| Max CVSS | 10.0 | Min CVSS | 3.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-8641 | 7.2 |
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the file
|
12-02-2023 - 23:26 | 01-08-2018 - 14:29 | |
| CVE-2016-10027 | 4.3 |
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "s
|
23-02-2021 - 16:13 | 12-01-2017 - 23:59 | |
| CVE-2016-10037 | 7.5 |
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.
|
14-11-2019 - 20:04 | 24-12-2016 - 11:59 | |
| CVE-2015-8272 | 4.3 |
RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).
|
04-11-2017 - 01:29 | 13-04-2017 - 14:59 | |
| CVE-2015-8271 | 7.5 |
The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.
|
04-11-2017 - 01:29 | 13-04-2017 - 14:59 | |
| CVE-2015-8270 | 5.0 |
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).
|
04-11-2017 - 01:29 | 13-04-2017 - 14:59 | |
| CVE-2010-1957 | 7.5 |
Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
17-08-2017 - 01:32 | 19-05-2010 - 12:07 | |
| CVE-2017-6708 | 7.5 |
A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system.
|
13-07-2017 - 01:29 | 06-07-2017 - 00:29 | |
| CVE-2004-2319 | 3.6 |
IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.
|
11-07-2017 - 01:31 | 31-12-2004 - 05:00 | |
| CVE-2004-2131 | 7.2 |
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.
|
11-07-2017 - 01:31 | 27-01-2004 - 05:00 | |
| CVE-2013-7459 | 7.5 |
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
|
01-07-2017 - 01:29 | 15-02-2017 - 15:59 | |
| CVE-2016-8961 | 5.8 |
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displa
|
13-02-2017 - 22:39 | 01-02-2017 - 20:59 | |
| CVE-2015-8790 | 4.3 |
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.
|
20-01-2017 - 02:59 | 29-01-2016 - 19:59 | |
| CVE-2015-2867 | 10.0 |
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.
|
11-01-2017 - 02:59 | 06-01-2017 - 21:59 |