Max CVSS 10.0 Min CVSS 2.6 Total Count156
IDCVSSSummaryLast (major) updatePublished
CVE-2017-14854 7.5
A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25.
03-06-2019 - 16:29 03-06-2019 - 16:29
CVE-2017-14853 10.0
The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive vali
03-06-2019 - 15:29 03-06-2019 - 15:29
CVE-2017-14852 5.0
An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.
03-06-2019 - 15:29 03-06-2019 - 15:29
CVE-2017-14851 7.5
A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypas
03-06-2019 - 15:29 03-06-2019 - 15:29
CVE-2017-14850 4.3
All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions
03-06-2019 - 15:29 03-06-2019 - 15:29
CVE-2017-14728 7.5
An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and
03-06-2019 - 15:29 03-06-2019 - 15:29
CVE-2019-6158 4.3
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA version
03-05-2019 - 16:29 03-05-2019 - 16:29
CVE-2019-3400 4.3
The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter.
03-05-2019 - 16:29 03-05-2019 - 16:29
CVE-2019-1857 6.8
A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerab
03-05-2019 - 13:29 03-05-2019 - 13:29
CVE-2019-1838 3.5
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management
03-05-2019 - 13:29 03-05-2019 - 13:29
CVE-2019-1708 7.8
A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remot
03-05-2019 - 13:29 03-05-2019 - 12:29
CVE-2019-1694 7.8
A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a d
03-05-2019 - 11:29 03-05-2019 - 11:29
CVE-2018-17922 5.0
Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication.
02-11-2018 - 11:29 02-11-2018 - 11:29
CVE-2018-17918 7.5
Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.
02-11-2018 - 11:29 02-11-2018 - 11:29
CVE-2018-2959 4.3
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). The supported version that is affected is 18.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to comp
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-2806 5.8
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2017-16368 9.3
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer ove
09-12-2017 - 01:29 09-12-2017 - 01:29
CVE-2017-14315 7.9
In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands se
12-09-2017 - 11:29 12-09-2017 - 11:29
CVE-2016-5860 7.6
In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow.
16-08-2017 - 11:29 16-08-2017 - 11:29
CVE-2017-10023 4.0
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-8512 9.3
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, C
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0606 7.6
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privilege
12-05-2017 - 11:29 12-05-2017 - 11:29
CVE-2016-10287 7.6
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privilege
12-05-2017 - 11:29 12-05-2017 - 11:29
CVE-2016-10286 7.6
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privilege
12-05-2017 - 11:29 12-05-2017 - 11:29
CVE-2016-10285 7.6
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privilege
12-05-2017 - 11:29 12-05-2017 - 11:29
CVE-2016-10284 7.6
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privilege
12-05-2017 - 11:29 12-05-2017 - 11:29
CVE-2016-10283 7.6
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privilege
12-05-2017 - 11:29 12-05-2017 - 11:29
CVE-2017-0228 7.6
A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0229,
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2017-1141 4.0
IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907.
10-05-2017 - 13:38 28-04-2017 - 13:59
CVE-2015-9004 9.3
kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.
05-05-2017 - 21:29 02-05-2017 - 17:59
CVE-2017-3475 4.0
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily "exploitable" vulnerability allo
04-05-2017 - 09:50 24-04-2017 - 15:59
CVE-2016-5387 5.1
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an app
20-03-2017 - 21:59 18-07-2016 - 22:00
CVE-2005-0210 4.9
Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of service (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice.
19-02-2017 - 00:07 02-05-2005 - 00:00
CVE-2015-7979 5.0
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
07-02-2017 - 09:58 30-01-2017 - 16:59
CVE-2017-5610 5.0
wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.
05-02-2017 - 15:48 29-01-2017 - 23:59
CVE-2017-5611 7.5
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post typ
05-02-2017 - 15:46 29-01-2017 - 23:59
CVE-2017-5612 4.3
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.
03-02-2017 - 11:08 29-01-2017 - 23:59
CVE-2014-4655 4.9
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow an
06-01-2017 - 22:00 03-07-2014 - 00:22
CVE-2014-4654 4.9
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and
06-01-2017 - 22:00 03-07-2014 - 00:22
CVE-2014-4653 6.6
sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from ke
06-01-2017 - 22:00 03-07-2014 - 00:22
CVE-2014-2005 6.9
Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by le
06-01-2017 - 21:59 25-06-2014 - 07:19
CVE-2014-1544 10.0
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to e
06-01-2017 - 21:59 23-07-2014 - 07:12
CVE-2016-9204 6.4
A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus 1000V InterCloud is affected. More Information: CSC
04-01-2017 - 09:35 13-12-2016 - 19:59
CVE-2015-7180 7.5
The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and appl
21-12-2016 - 22:00 24-09-2015 - 00:59
CVE-2015-7179 7.5
The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to
21-12-2016 - 22:00 24-09-2015 - 00:59
CVE-2015-7178 7.5
The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of
21-12-2016 - 22:00 24-09-2015 - 00:59
CVE-2015-7177 7.5
The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vector
21-12-2016 - 22:00 24-09-2015 - 00:59
CVE-2015-7176 7.5
The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and applicati
21-12-2016 - 22:00 24-09-2015 - 00:59
CVE-2015-7175 7.5
The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via
21-12-2016 - 22:00 24-09-2015 - 00:59
CVE-2015-7174 7.5
The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via
21-12-2016 - 22:00 24-09-2015 - 00:59
CVE-2015-4522 7.5
The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact v
21-12-2016 - 21:59 24-09-2015 - 00:59
CVE-2015-4521 7.5
The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknow
21-12-2016 - 21:59 24-09-2015 - 00:59
CVE-2015-4520 6.4
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* re
21-12-2016 - 21:59 24-09-2015 - 00:59
CVE-2015-4519 4.3
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an
21-12-2016 - 21:59 24-09-2015 - 00:59
CVE-2015-4517 7.5
NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
21-12-2016 - 21:59 24-09-2015 - 00:59
CVE-2015-4511 6.8
Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video.
21-12-2016 - 21:59 24-09-2015 - 00:59
CVE-2015-4509 7.5
Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media elemen
21-12-2016 - 21:59 24-09-2015 - 00:59
CVE-2015-4506 6.8
Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file.
21-12-2016 - 21:59 24-09-2015 - 00:59
CVE-2015-4501 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
21-12-2016 - 21:59 24-09-2015 - 00:59
CVE-2015-4500 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
21-12-2016 - 21:59 24-09-2015 - 00:59
CVE-2012-4558 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remo
07-12-2016 - 22:02 26-02-2013 - 11:55
CVE-2012-3499 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagema
07-12-2016 - 22:02 26-02-2013 - 11:55
CVE-2015-8719 4.3
The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a cra
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8717 4.3
The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a craft
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8716 4.3
The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a c
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8715 4.3
epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8714 4.3
The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8713 4.3
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and applicat
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8712 4.3
The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application cras
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-6406 4.0
Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781.
07-12-2016 - 13:20 12-12-2015 - 22:59
CVE-2015-8785 4.9
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
05-12-2016 - 22:04 07-02-2016 - 22:59
CVE-2015-7581 5.0
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an app
05-12-2016 - 22:03 15-02-2016 - 21:59
CVE-2015-8784 4.3
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
02-12-2016 - 22:14 13-04-2016 - 13:59
CVE-2015-7555 4.3
Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file.
02-12-2016 - 22:13 13-04-2016 - 11:59
CVE-2016-1000138 4.3
Reflected XSS in wordpress plugin indexisto v1.0.5
28-11-2016 - 14:56 10-10-2016 - 16:59
CVE-2015-4656 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demo
28-11-2016 - 14:29 18-06-2015 - 14:59
CVE-2010-5107 5.0
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodi
28-11-2016 - 14:07 07-03-2013 - 15:55
CVE-2013-5890 5.5
Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Except
17-11-2016 - 15:53 15-01-2014 - 11:11
CVE-2005-2876 7.2
umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just
17-10-2016 - 23:31 13-09-2005 - 19:03
CVE-2004-0842 7.5
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based b
17-10-2016 - 22:49 23-12-2004 - 00:00
CVE-2002-0106 5.0
BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.
17-10-2016 - 22:16 25-03-2002 - 00:00
CVE-2001-0822 5.0
FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets.
17-10-2016 - 22:12 06-12-2001 - 00:00
CVE-1999-1527 7.5
Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer 3.0 Beta and Forte Community Edition 1.0 Beta does not properly restrict access to IP addresses as specified in its configuration, which allows arbitrary remote attackers to access t
17-10-2016 - 22:05 23-11-1999 - 00:00
CVE-2012-3456 7.5
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute
22-08-2016 - 22:05 20-08-2012 - 14:55
CVE-2014-3433 4.3
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" iss
24-07-2014 - 01:00 27-06-2014 - 10:55
CVE-2014-3432 4.3
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field.
24-07-2014 - 01:00 27-06-2014 - 10:55
CVE-2014-1997 7.8
The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier allows remote attackers to cause a denial of service via unspecified vectors.
18-06-2014 - 00:31 05-06-2014 - 13:55
CVE-2013-3533 7.5
Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors.
13-05-2013 - 00:00 10-05-2013 - 17:55
CVE-2012-3455 7.5
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute a
11-10-2012 - 23:29 20-08-2012 - 15:55
CVE-2011-5133 10.0
Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."
13-09-2012 - 00:00 30-08-2012 - 18:55
CVE-2011-5132 4.3
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX."
13-09-2012 - 00:00 30-08-2012 - 18:55
CVE-2011-5131 6.8
Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter.
13-09-2012 - 00:00 30-08-2012 - 18:55
CVE-2012-2080 6.8
Cross-site request forgery (CSRF) vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitnumber permission for requests that delete limits.
15-08-2012 - 00:00 14-08-2012 - 19:55
CVE-2009-4274 7.5
Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted hea
18-01-2012 - 22:43 12-02-2010 - 16:30
CVE-2011-1277 9.3
Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of s
26-10-2011 - 23:24 16-06-2011 - 16:55
CVE-2007-3903 6.8
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-
03-10-2011 - 00:00 11-12-2007 - 19:46
CVE-2011-1863 7.5
HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors.
21-09-2011 - 23:31 14-06-2011 - 13:55
CVE-2011-1862 4.3
Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
21-09-2011 - 23:31 14-06-2011 - 13:55
CVE-2011-1861 8.3
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors.
21-09-2011 - 23:31 14-06-2011 - 13:55
CVE-2011-1860 5.0
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors.
21-09-2011 - 23:31 14-06-2011 - 13:55
CVE-2011-1859 5.0
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown vectors.
21-09-2011 - 23:31 14-06-2011 - 13:55
CVE-2011-1858 4.3
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows local users to bypass intended access restrictions via unknown vectors.
21-09-2011 - 23:31 14-06-2011 - 13:55
CVE-2011-1857 8.2
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
21-09-2011 - 23:31 14-06-2011 - 13:55
CVE-2011-1279 9.3
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code
20-09-2011 - 23:29 16-06-2011 - 16:55
CVE-2011-2201 4.3
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.
14-09-2011 - 00:00 14-09-2011 - 12:05
CVE-2011-2467 5.8
SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors.
06-09-2011 - 23:17 26-07-2011 - 22:55
CVE-2011-1278 9.3
Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
06-09-2011 - 23:15 16-06-2011 - 16:55
CVE-2006-2439 7.6
Stack-based buffer overflow in ZipCentral 4.01 allows remote user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.
28-07-2011 - 00:00 01-06-2006 - 06:02
CVE-2008-0116 9.3
Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerabilit
18-04-2011 - 00:00 11-03-2008 - 19:44
CVE-2006-5645 5.0
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malforme
07-04-2011 - 00:00 01-11-2006 - 10:07
CVE-2011-0167 4.3
The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.
30-03-2011 - 23:29 11-03-2011 - 17:55
CVE-2009-0018 7.8
The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory.
07-03-2011 - 22:17 12-02-2009 - 19:30
CVE-2008-1878 7.5
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
07-03-2011 - 22:07 17-04-2008 - 18:05
CVE-2008-1281 5.0
Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
07-03-2011 - 22:06 10-03-2008 - 19:44
CVE-2008-1280 5.0
Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, wh
07-03-2011 - 22:06 10-03-2008 - 19:44
CVE-2008-1279 5.0
Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length fi
07-03-2011 - 22:06 10-03-2008 - 19:44
CVE-2008-0115 9.3
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerabil
07-03-2011 - 22:03 11-03-2008 - 19:44
CVE-2008-0114 9.3
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
07-03-2011 - 22:03 11-03-2008 - 19:44
CVE-2007-4350 4.3
Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message.
07-03-2011 - 21:58 21-10-2008 - 14:00
CVE-2007-2239 9.3
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allo
07-03-2011 - 21:53 07-05-2007 - 15:19
CVE-2007-1361 4.3
Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376.
07-03-2011 - 21:52 08-03-2007 - 17:19
CVE-2006-6855 5.0
AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from thir
07-03-2011 - 21:47 31-12-2006 - 00:00
CVE-2006-4839 5.0
Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.
07-03-2011 - 21:42 01-11-2006 - 10:07
CVE-2006-3369 5.0
Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
07-03-2011 - 21:38 06-07-2006 - 16:05
CVE-2006-2726 7.5
PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the config[fsBase] parameter in (1) drucken.php, (2) drucken2.php, (3) email_an_benutzer.php, (4) rechnung.php, (5) suche/search
07-03-2011 - 21:36 01-06-2006 - 06:02
CVE-2006-2693 7.1
Directory traversal vulnerability in admin/admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a ".." in the phpEx parameter.
07-03-2011 - 21:36 31-05-2006 - 06:06
CVE-2006-2689 6.8
Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and t
07-03-2011 - 21:36 31-05-2006 - 06:06
CVE-2006-2653 2.6
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.
07-03-2011 - 21:36 30-05-2006 - 06:02
CVE-2006-2638 6.4
SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter.
07-03-2011 - 21:36 30-05-2006 - 06:02
CVE-2006-5647 6.4
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM
07-03-2011 - 00:00 01-11-2006 - 10:07
CVE-2006-5646 5.0
Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory
07-03-2011 - 00:00 01-11-2006 - 10:07
CVE-2010-0606 3.5
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.
03-11-2010 - 14:16 11-02-2010 - 12:30
CVE-2006-2453 7.5
Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.
21-08-2010 - 00:47 28-05-2006 - 06:06
CVE-2010-1008 4.3
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
22-03-2010 - 00:00 19-03-2010 - 15:00
CVE-2010-0605 7.5
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
12-02-2010 - 00:00 11-02-2010 - 12:30
CVE-2009-3227 4.3
Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to inject arbitrary web script or HTML via the city parameter in a search action.
17-09-2009 - 00:00 16-09-2009 - 15:30
CVE-2009-3226 7.5
SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action. NOTE
17-09-2009 - 00:00 16-09-2009 - 15:30
CVE-2009-3225 4.3
Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse
17-09-2009 - 00:00 16-09-2009 - 15:30
CVE-2008-7133 4.3
Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber
01-09-2009 - 00:00 01-09-2009 - 12:30
CVE-2006-7237 7.5
PHP remote file inclusion vulnerability in mod/nc_phpmyadmin/core/libraries/Theme_Manager.class.php in Ixprim 2.0 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information i
31-03-2009 - 00:00 31-03-2009 - 13:30
CVE-2007-5133 7.1
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as de
15-11-2008 - 01:59 27-09-2007 - 15:17
CVE-2007-3671 7.8
Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07.
15-11-2008 - 01:53 10-07-2007 - 15:30
CVE-2008-1371 3.6
Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the deta
05-09-2008 - 17:37 18-03-2008 - 13:44
CVE-2008-0856 7.5
Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtai
05-09-2008 - 17:36 20-02-2008 - 19:44
CVE-2006-2750 4.3
Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected i
05-09-2008 - 17:05 01-06-2006 - 06:02
CVE-2006-2749 6.4
SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.
05-09-2008 - 17:05 01-06-2006 - 06:02
CVE-2006-2748 6.4
SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter
05-09-2008 - 17:05 01-06-2006 - 06:02
CVE-2006-2723 5.0
Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified.
05-09-2008 - 17:05 31-05-2006 - 21:02
CVE-2005-4721 4.3
Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER 3.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
05-09-2008 - 16:57 31-12-2005 - 00:00
CVE-2005-4220 7.8
Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing be
05-09-2008 - 16:56 14-12-2005 - 06:03
CVE-2003-1101 5.0
Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message.
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2002-1593 5.0
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
05-09-2008 - 16:31 25-09-2002 - 00:00
CVE-2002-0910 7.5
Buffer overflows in netstd 3.07-17 package allows remote DNS servers to execute arbitrary code via a long FQDN reply, as observed in the utilities (1) linux-ftpd, (2) pcnfsd, (3) tftp, (4) traceroute, or (5) from/to.
05-09-2008 - 16:29 04-10-2002 - 00:00
CVE-2008-2837 7.5
SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter.
05-09-2008 - 00:00 24-06-2008 - 15:41
CVE-2008-1327 7.5
Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third
05-09-2008 - 00:00 13-03-2008 - 10:44
CVE-2008-1326 4.3
Cross-site scripting (XSS) vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from th
05-09-2008 - 00:00 13-03-2008 - 10:44
Back to Top Mark selected
Back to Top