Max CVSS 10.0 Min CVSS 1.9 Total Count107
IDCVSSSummaryLast (major) updatePublished
CVE-2018-10507 None
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have adminis
12-06-2018 - 13:29 12-06-2018 - 13:29
CVE-2018-6619 2.1
Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt.
11-05-2018 - 17:29 11-05-2018 - 17:29
CVE-2018-6618 2.1
Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage.
11-05-2018 - 17:29 11-05-2018 - 17:29
CVE-2018-6617 2.1
Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.
11-05-2018 - 17:29 11-05-2018 - 17:29
CVE-2018-6458 6.8
Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.
11-05-2018 - 17:29 11-05-2018 - 17:29
CVE-2018-6362 4.3
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie.
11-05-2018 - 17:29 11-05-2018 - 17:29
CVE-2018-6361 4.3
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account.
11-05-2018 - 17:29 11-05-2018 - 17:29
CVE-2018-10655 6.8
DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH).
10-05-2018 - 10:29 10-05-2018 - 10:29
CVE-2018-9233 2.1
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malwa
05-04-2018 - 13:29 05-04-2018 - 13:29
CVE-2018-4863 2.1
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.
05-04-2018 - 13:29 05-04-2018 - 13:29
CVE-2018-7658 5.0
NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause a denial of service (daemon crash) by sending exactly 11 bytes.
26-03-2018 - 17:29 26-03-2018 - 17:29
CVE-2018-7756 10.0
RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command
14-03-2018 - 21:29 14-03-2018 - 21:29
CVE-2018-7582 5.0
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991.
09-03-2018 - 15:29 09-03-2018 - 15:29
CVE-2018-7581 4.6
\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin.
09-03-2018 - 15:29 09-03-2018 - 15:29
CVE-2018-7583 5.0
Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500.
03-03-2018 - 20:29 03-03-2018 - 20:29
CVE-2018-7449 5.0
SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command.
03-03-2018 - 20:29 03-03-2018 - 20:29
CVE-2018-6941 6.8
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.
20-02-2018 - 10:29 20-02-2018 - 10:29
CVE-2018-6940 4.3
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF.
20-02-2018 - 10:29 20-02-2018 - 10:29
CVE-2018-6892 7.5
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result i
11-02-2018 - 13:29 11-02-2018 - 13:29
CVE-2017-9414 6.8
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly
05-02-2018 - 11:29 05-02-2018 - 11:29
CVE-2018-6461 9.3
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or
05-02-2018 - 02:29 05-02-2018 - 02:29
CVE-2017-10273 3.7
Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerab
17-01-2018 - 21:29 17-01-2018 - 21:29
CVE-2018-5221 6.8
Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property.
09-01-2018 - 11:29 09-01-2018 - 11:29
CVE-2017-17055 8.5
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.
06-12-2017 - 21:29 06-12-2017 - 21:29
CVE-2017-16884 4.3
Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.
06-12-2017 - 21:29 06-12-2017 - 21:29
CVE-2017-12969 6.8
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open m
09-11-2017 - 21:29 09-11-2017 - 21:29
CVE-2017-11309 6.8
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
09-11-2017 - 21:29 09-11-2017 - 21:29
CVE-2017-6331 3.6
Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.
06-11-2017 - 18:29 06-11-2017 - 18:29
CVE-2015-2878 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accou
23-10-2017 - 14:29 23-10-2017 - 14:29
CVE-2017-14089 7.5
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
05-10-2017 - 21:29 05-10-2017 - 21:29
CVE-2017-14087 5.0
A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
05-10-2017 - 21:29 05-10-2017 - 21:29
CVE-2017-14086 7.8
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may ca
05-10-2017 - 21:29 05-10-2017 - 21:29
CVE-2017-14085 5.0
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
05-10-2017 - 21:29 05-10-2017 - 21:29
CVE-2017-14084 6.8
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
05-10-2017 - 21:29 05-10-2017 - 21:29
CVE-2017-14083 5.0
A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.
05-10-2017 - 21:29 05-10-2017 - 21:29
CVE-2015-7293 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-7347 3.5
Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.
20-09-2017 - 14:29 20-09-2017 - 14:29
CVE-2017-11567 6.8
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leverage
07-09-2017 - 09:29 07-09-2017 - 09:29
CVE-2015-5958 9.3
phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.
31-08-2017 - 18:29 31-08-2017 - 18:29
CVE-2017-12971 4.3
Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php.
23-08-2017 - 12:29 23-08-2017 - 12:29
CVE-2017-12970 6.8
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.
23-08-2017 - 12:29 23-08-2017 - 12:29
CVE-2017-12965 7.5
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
23-08-2017 - 12:29 23-08-2017 - 12:29
CVE-2017-9413 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmi
25-07-2017 - 14:29 25-07-2017 - 14:29
CVE-2017-9415 5.1
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
21-07-2017 - 10:29 21-07-2017 - 10:29
CVE-2017-10974 5.0
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was appa
07-07-2017 - 07:29 07-07-2017 - 07:29
CVE-2015-7346 7.5
SQL injection vulnerability in ZCMS 1.1.
07-06-2017 - 17:29 07-06-2017 - 17:29
CVE-2017-9355 4.3
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
07-06-2017 - 15:29 07-06-2017 - 15:29
CVE-2017-9046 4.4
winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking o
21-05-2017 - 10:29 21-05-2017 - 10:29
CVE-2017-9024 5.0
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.
21-05-2017 - 10:29 21-05-2017 - 10:29
CVE-2017-7620 4.3
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which
21-05-2017 - 10:29 21-05-2017 - 10:29
CVE-2017-8928 6.8
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.
14-05-2017 - 18:29 14-05-2017 - 18:29
CVE-2016-4313 6.8
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.
01-05-2017 - 21:59 24-04-2017 - 14:59
CVE-2017-7457 1.9
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
21-04-2017 - 14:24 14-04-2017 - 10:59
CVE-2017-7615 6.5
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
21-04-2017 - 12:08 16-04-2017 - 10:59
CVE-2017-7725 4.3
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any
20-04-2017 - 17:15 13-04-2017 - 13:59
CVE-2017-7455 5.0
Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.
20-04-2017 - 14:08 14-04-2017 - 10:59
CVE-2017-7456 5.0
Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.
20-04-2017 - 14:08 14-04-2017 - 10:59
CVE-2017-3006 9.0
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.
19-04-2017 - 19:33 12-04-2017 - 10:59
CVE-2017-5607 4.3
Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window name
17-04-2017 - 09:26 10-04-2017 - 11:59
CVE-2017-7237 7.5
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP po
12-04-2017 - 15:27 06-04-2017 - 11:59
CVE-2017-7183 5.0
The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
31-03-2017 - 07:51 27-03-2017 - 13:59
CVE-2017-0045 4.3
Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site
24-03-2017 - 07:01 16-03-2017 - 20:59
CVE-2017-6805 5.0
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
23-03-2017 - 11:08 20-03-2017 - 12:59
CVE-2017-5496 5.0
Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.
21-03-2017 - 14:43 15-03-2017 - 11:59
CVE-2017-5359 5.0
EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.
21-03-2017 - 11:18 15-03-2017 - 11:59
CVE-2017-5358 7.5
Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.
21-03-2017 - 11:17 15-03-2017 - 11:59
CVE-2017-5630 5.0
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess ove
28-02-2017 - 10:34 01-02-2017 - 18:59
CVE-2016-4312 6.0
XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, co
22-02-2017 - 11:23 16-02-2017 - 21:59
CVE-2016-4311 6.8
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-s
22-02-2017 - 11:20 16-02-2017 - 21:59
CVE-2016-4316 4.3
Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to w
17-02-2017 - 12:42 16-02-2017 - 21:59
CVE-2016-4314 4.0
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.
17-02-2017 - 12:42 16-02-2017 - 21:59
CVE-2016-4315 3.5
Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp.
17-02-2017 - 12:35 16-02-2017 - 21:59
CVE-2016-8328 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2016-1417 6.8
Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that
27-01-2017 - 13:25 23-01-2017 - 16:59
CVE-2017-5473 6.8
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/passwo
26-01-2017 - 13:15 14-01-2017 - 02:59
CVE-2016-5715 5.8
Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirec
17-01-2017 - 11:32 12-01-2017 - 18:59
CVE-2016-7866 10.0
Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
21-12-2016 - 22:00 15-12-2016 - 01:59
CVE-2015-6973 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2
21-12-2016 - 22:00 16-09-2015 - 15:59
CVE-2015-5354 5.8
Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.
07-12-2016 - 13:16 01-07-2015 - 12:59
CVE-2015-5353 7.5
Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/.
07-12-2016 - 13:16 01-07-2015 - 12:59
CVE-2015-5064 4.3
Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name parameter to (1) tabella.php, (2) coloni.php, or (3) in
07-12-2016 - 13:15 24-06-2015 - 10:59
CVE-2015-5062 5.8
Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.
07-12-2016 - 13:15 24-06-2015 - 10:59
CVE-2015-4660 4.3
Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php.
07-12-2016 - 13:13 18-06-2015 - 14:59
CVE-2016-4309 7.6
Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.
28-11-2016 - 15:17 30-06-2016 - 13:59
CVE-2016-3378 5.8
Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and condu
28-11-2016 - 15:09 14-09-2016 - 06:59
CVE-2015-5066 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q par
28-11-2016 - 14:31 24-06-2015 - 10:59
CVE-2015-4661 4.3
Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to system/authors.
28-11-2016 - 14:29 18-06-2015 - 14:59
CVE-2015-2873 5.5
Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive informat
28-11-2016 - 14:22 23-08-2015 - 11:59
CVE-2015-2872 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versio
28-11-2016 - 14:22 23-08-2015 - 11:59
CVE-2016-5537 4.6
Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has
09-11-2016 - 14:15 25-10-2016 - 10:30
CVE-2016-5304 4.9
Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vecto
01-07-2016 - 19:13 30-06-2016 - 19:59
CVE-2016-3653 6.0
Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.
01-07-2016 - 19:11 30-06-2016 - 19:59
CVE-2016-3652 3.5
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
01-07-2016 - 19:11 30-06-2016 - 19:59
CVE-2016-2078 4.3
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parame
16-06-2016 - 10:03 08-06-2016 - 10:59
CVE-2015-7360 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) u
26-05-2016 - 18:13 26-05-2016 - 11:59
CVE-2015-2023 7.2
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.
07-01-2016 - 15:10 02-01-2016 - 16:59
CVE-2015-7422 2.1
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors.
07-01-2016 - 15:08 02-01-2016 - 16:59
CVE-2015-8038 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog.
03-11-2015 - 18:12 02-11-2015 - 14:59
CVE-2015-8037 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory.
03-11-2015 - 18:11 02-11-2015 - 14:59
CVE-2015-7707 6.5
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
06-10-2015 - 14:13 05-10-2015 - 11:59
CVE-2015-6972 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName par
17-09-2015 - 21:54 16-09-2015 - 15:59
CVE-2015-6945 4.3
Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp.
16-09-2015 - 10:48 15-09-2015 - 14:59
CVE-2015-6944 6.8
Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp.
16-09-2015 - 10:46 15-09-2015 - 14:59
CVE-2015-6529 4.3
Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.
21-08-2015 - 11:19 20-08-2015 - 16:59
CVE-2015-6518 4.3
Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) droptable parameter, or (3) table parameter to phpliteadmin.php.
19-08-2015 - 22:40 18-08-2015 - 14:00
CVE-2015-5063 4.3
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.
24-06-2015 - 14:53 24-06-2015 - 10:59
CVE-2013-1636 4.3
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4
14-03-2014 - 14:39 12-03-2014 - 10:55
Back to Top Mark selected
Back to Top