| Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-10139 | 2.1 |
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deploymen
|
12-02-2023 - 23:32 | 17-05-2019 - 16:29 | |
| CVE-2019-10139 | 2.1 |
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deploymen
|
30-09-2020 - 14:09 | 17-05-2019 - 16:29 | |
| CVE-2006-2908 | 7.5 |
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (execu
|
18-10-2018 - 16:43 | 13-06-2006 - 01:02 | |
| CVE-2014-1824 | 9.3 |
Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted Jo
|
12-10-2018 - 22:06 | 08-07-2014 - 22:55 | |
| CVE-2003-1089 | 5.0 |
index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message.
|
11-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2016-9456 | 6.8 |
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues we
|
30-03-2017 - 01:59 | 28-03-2017 - 02:59 | |
| CVE-2016-9457 | 3.5 |
Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_star
|
30-03-2017 - 01:59 | 28-03-2017 - 02:59 | |
| CVE-2016-9455 | 6.8 |
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanc
|
30-03-2017 - 01:59 | 28-03-2017 - 02:59 | |
| CVE-2016-9454 | 3.5 |
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped wh
|
30-03-2017 - 01:59 | 28-03-2017 - 02:59 | |
| CVE-2010-0683 | 6.0 |
Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative c
|
26-02-2010 - 05:00 | 25-02-2010 - 19:30 |