Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-9810 | 6.8 |
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenti
|
03-10-2019 - 00:03 | 17-07-2017 - 21:29 | |
CVE-2017-8558 | 9.3 |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10
|
03-10-2019 - 00:03 | 29-06-2017 - 13:29 | |
CVE-2018-7466 | 6.0 |
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
|
05-03-2019 - 13:21 | 25-02-2018 - 07:29 | |
CVE-2007-4067 | 9.3 |
Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to
|
29-09-2017 - 01:29 | 30-07-2007 - 17:30 | |
CVE-2017-9811 | 10.0 |
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate t
|
12-08-2017 - 01:29 | 17-07-2017 - 21:29 | |
CVE-2017-9812 | 5.0 |
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.
|
12-08-2017 - 01:29 | 17-07-2017 - 21:29 | |
CVE-2017-9813 | 4.3 |
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).
|
12-08-2017 - 01:29 | 17-07-2017 - 21:29 | |
CVE-2016-7508 | 6.0 |
Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding.
|
12-08-2017 - 01:29 | 21-06-2017 - 20:29 | |
CVE-2017-1297 | 4.4 |
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force I
|
12-08-2017 - 01:29 | 27-06-2017 - 16:29 |