Max CVSS 10.0 Min CVSS 1.9 Total Count216
IDCVSSSummaryLast (major) updatePublished
CVE-2017-6920 7.5
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
07-08-2018 - 21:29 06-08-2018 - 11:29
CVE-2018-8245 6.8
A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsof
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-10405 6.8
An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will
13-06-2018 - 18:29 13-06-2018 - 18:29
CVE-2018-8178 7.6
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-8145 7.6
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corrup
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-8122 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CV
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-8114 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CV
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-1025 4.3
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge.
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-1022 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-0955 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-0954 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11,
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-1000103 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1000068. Reason: This candidate is a reservation duplicate of CVE-2018-1000068. Notes: All CVE users should reference CVE-2018-1000068 instead of this candidate. All references and
13-03-2018 - 09:29 13-03-2018 - 09:29
CVE-2018-1000102 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1000067. Reason: This candidate is a reservation duplicate of CVE-2018-1000067. Notes: All CVE users should reference CVE-2018-1000067 instead of this candidate. All references and
13-03-2018 - 09:29 13-03-2018 - 09:29
CVE-2017-6932 5.8
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick
01-03-2018 - 18:29 01-03-2018 - 18:29
CVE-2017-6931 4.0
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module
01-03-2018 - 18:29 01-03-2018 - 18:29
CVE-2017-6930 6.8
In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet h
01-03-2018 - 18:29 01-03-2018 - 18:29
CVE-2017-6929 4.3
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability wa
01-03-2018 - 18:29 01-03-2018 - 18:29
CVE-2017-6928 3.5
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is
01-03-2018 - 18:29 01-03-2018 - 18:29
CVE-2017-6927 4.3
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through T
01-03-2018 - 18:29 01-03-2018 - 18:29
CVE-2017-6926 5.5
In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact tha
01-03-2018 - 18:29 01-03-2018 - 18:29
CVE-2018-6356 4.0
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Je
20-02-2018 - 10:29 20-02-2018 - 10:29
CVE-2018-1000068 5.0
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the
15-02-2018 - 19:29 15-02-2018 - 19:29
CVE-2018-6380 4.3
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.
30-01-2018 - 12:29 30-01-2018 - 12:29
CVE-2018-6379 4.3
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
30-01-2018 - 12:29 30-01-2018 - 12:29
CVE-2018-6377 4.3
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox
30-01-2018 - 12:29 30-01-2018 - 12:29
CVE-2018-6376 7.5
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
30-01-2018 - 12:29 30-01-2018 - 12:29
CVE-2017-1000504 6.8
A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show th
24-01-2018 - 18:29 24-01-2018 - 18:29
CVE-2017-1000503 6.8
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first start
24-01-2018 - 18:29 24-01-2018 - 18:29
CVE-2017-17549 4.3
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backen
13-12-2017 - 11:29 13-12-2017 - 11:29
CVE-2017-17382 4.3
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leverag
13-12-2017 - 11:29 13-12-2017 - 11:29
CVE-2017-14590 9.0
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a
13-12-2017 - 10:29 13-12-2017 - 10:29
CVE-2017-14589 6.8
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit t
13-12-2017 - 10:29 13-12-2017 - 10:29
CVE-2017-11291 6.4
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.
09-12-2017 - 01:29 09-12-2017 - 01:29
CVE-2017-11290 4.3
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or cli
09-12-2017 - 01:29 09-12-2017 - 01:29
CVE-2017-11289 4.3
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
09-12-2017 - 01:29 09-12-2017 - 01:29
CVE-2017-11288 4.3
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
09-12-2017 - 01:29 09-12-2017 - 01:29
CVE-2017-11287 4.3
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
09-12-2017 - 01:29 09-12-2017 - 01:29
CVE-2017-16939 7.2
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM
24-11-2017 - 05:29 24-11-2017 - 05:29
CVE-2017-16634 7.5
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
09-11-2017 - 21:29 09-11-2017 - 21:29
CVE-2017-16633 4.0
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
09-11-2017 - 21:29 09-11-2017 - 21:29
CVE-2017-16249 7.8
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print
09-11-2017 - 21:29 09-11-2017 - 21:29
CVE-2017-3736 4.0
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very
02-11-2017 - 13:29 02-11-2017 - 13:29
CVE-2017-10352 7.5
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnera
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10336 5.0
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unaut
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10334 4.0
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low p
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10271 5.0
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauth
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10152 4.0
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows low privileged attacker with
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-12617 6.8
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload
03-10-2017 - 21:29 03-10-2017 - 21:29
CVE-2017-14602 9.0
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 1
26-09-2017 - 10:29 26-09-2017 - 10:29
CVE-2017-14596 5.0
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
20-09-2017 - 14:29 20-09-2017 - 14:29
CVE-2017-14595 4.3
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
20-09-2017 - 14:29 20-09-2017 - 14:29
CVE-2015-5608 5.8
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
20-09-2017 - 14:29 20-09-2017 - 14:29
CVE-2017-14417 7.5
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.
13-09-2017 - 13:29 13-09-2017 - 13:29
CVE-2017-14117 4.3
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connection
03-09-2017 - 15:29 03-09-2017 - 15:29
CVE-2017-14116 9.3
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privil
03-09-2017 - 15:29 03-09-2017 - 15:29
CVE-2017-14115 9.3
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to a
03-09-2017 - 15:29 03-09-2017 - 15:29
CVE-2017-10793 4.3
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allow
03-09-2017 - 15:29 03-09-2017 - 15:29
CVE-2017-11364 6.5
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
02-08-2017 - 10:29 02-08-2017 - 10:29
CVE-2017-11612 4.3
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
26-07-2017 - 11:29 26-07-2017 - 11:29
CVE-2017-9934 4.3
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
17-07-2017 - 17:29 17-07-2017 - 17:29
CVE-2017-9933 5.0
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
17-07-2017 - 17:29 17-07-2017 - 17:29
CVE-2017-3103 4.3
Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.
17-07-2017 - 09:29 17-07-2017 - 09:18
CVE-2017-3102 4.3
Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack.
17-07-2017 - 09:29 17-07-2017 - 09:18
CVE-2017-3101 5.0
Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack.
17-07-2017 - 09:29 17-07-2017 - 09:18
CVE-2017-1000028 5.0
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
17-07-2017 - 09:18 17-07-2017 - 09:18
CVE-2017-3087 5.0
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate.
20-06-2017 - 13:29 20-06-2017 - 13:29
CVE-2017-8917 7.5
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
17-05-2017 - 19:29 17-05-2017 - 19:29
CVE-2017-9025 6.4
Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header.
17-05-2017 - 06:29 17-05-2017 - 06:29
CVE-2016-2183 5.0
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth
09-05-2017 - 21:29 31-08-2016 - 20:59
CVE-2017-7415 5.0
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.
09-05-2017 - 19:46 27-04-2017 - 06:59
CVE-2015-3195 5.0
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to ob
08-05-2017 - 21:29 06-12-2015 - 15:59
CVE-2015-3194 5.0
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function p
08-05-2017 - 21:29 06-12-2015 - 15:59
CVE-2016-2930 5.0
IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512.
05-05-2017 - 21:29 03-05-2017 - 13:59
CVE-2017-8225 7.5
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.
05-05-2017 - 09:41 25-04-2017 - 16:59
CVE-2017-7988 5.0
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
03-05-2017 - 09:11 25-04-2017 - 14:59
CVE-2017-8057 5.0
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
03-05-2017 - 09:09 25-04-2017 - 14:59
CVE-2017-7987 4.3
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
03-05-2017 - 09:05 25-04-2017 - 14:59
CVE-2017-7985 4.3
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
03-05-2017 - 09:05 25-04-2017 - 14:59
CVE-2017-7983 5.0
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
03-05-2017 - 08:20 25-04-2017 - 14:59
CVE-2017-7986 4.3
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
02-05-2017 - 14:15 25-04-2017 - 14:59
CVE-2017-7989 4.0
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
02-05-2017 - 14:06 25-04-2017 - 14:59
CVE-2017-7984 4.3
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
02-05-2017 - 14:06 25-04-2017 - 14:59
CVE-2016-6334 4.3
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving repl
28-04-2017 - 21:59 20-04-2017 - 13:59
CVE-2016-6333 4.3
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:My
28-04-2017 - 21:59 20-04-2017 - 13:59
CVE-2016-1555 10.0
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to ex
28-04-2017 - 14:49 21-04-2017 - 11:59
CVE-2016-0635 9.0
Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.
24-04-2017 - 21:59 21-07-2016 - 06:12
CVE-2017-6919 6.0
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
24-04-2017 - 20:41 19-04-2017 - 22:59
CVE-2016-6331 5.0
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.
24-04-2017 - 16:26 20-04-2017 - 13:59
CVE-2016-6337 5.0
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.
24-04-2017 - 16:25 20-04-2017 - 13:59
CVE-2016-6336 4.0
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitr
24-04-2017 - 16:25 20-04-2017 - 13:59
CVE-2016-6335 5.0
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.
24-04-2017 - 16:24 20-04-2017 - 13:59
CVE-2016-6332 5.0
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.
24-04-2017 - 16:23 20-04-2017 - 13:59
CVE-2017-5651 7.5
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to th
21-04-2017 - 11:04 17-04-2017 - 12:59
CVE-2017-5647 5.0
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file pr
21-04-2017 - 09:59 17-04-2017 - 12:59
CVE-2015-7270 4.6
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.
14-04-2017 - 09:41 09-04-2017 - 23:59
CVE-2017-6381 6.8
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies
23-03-2017 - 13:15 16-03-2017 - 10:59
CVE-2017-6377 5.0
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
23-03-2017 - 13:15 16-03-2017 - 10:59
CVE-2017-6379 5.1
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
17-03-2017 - 21:59 16-03-2017 - 10:59
CVE-2016-2182 7.5
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified ot
07-03-2017 - 21:59 16-09-2016 - 01:59
CVE-2016-0718 7.5
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
02-03-2017 - 21:59 26-05-2016 - 12:59
CVE-2016-2178 2.1
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
23-02-2017 - 14:43 19-06-2016 - 21:59
CVE-2016-2177 7.5
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveragi
23-02-2017 - 14:43 19-06-2016 - 21:59
CVE-2016-6302 5.0
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
23-02-2017 - 14:22 16-09-2016 - 01:59
CVE-2016-2181 5.0
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops
23-02-2017 - 14:12 16-09-2016 - 01:59
CVE-2016-2180 5.0
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application cra
23-02-2017 - 14:11 31-07-2016 - 22:59
CVE-2016-2179 5.0
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many
23-02-2017 - 14:10 16-09-2016 - 01:59
CVE-2016-6303 7.5
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vect
23-02-2017 - 12:40 16-09-2016 - 01:59
CVE-2016-6306 4.3
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-6304 7.8
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-5590 6.5
Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerability allows high privileged attacker with network
31-01-2017 - 10:06 27-01-2017 - 17:59
CVE-2016-0734 4.3
The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2)
19-01-2017 - 21:59 07-04-2016 - 15:59
CVE-2016-9451 4.9
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
06-01-2017 - 22:00 25-11-2016 - 13:59
CVE-2016-9449 4.0
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
06-01-2017 - 22:00 25-11-2016 - 13:59
CVE-2013-2187 4.3
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.
30-12-2016 - 21:59 22-04-2014 - 10:23
CVE-2016-2935 5.0
The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request.
30-12-2016 - 16:14 30-11-2016 - 06:59
CVE-2016-2934 4.3
Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
30-12-2016 - 16:14 30-11-2016 - 06:59
CVE-2016-2931 5.0
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
30-12-2016 - 16:13 30-11-2016 - 06:59
CVE-2016-2932 5.0
IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors.
30-12-2016 - 16:13 30-11-2016 - 06:59
CVE-2016-2933 6.8
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.
30-12-2016 - 16:13 30-11-2016 - 06:59
CVE-2016-9837 5.0
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be public
22-12-2016 - 11:28 16-12-2016 - 04:59
CVE-2016-9838 5.0
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account an
22-12-2016 - 11:27 16-12-2016 - 04:59
CVE-2013-2251 9.3
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
07-12-2016 - 22:03 19-07-2013 - 23:37
CVE-2016-9836 7.5
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `
07-12-2016 - 14:27 05-12-2016 - 12:59
CVE-2015-8769 7.5
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.
07-12-2016 - 13:30 12-01-2016 - 15:59
CVE-2015-8562 7.5
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
07-12-2016 - 13:28 16-12-2015 - 16:59
CVE-2015-8357 6.5
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the fi
07-12-2016 - 13:27 16-12-2015 - 16:59
CVE-2015-5397 6.8
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.
07-12-2016 - 13:16 14-07-2015 - 12:59
CVE-2013-4316 10.0
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
07-12-2016 - 12:34 30-09-2013 - 17:55
CVE-2016-0763 6.5
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, wh
05-12-2016 - 22:05 24-02-2016 - 20:59
CVE-2016-0714 6.5
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restric
05-12-2016 - 22:05 24-02-2016 - 20:59
CVE-2016-0706 4.0
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote aut
05-12-2016 - 22:05 24-02-2016 - 20:59
CVE-2015-5351 6.8
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protec
05-12-2016 - 22:02 24-02-2016 - 20:59
CVE-2016-2943 1.9
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file.
02-12-2016 - 22:26 30-11-2016 - 06:59
CVE-2016-2928 4.0
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.
29-11-2016 - 22:05 25-11-2016 - 15:59
CVE-2016-9450 5.0
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
29-11-2016 - 13:37 25-11-2016 - 13:59
CVE-2016-9452 4.3
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.
29-11-2016 - 10:48 25-11-2016 - 13:59
CVE-2016-0782 3.5
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a J
28-11-2016 - 14:55 05-08-2016 - 11:59
CVE-2004-1857 2.1
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
17-10-2016 - 23:01 24-03-2004 - 00:00
CVE-2004-1589 4.3
Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID parameter to ReplyToQuestion.asp.
17-10-2016 - 22:57 31-12-2004 - 00:00
CVE-2004-1588 7.5
SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the (1) QuestionNumber and Category parameters to Forum.asp or (2) Username and Password parameter to Login_Exec.asp.
17-10-2016 - 22:57 31-12-2004 - 00:00
CVE-2004-1553 7.5
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum
17-10-2016 - 22:56 31-12-2004 - 00:00
CVE-2003-0215 7.5
SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields.
17-10-2016 - 22:30 12-05-2003 - 00:00
CVE-2003-0153 5.0
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.
17-10-2016 - 22:30 02-04-2003 - 00:00
CVE-2002-1334 6.8
Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi.
17-10-2016 - 22:26 11-12-2002 - 00:00
CVE-2002-0710 6.4
Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter.
17-10-2016 - 22:21 12-08-2002 - 00:00
CVE-2002-0346 7.5
Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.
17-10-2016 - 22:19 25-06-2002 - 00:00
CVE-2002-0263 7.5
Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, or (3) ezadmin.cgi.
17-10-2016 - 22:17 29-05-2002 - 00:00
CVE-2002-0230 5.0
Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message.
17-10-2016 - 22:17 16-05-2002 - 00:00
CVE-2002-0203 5.0
ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter.
17-10-2016 - 22:17 16-05-2002 - 00:00
CVE-2001-1205 5.0
Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable.
17-10-2016 - 22:14 30-12-2001 - 00:00
CVE-2001-1196 10.0
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
17-10-2016 - 22:14 17-12-2001 - 00:00
CVE-2001-0135 2.1
The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-2001-0123 5.0
Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-2000-0423 5.0
Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag.
17-10-2016 - 22:07 05-05-2000 - 00:00
CVE-1999-1374 5.0
perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request.
17-10-2016 - 22:03 02-05-2005 - 00:00
CVE-1999-1072 7.2
Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-ad
17-10-2016 - 22:00 30-11-1998 - 00:00
CVE-2015-4637 4.3
The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authe
21-07-2015 - 11:13 16-07-2015 - 10:59
CVE-2014-9632 7.2
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0
17-02-2015 - 10:28 06-02-2015 - 10:59
CVE-2014-7982 4.3
Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
09-10-2014 - 21:50 08-10-2014 - 15:55
CVE-2014-7984 7.5
Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.
09-10-2014 - 21:49 08-10-2014 - 15:55
CVE-2014-7983 4.3
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
09-10-2014 - 21:43 08-10-2014 - 15:55
CVE-2014-7981 7.5
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
09-10-2014 - 21:32 08-10-2014 - 15:55
CVE-2014-6631 4.3
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
09-10-2014 - 14:07 08-10-2014 - 15:55
CVE-2014-6632 7.5
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
09-10-2014 - 12:46 08-10-2014 - 15:55
CVE-2013-0584 5.0
The Data Replication Dashboard component in IBM InfoSphere Replication Server 9.7 and 10.x before 10.2.0.0-b113 allows remote attackers to obtain a list of all user accounts, along with information about whether each account requires a password, via
23-04-2013 - 00:00 23-04-2013 - 07:47
CVE-2012-4595 7.5
McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors.
10-04-2013 - 23:31 22-08-2012 - 06:42
CVE-2012-4554 5.0
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
12-11-2012 - 17:00 11-11-2012 - 08:00
CVE-2012-4553 6.8
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."
12-11-2012 - 16:56 11-11-2012 - 08:00
CVE-2011-4237 4.3
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting att
08-06-2012 - 23:38 03-05-2012 - 06:11
CVE-2011-3566 5.0
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vectors related to Web Container.
19-01-2012 - 00:00 18-01-2012 - 17:55
CVE-2005-4132 7.5
Unspecified "security leak" vulnerability in Contenido before 4.6.4, when register_globals is on and allow_url_fopen is true, has unspecified impact and attack vectors. NOTE: it is likely that this is a PHP remote file include vulnerability.
07-03-2011 - 21:27 09-12-2005 - 06:03
CVE-2005-2149 10.0
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
07-03-2011 - 21:23 06-07-2005 - 00:00
CVE-2005-2148 7.5
Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the att
07-03-2011 - 21:23 06-07-2005 - 00:00
CVE-2001-0099 10.0
bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.
07-03-2011 - 21:04 12-02-2001 - 00:00
CVE-2009-4599 7.5
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter
13-01-2010 - 08:06 12-01-2010 - 12:30
CVE-2004-1782 7.5
athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter.
10-09-2008 - 15:32 31-12-2004 - 00:00
CVE-2001-1283 7.5
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2
10-09-2008 - 15:10 12-10-2001 - 00:00
CVE-2001-1212 5.0
Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.
10-09-2008 - 15:09 18-12-2001 - 00:00
CVE-2000-0952 10.0
global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters.
10-09-2008 - 15:06 19-12-2000 - 00:00
CVE-2000-0526 5.0
mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
10-09-2008 - 15:04 09-06-2000 - 00:00
CVE-2000-0288 5.0
Infonautics getdoc.cgi allows remote attackers to bypass the payment phase for accessing documents via a modified form variable.
10-09-2008 - 15:04 12-04-2000 - 00:00
CVE-1999-0502 7.5
A Unix account has a default, null, blank, or missing password.
09-09-2008 - 08:34 01-03-1998 - 00:00
CVE-2005-2596 4.6
User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.
05-09-2008 - 16:52 17-08-2005 - 00:00
CVE-2004-2385 5.0
EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2334 4.3
Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-1106 6.8
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
05-09-2008 - 16:40 10-01-2005 - 00:00
CVE-2004-0522 10.0
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
05-09-2008 - 16:38 06-08-2004 - 00:00
CVE-2003-1227 7.5
PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vul
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2002-1526 4.3
Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field.
05-09-2008 - 16:30 02-04-2003 - 00:00
CVE-2002-0955 7.5
Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the r
05-09-2008 - 16:29 04-10-2002 - 00:00
CVE-2002-0917 7.5
CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users.
05-09-2008 - 16:29 04-10-2002 - 00:00
CVE-2002-0752 5.0
CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file.
05-09-2008 - 16:28 12-08-2002 - 00:00
CVE-2002-0751 7.5
CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters.
05-09-2008 - 16:28 12-08-2002 - 00:00
CVE-2002-0750 5.0
CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field.
05-09-2008 - 16:28 12-08-2002 - 00:00
CVE-2002-0749 7.5
CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field.
05-09-2008 - 16:28 12-08-2002 - 00:00
CVE-2002-0611 5.0
Directory traversal vulnerability in FileSeek.cgi allows remote attackers to read arbitrary files via a ....// (modified dot dot) in the (1) head or (2) foot parameters, which are not properly filtered.
05-09-2008 - 16:28 18-06-2002 - 00:00
CVE-2002-0434 10.0
Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter.
05-09-2008 - 16:28 26-07-2002 - 00:00
CVE-2001-1343 7.5
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.
05-09-2008 - 16:26 12-06-2001 - 00:00
CVE-2001-1100 7.5
sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.
05-09-2008 - 16:25 07-10-2001 - 00:00
CVE-2001-0562 7.5
a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters.
05-09-2008 - 16:24 14-08-2001 - 00:00
CVE-2001-0420 5.0
Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter.
05-09-2008 - 16:24 18-06-2001 - 00:00
CVE-2001-0180 10.0
Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter.
05-09-2008 - 16:23 03-05-2001 - 00:00
CVE-2001-0133 10.0
The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTT
05-09-2008 - 16:23 12-03-2001 - 00:00
CVE-2001-0100 10.0
bslist.cgi mailing list script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.
05-09-2008 - 16:23 12-02-2001 - 00:00
CVE-2001-0076 10.0
register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed.
05-09-2008 - 16:23 12-02-2001 - 00:00
CVE-2001-0023 10.0
everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter.
05-09-2008 - 16:23 12-02-2001 - 00:00
CVE-2001-0022 10.0
simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter.
05-09-2008 - 16:23 12-02-2001 - 00:00
CVE-2000-1132 6.4
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
05-09-2008 - 16:22 09-01-2001 - 00:00
CVE-2000-1131 7.5
Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable.
05-09-2008 - 16:22 09-01-2001 - 00:00
CVE-2000-1023 7.5
The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program.
05-09-2008 - 16:22 11-12-2000 - 00:00
CVE-2000-0977 5.0
mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0923 7.5
authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-1999-1377 5.0
Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
05-09-2008 - 16:19 09-09-1999 - 00:00
CVE-1999-0937 10.0
BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.
02-05-2005 - 00:00 03-12-1998 - 00:00
CVE-1999-0935 10.0
classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.
02-05-2005 - 00:00 15-12-1999 - 00:00
CVE-1999-0934 5.0
classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters.
02-05-2005 - 00:00 15-12-1999 - 00:00
Back to Top Mark selected
Back to Top