|Max CVSS||10.0||Min CVSS||4.3||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
|08-08-2019 - 14:33||14-06-2007 - 23:30|
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier
|15-10-2018 - 21:41||01-10-2007 - 05:17|
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
|15-10-2018 - 21:40||07-11-2007 - 23:46|
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third
|15-10-2018 - 21:32||05-09-2007 - 10:17|
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which mak
|29-09-2017 - 01:29||14-11-2007 - 01:46|
OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent.
|29-09-2017 - 01:29||30-10-2007 - 19:46|
SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.
|29-07-2017 - 01:34||20-11-2007 - 11:46|
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, di
|29-07-2017 - 01:33||30-10-2007 - 21:46|
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
|29-07-2017 - 01:31||25-05-2007 - 18:30|
Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
|29-07-2017 - 01:31||17-05-2007 - 19:30|
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers
|07-03-2011 - 05:00||30-10-2007 - 19:46|
Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.
|15-11-2008 - 05:00||29-11-2007 - 01:46|