVE-2014-5308 9.0
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.
09-10-2014 - 08:55 08-10-2014 - 13:55
CVE-2014-6389 7.5
backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter.
07-10-2014 - 21:47 06-10-2014 - 19:55
CVE-2014-2044 7.5
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alte
07-10-2014 - 19:07 06-10-2014 - 19:55
CVE-2014-6619 4.3
Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter.
01-10-2014 - 15:40 30-09-2014 - 12:55
CVE-2013-3632 9.0
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
30-09-2014 - 14:39 29-09-2014 - 18:55
CVE-2013-2586 4.3
XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method.
30-09-2014 - 14:07 29-09-2014 - 18:55
CVE-2014-5521 6.5
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
03-09-2014 - 10:15 02-09-2014 - 10:55
CVE-2014-5073 7.5
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.
02-09-2014 - 13:08 29-08-2014 - 12:55
CVE-2014-5246 10.0
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
27-08-2014 - 20:03 22-08-2014 - 10:55
CVE-2014-5347 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attack
20-08-2014 - 13:20 19-08-2014 - 15:55
CVE-2014-1204 7.5
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if t
11-08-2014 - 13:21 31-01-2014 - 10:07
CVE-2014-5194 6.5
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.
07-08-2014 - 10:30 07-08-2014 - 07:13
CVE-2014-5192 7.5
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
07-08-2014 - 10:28 07-08-2014 - 07:13
CVE-2014-5100 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cro
28-07-2014 - 11:55 25-07-2014 - 15:55
CVE-2014-4927 7.8
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
25-07-2014 - 11:52 24-07-2014 - 10:55
CVE-2014-4511 7.5
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stat
24-07-2014 - 01:01 22-07-2014 - 10:55
CVE-2014-4162 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to
17-07-2014 - 01:07 16-06-2014 - 14:55
CVE-2014-3842 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or (2) encrypt parameter.
27-06-2014 - 12:56 22-05-2014 - 11:13
CVE-2014-3962 7.5
Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php.
18-06-2014 - 00:33 04-06-2014 - 10:55
CVE-2014-2575 6.5
Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (do
18-06-2014 - 00:32 06-06-2014 - 10:55
CVE-2014-4033 4.3
Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.
12-06-2014 - 13:46 11-06-2014 - 10:55
CVE-2014-3961 7.5
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
05-06-2014 - 10:48 04-06-2014 - 10:55
CVE-2014-3849 4.3
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser pa
27-05-2014 - 10:36 23-05-2014 - 10:55
CVE-2014-3848 5.0
The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter.
27-05-2014 - 10:34 23-05-2014 - 10:55
CVE-2014-3806 5.0
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.
22-05-2014 - 10:54 21-05-2014 - 10:55
CVE-2014-3792 6.8
Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Pas
21-05-2014 - 19:37 20-05-2014 - 10:55
CVE-2014-3791 10.0
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.
21-05-2014 - 18:35 20-05-2014 - 10:55
CVE-2014-3138 6.5
SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb
20-05-2014 - 00:14 01-05-2014 - 20:55
CVE-2013-4467 6.5
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_mult
20-05-2014 - 00:06 11-03-2014 - 15:37
CVE-2013-7382 5.0
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.
19-05-2014 - 11:46 17-05-2014 - 15:55
CVE-2013-4468 6.5
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.
15-05-2014 - 09:16 14-05-2014 - 15:55
CVE-2014-0794 4.3
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
05-05-2014 - 01:32 26-01-2014 - 15:55
CVE-2013-6164 7.5
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
05-05-2014 - 01:29 14-11-2013 - 15:55
CVE-2014-2996 7.1
XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. N
28-04-2014 - 08:03 25-04-2014 - 16:55
CVE-2013-7204 6.8
Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users.
22-04-2014 - 13:09 17-01-2014 - 10:18
CVE-2014-1216 7.5
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
22-04-2014 - 12:24 22-04-2014 - 09:06
CVE-2014-2340 6.8
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.
19-04-2014 - 00:48 03-04-2014 - 12:15
CVE-2014-2540 7.5
SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.
14-04-2014 - 10:27 11-04-2014 - 10:55
CVE-2014-2588 4.0
Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.
01-04-2014 - 02:29 24-03-2014 - 12:38
CVE-2014-2587 6.5
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).
01-04-2014 - 02:29 24-03-2014 - 12:38
CVE-2014-1982 10.0
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request
31-03-2014 - 13:57 31-03-2014 - 10:58
CVE-2014-2586 4.3
Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.
24-03-2014 - 18:15 24-03-2014 - 12:38
CVE-2013-5639 7.5
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie.
12-03-2014 - 14:03 11-03-2014 - 15:37
CVE-2014-1944 4.3
Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.
10-03-2014 - 12:14 09-03-2014 - 09:16
CVE-2014-1854 7.5
SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.
07-03-2014 - 15:42 27-02-2014 - 10:55
CVE-2013-6881 10.0
CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.
25-02-2014 - 13:11 07-01-2014 - 12:04
CVE-2013-7137 7.5
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
24-02-2014 - 21:07 25-01-2014 - 20:55
CVE-2013-6884 10.0
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.
24-02-2014 - 20:44 07-01-2014 - 12:04
CVE-2014-1459 6.5
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remot
21-02-2014 - 00:06 11-02-2014 - 12:55
CVE-2014-1401 6.5
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) F
21-02-2014 - 00:06 11-02-2014 - 12:55
CVE-2012-0394 6.8
** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a sec
20-02-2014 - 23:48 08-01-2012 - 10:55
CVE-2012-3153 6.4
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previo
06-02-2014 - 23:40 16-10-2012 - 19:55
CVE-2012-3152 6.4
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component.
06-02-2014 - 23:40 16-10-2012 - 19:55
CVE-2013-4835 7.5
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
17-01-2014 - 00:18 04-11-2013 - 11:55
CVE-2013-0632 10.0
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to ac
17-01-2014 - 00:12 16-01-2013 - 19:55
CVE-2013-6883 6.8
Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via u
13-01-2014 - 23:29 17-12-2013 - 11:08
CVE-2013-6882 4.3
Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenti
13-01-2014 - 23:29 17-12-2013 - 11:08
CVE-2013-6987 7.5
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter t
02-01-2014 - 11:10 31-12-2013 - 11:04
CVE-2013-6341 7.5
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
27-12-2013 - 13:57 05-12-2013 - 13:55
CVE-2013-6787 6.0
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL com
27-12-2013 - 12:40 05-12-2013 - 13:55
CVE-2013-4212 6.8
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-
09-12-2013 - 12:15 07-12-2013 - 15:55
CVE-2013-5576 6.8
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous
30-11-2013 - 23:31 09-10-2013 - 10:54
CVE-2013-5977 6.8
Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or con
20-11-2013 - 12:48 01-11-2013 - 11:55
CVE-2013-5694 7.5
SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter.
06-11-2013 - 20:03 05-11-2013 - 15:55
CVE-2013-5693 4.3
Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.
11-10-2013 - 09:33 30-09-2013 - 18:55
CVE-2013-5692 8.5
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.
01-10-2013 - 16:01 30-09-2013 - 18:55
CVE-2010-0642 5.0
Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending
10-07-2013 - 15:49 17-02-2010 - 13:30
CVE-2013-3563 7.5
Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string to TCP port 8001.
05-07-2013 - 00:00 04-07-2013 - 10:33
CVE-2007-3340 7.8
BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages.
05-11-2012 - 22:41 21-06-2007 - 18:30
CVE-2010-4944 7.5
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4946 7.5
SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4947 4.3
Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2011-0267 10.0
Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0
21-09-2011 - 23:27 13-01-2011 - 14:00
CVE-2010-1554 10.0
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.
21-09-2011 - 23:20 13-05-2010 - 13:30
CVE-2010-3906 4.3
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
01-03-2011 - 02:06 17-12-2010 - 14:00
CVE-2010-4480 4.3
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
28-01-2011 - 00:00 08-12-2010 - 11:00
CVE-2010-2333 5.0
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
13-07-2010 - 01:52 18-06-2010 - 16:30
CVE-2010-1930 5.0
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.
29-06-2010 - 00:00 28-06-2010 - 13:30
CVE-2010-1929 9.0
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code
28-06-2010 - 00:00 28-06-2010 - 13:30
CVE-2010-2309 7.5
Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request.
17-06-2010 - 00:00 16-06-2010 - 16:30
CVE-2009-4827 6.8
Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action.
24-05-2010 - 00:00 27-04-2010 - 11:30
CVE-2009-4679 7.5
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
09-03-2010 - 00:00 08-03-2010 - 10:30
CVE-2010-0690 7.5
SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action.
24-02-2010 - 00:00 23-02-2010 - 13:30
CVE-2010-0665 5.0
JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql.
22-02-2010 - 00:00 19-02-2010 - 12:30
CVE-2010-0641 4.3
Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter.
18-02-2010 - 00:00 17-02-2010 - 13:30
CVE-2009-4186 9.3
Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.
04-12-2009 - 00:00 03-12-2009 - 12:30
Back to Top Mark selected
Back to Top