Max CVSS 10.0 Min CVSS 1.9 Total Count250
IDCVSSSummaryLast (major) updatePublished
CVE-2018-4416 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4386 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4384 6.8
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, watchOS 5.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4382 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4367 7.5
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4366 5.0
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-18798 7.5
Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view.
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-18762 4.3
SaltOS 3.1 r8126 contains a database download vulnerability.
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-19043 5.0
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.
31-01-2019 - 14:29 31-01-2019 - 14:29
CVE-2018-19042 5.0
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI.
31-01-2019 - 14:29 31-01-2019 - 14:29
CVE-2018-19041 4.3
The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
31-01-2019 - 14:29 31-01-2019 - 14:29
CVE-2018-19040 5.0
The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
31-01-2019 - 14:29 31-01-2019 - 14:29
CVE-2018-18923 7.5
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id a
13-12-2018 - 14:29 13-12-2018 - 14:29
CVE-2018-18860 7.2
A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root.
30-11-2018 - 13:29 30-11-2018 - 13:29
CVE-2018-15768 4.0
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.
30-11-2018 - 12:29 30-11-2018 - 12:29
CVE-2018-15767 9.0
The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file.
30-11-2018 - 12:29 30-11-2018 - 12:29
CVE-2018-18619 7.5
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute th
29-11-2018 - 17:29 29-11-2018 - 17:29
CVE-2018-19518 8.5
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without pre
25-11-2018 - 05:29 25-11-2018 - 05:29
CVE-2018-19459 6.8
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.
22-11-2018 - 15:29 22-11-2018 - 15:29
CVE-2018-19458 5.0
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
22-11-2018 - 15:29 22-11-2018 - 15:29
CVE-2018-18865 4.3
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18859 7.2
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentia
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18858 7.2
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentia
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18857 7.2
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentia
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18856 7.2
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentia
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18774 4.3
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18773 6.8
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18772 6.8
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18955 4.4
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected u
16-11-2018 - 15:29 16-11-2018 - 15:29
CVE-2018-18805 7.5
PointOfSales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18804 7.5
Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18803 7.5
Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18801 7.5
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18799 6.8
School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18797 6.8
School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18795 7.5
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18794 6.8
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18793 7.5
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18763 7.5
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18761 7.5
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18760 4.3
RhinOS 3.0 build 1190 allows CSRF.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18759 5.0
Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18755 7.5
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-5407 1.9
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
15-11-2018 - 16:29 15-11-2018 - 16:29
CVE-2018-19287 4.3
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
15-11-2018 - 01:29 15-11-2018 - 01:29
CVE-2018-8552 7.6
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Cor
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8550 4.6
An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8544 9.3
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Ser
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-19246 5.0
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the
13-11-2018 - 04:29 13-11-2018 - 04:29
CVE-2018-19135 6.8
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatic
10-11-2018 - 23:29 10-11-2018 - 23:29
CVE-2018-19136 4.3
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
09-11-2018 - 14:29 09-11-2018 - 14:29
CVE-2018-15437 2.1
A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could all
08-11-2018 - 12:29 08-11-2018 - 12:29
CVE-2018-18957 7.5
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.
05-11-2018 - 17:29 05-11-2018 - 17:29
CVE-2018-18924 6.5
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image
04-11-2018 - 01:29 04-11-2018 - 01:29
CVE-2018-18777 4.0
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slas
01-11-2018 - 13:29 01-11-2018 - 13:29
CVE-2018-18776 4.3
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
01-11-2018 - 13:29 01-11-2018 - 13:29
CVE-2018-18775 4.3
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
01-11-2018 - 13:29 01-11-2018 - 13:29
CVE-2018-15707 3.5
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
31-10-2018 - 18:29 31-10-2018 - 18:29
CVE-2018-15705 8.5
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to r
31-10-2018 - 18:29 31-10-2018 - 18:29
CVE-2018-10712 7.2
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be lev
30-10-2018 - 14:29 30-10-2018 - 14:29
CVE-2018-10711 7.2
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). T
30-10-2018 - 14:29 30-10-2018 - 14:29
CVE-2018-10710 7.2
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This coul
30-10-2018 - 14:29 30-10-2018 - 14:29
CVE-2018-10709 4.6
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be le
30-10-2018 - 14:29 30-10-2018 - 14:29
CVE-2018-14665 7.2
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate the
29-10-2018 - 08:29 25-10-2018 - 16:29
CVE-2018-15687 1.9
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
26-10-2018 - 10:29 26-10-2018 - 10:29
CVE-2018-15686 10.0
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affec
26-10-2018 - 10:29 26-10-2018 - 10:29
CVE-2018-18548 4.3
ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.
24-10-2018 - 17:29 24-10-2018 - 17:29
CVE-2018-15442 7.2
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplie
24-10-2018 - 15:29 24-10-2018 - 15:29
CVE-2018-18437 4.3
In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter.
23-10-2018 - 17:30 23-10-2018 - 17:30
CVE-2018-18557 6.8
LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
22-10-2018 - 12:29 22-10-2018 - 12:29
CVE-2018-18419 3.5
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.
19-10-2018 - 18:29 19-10-2018 - 18:29
CVE-2018-18417 3.5
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.
19-10-2018 - 18:29 19-10-2018 - 18:29
CVE-2018-18416 3.5
LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI.
19-10-2018 - 18:29 19-10-2018 - 18:29
CVE-2018-10824 5.0
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative passwor
17-10-2018 - 10:29 17-10-2018 - 10:29
CVE-2018-10823 9.0
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the sh
17-10-2018 - 10:29 17-10-2018 - 10:29
CVE-2018-10822 5.0
Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devi
17-10-2018 - 10:29 17-10-2018 - 10:29
CVE-2018-9206 7.5
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
11-10-2018 - 11:29 11-10-2018 - 11:29
CVE-2018-16323 4.3
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, tha
01-09-2018 - 14:29 01-09-2018 - 14:29
CVE-2018-15137 10.0
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing
07-08-2018 - 20:29 07-08-2018 - 20:29
CVE-2018-14716 5.0
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.
06-08-2018 - 16:29 06-08-2018 - 16:29
CVE-2018-14728 7.5
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
03-08-2018 - 14:29 03-08-2018 - 14:29
CVE-2016-6566 7.5
The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify th
13-07-2018 - 16:29 13-07-2018 - 16:29
CVE-2018-8279 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-10594 7.5
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can
26-06-2018 - 16:29 26-06-2018 - 16:29
CVE-2018-10662 10.0
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
26-06-2018 - 14:29 26-06-2018 - 14:29
CVE-2018-10661 10.0
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
26-06-2018 - 14:29 26-06-2018 - 14:29
CVE-2018-10660 10.0
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
26-06-2018 - 14:29 26-06-2018 - 14:29
CVE-2018-6961 6.8
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be re
11-06-2018 - 18:29 11-06-2018 - 18:29
CVE-2018-4237 6.8
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain p
08-06-2018 - 14:29 08-06-2018 - 14:29
CVE-2018-8120 7.2
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. Th
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-10517 6.5
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
27-04-2018 - 14:29 27-04-2018 - 14:29
CVE-2018-7669 7.8
An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System usin
27-04-2018 - 12:29 27-04-2018 - 12:29
CVE-2016-9587 9.3
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to th
24-04-2018 - 12:29 24-04-2018 - 12:29
CVE-2017-0358 7.2
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege esca
16-04-2018 - 05:58 13-04-2018 - 11:29
CVE-2018-6329 10.0
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitra
14-03-2018 - 15:29 14-03-2018 - 15:29
CVE-2018-7750 7.5
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is co
13-03-2018 - 14:29 13-03-2018 - 14:29
CVE-2018-7182 5.0
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
06-03-2018 - 15:29 06-03-2018 - 15:29
CVE-2017-5817 10.0
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
15-02-2018 - 17:29 15-02-2018 - 17:29
CVE-2017-5816 10.0
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
15-02-2018 - 17:29 15-02-2018 - 17:29
CVE-2018-6789 7.5
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
08-02-2018 - 18:29 08-02-2018 - 18:29
CVE-2017-5124 4.3
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2018-6579 7.5
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.
02-02-2018 - 12:29 02-02-2018 - 12:29
CVE-2018-6578 7.5
SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
02-02-2018 - 12:29 02-02-2018 - 12:29
CVE-2018-6577 7.5
SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
02-02-2018 - 12:29 02-02-2018 - 12:29
CVE-2018-6576 7.5
SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.
02-02-2018 - 12:29 02-02-2018 - 12:29
CVE-2017-13056 6.8
The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.
27-12-2017 - 12:29 27-12-2017 - 12:29
CVE-2017-17872 7.5
The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.
27-12-2017 - 12:08 27-12-2017 - 12:08
CVE-2017-17871 7.5
The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.
27-12-2017 - 12:08 27-12-2017 - 12:08
CVE-2017-17651 7.5
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.
18-12-2017 - 04:29 18-12-2017 - 04:29
CVE-2017-17648 7.5
Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.
13-12-2017 - 11:29 13-12-2017 - 11:29
CVE-2017-17639 7.5
Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.
13-12-2017 - 04:29 13-12-2017 - 04:29
CVE-2017-17584 7.5
FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.
13-12-2017 - 04:29 13-12-2017 - 04:29
CVE-2017-11282 7.5
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
01-12-2017 - 03:29 01-12-2017 - 03:29
CVE-2017-11281 7.5
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
01-12-2017 - 03:29 01-12-2017 - 03:29
CVE-2017-16962 4.3
The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) inv
27-11-2017 - 05:29 27-11-2017 - 05:29
CVE-2017-16819 3.5
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.htm
17-11-2017 - 12:29 17-11-2017 - 12:29
CVE-2017-16781 3.5
The installer in MyBB before 1.8.13 has XSS.
10-11-2017 - 18:29 10-11-2017 - 18:29
CVE-2017-16780 7.5
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
10-11-2017 - 18:29 10-11-2017 - 18:29
CVE-2017-16642 5.0
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the in
07-11-2017 - 16:29 07-11-2017 - 16:29
CVE-2017-7089 4.3
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS
22-10-2017 - 21:29 22-10-2017 - 21:29
CVE-2017-15727 3.5
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
22-10-2017 - 14:29 22-10-2017 - 14:29
CVE-2017-10271 5.0
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauth
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-11810 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in t
13-10-2017 - 09:29 13-10-2017 - 09:29
CVE-2017-15083 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1642. Reason: This candidate is a reservation duplicate of CVE-2009-1642.2. Notes: All CVE users should reference CVE-2009-1642 instead of this candidate. All references and des
11-10-2017 - 14:29 11-10-2017 - 14:29
CVE-2017-5637 5.0
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3
09-10-2017 - 21:30 09-10-2017 - 21:30
CVE-2017-14084 6.8
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
05-10-2017 - 21:29 05-10-2017 - 21:29
CVE-2017-1000253 7.2
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4f
04-10-2017 - 21:29 04-10-2017 - 21:29
CVE-2017-14939 4.3
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and a
29-09-2017 - 21:29 29-09-2017 - 21:29
CVE-2017-11120 10.0
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.
27-09-2017 - 21:29 27-09-2017 - 21:29
CVE-2015-1187 10.0
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
21-09-2017 - 12:29 21-09-2017 - 12:29
CVE-2017-8770 7.8
There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.
20-09-2017 - 10:29 20-09-2017 - 10:29
CVE-2017-1002008 7.5
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
14-09-2017 - 09:29 14-09-2017 - 09:29
CVE-2017-8918 4.3
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.
12-09-2017 - 14:29 12-09-2017 - 14:29
CVE-2017-9834 7.5
SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php.
07-09-2017 - 10:29 07-09-2017 - 10:29
CVE-2017-1000083 6.8
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option su
05-09-2017 - 02:29 05-09-2017 - 02:29
CVE-2017-12763 9.0
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
29-08-2017 - 11:29 29-08-2017 - 11:29
CVE-2017-9640 6.5
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC
25-08-2017 - 15:29 25-08-2017 - 15:29
CVE-2017-11357 7.5
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
23-08-2017 - 13:29 23-08-2017 - 13:29
CVE-2017-11317 7.5
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
23-08-2017 - 13:29 23-08-2017 - 13:29
CVE-2017-12971 4.3
Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php.
23-08-2017 - 12:29 23-08-2017 - 12:29
CVE-2017-12970 6.8
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.
23-08-2017 - 12:29 23-08-2017 - 12:29
CVE-2017-12965 7.5
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
23-08-2017 - 12:29 23-08-2017 - 12:29
CVE-2017-10661 7.6
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel q
19-08-2017 - 14:29 19-08-2017 - 14:29
CVE-2017-10246 6.4
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthentic
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-8869 6.8
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.
27-07-2017 - 09:29 27-07-2017 - 09:29
CVE-2017-11435 7.5
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. T
19-07-2017 - 03:29 19-07-2017 - 03:29
CVE-2017-1000028 5.0
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
17-07-2017 - 09:18 17-07-2017 - 09:18
CVE-2017-11165 5.0
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
12-07-2017 - 08:29 12-07-2017 - 08:29
CVE-2017-9248 7.5
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to de
03-07-2017 - 15:29 03-07-2017 - 15:29
CVE-2017-6026 6.4
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by t
29-06-2017 - 23:29 29-06-2017 - 23:29
CVE-2017-8483 1.9
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8472 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disc
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8471 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted applica
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8470 1.9
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted applica
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0289 1.9
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphi
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0288 1.9
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphi
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0287 1.9
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Unisc
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0286 1.9
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphi
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0285 1.9
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0284 1.9
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows impr
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0283 9.3
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Wor
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0282 1.9
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows impr
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-7314 5.0
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.
07-06-2017 - 09:29 07-06-2017 - 09:29
CVE-2017-7312 7.5
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).
07-06-2017 - 09:29 07-06-2017 - 09:29
CVE-2016-9834 4.3
An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the
07-06-2017 - 08:29 07-06-2017 - 08:29
CVE-2017-9353 5.0
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
02-06-2017 - 01:29 02-06-2017 - 01:29
CVE-2017-9347 5.0
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.
02-06-2017 - 01:29 02-06-2017 - 01:29
CVE-2015-0936 7.5
Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
01-06-2017 - 12:29 01-06-2017 - 12:29
CVE-2017-6982 4.3
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app.
22-05-2017 - 01:29 22-05-2017 - 01:29
CVE-2017-2536 6.8
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cau
22-05-2017 - 01:29 22-05-2017 - 01:29
CVE-2017-8927 6.8
Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
15-05-2017 - 14:29 15-05-2017 - 14:29
CVE-2017-8926 6.8
Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
15-05-2017 - 14:29 15-05-2017 - 14:29
CVE-2017-0213 1.9
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege
12-05-2017 - 10:29 12-05-2017 - 10:29
CVE-2016-8740 5.0
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via cr
09-05-2017 - 21:29 05-12-2016 - 14:59
CVE-2016-7054 5.0
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.
05-05-2017 - 21:29 04-05-2017 - 15:29
CVE-2017-3575 3.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows high privileged attacker with l
04-05-2017 - 17:07 24-04-2017 - 15:59
CVE-2017-3558 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows unauthenticated attacker with l
04-05-2017 - 17:05 24-04-2017 - 15:59
CVE-2017-3561 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with lo
04-05-2017 - 15:12 24-04-2017 - 15:59
CVE-2016-1555 10.0
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to ex
28-04-2017 - 14:49 21-04-2017 - 11:59
CVE-2017-7938 7.5
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model
27-04-2017 - 15:55 20-04-2017 - 10:59
CVE-2016-1561 5.0
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware im
27-04-2017 - 10:49 21-04-2017 - 16:59
CVE-2016-1560 10.0
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SS
27-04-2017 - 10:49 21-04-2017 - 16:59
CVE-2017-0211 4.3
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE
20-04-2017 - 12:58 12-04-2017 - 10:59
CVE-2017-0160 7.2
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."
18-04-2017 - 10:07 12-04-2017 - 10:59
CVE-2017-0165 7.2
An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Windows Elevation of Privilege Vu
17-04-2017 - 15:12 12-04-2017 - 10:59
CVE-2017-6190 5.0
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.
14-04-2017 - 21:59 10-04-2017 - 10:59
CVE-2017-7285 7.8
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP conn
10-04-2017 - 14:28 29-03-2017 - 10:59
CVE-2017-0037 7.6
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via ve
03-04-2017 - 21:59 26-02-2017 - 18:59
CVE-2016-1000124 7.5
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
28-03-2017 - 14:31 06-10-2016 - 10:59
CVE-2017-0038 4.3
gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers
27-03-2017 - 21:59 20-02-2017 - 11:59
CVE-2017-6178 4.6
The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
24-03-2017 - 21:59 20-03-2017 - 12:59
CVE-2017-6880 7.5
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.
21-03-2017 - 12:54 17-03-2017 - 13:59
CVE-2017-0059 4.3
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those descr
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2016-10043 10.0
An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS comm
13-03-2017 - 10:59 31-01-2017 - 13:59
CVE-2017-5633 8.5
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via craft
09-03-2017 - 13:20 06-03-2017 - 01:59
CVE-2016-8655 7.2
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet
07-03-2017 - 21:59 08-12-2016 - 03:59
CVE-2016-2226 6.8
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
27-02-2017 - 10:02 24-02-2017 - 15:59
CVE-2017-0313 7.2
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside o
23-02-2017 - 14:26 15-02-2017 - 18:59
CVE-2017-0312 7.2
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potenti
23-02-2017 - 14:26 15-02-2017 - 18:59
CVE-2017-2371 4.3
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.
22-02-2017 - 10:58 20-02-2017 - 03:59
CVE-2017-2363 4.3
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attacker
22-02-2017 - 10:56 20-02-2017 - 03:59
CVE-2016-7637 7.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial
21-02-2017 - 13:40 20-02-2017 - 03:59
CVE-2017-0412 9.3
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access t
10-02-2017 - 13:51 08-02-2017 - 10:59
CVE-2017-0411 9.3
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access t
10-02-2017 - 13:51 08-02-2017 - 10:59
CVE-2017-5473 6.8
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/passwo
26-01-2017 - 13:15 14-01-2017 - 02:59
CVE-2016-7567 7.5
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
25-01-2017 - 21:59 23-01-2017 - 16:59
CVE-2016-5725 4.3
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
20-01-2017 - 12:23 19-01-2017 - 17:59
CVE-2014-0114 7.5
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "m
06-01-2017 - 21:59 30-04-2014 - 06:49
CVE-2014-0112 7.5
ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability
06-01-2017 - 21:59 29-04-2014 - 06:37
CVE-2014-0094 5.0
The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
06-01-2017 - 21:59 11-03-2014 - 09:00
CVE-2014-8598 6.4
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined wi
02-01-2017 - 21:59 18-11-2014 - 10:59
CVE-2014-7146 7.5
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_repla
02-01-2017 - 21:59 18-11-2014 - 10:59
CVE-2016-1004
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
30-12-2016 - 21:59 30-12-2016 - 21:59
CVE-2016-1003
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10033. Reason: This candidate is a duplicate of CVE-2016-10033. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-10033 instead of this candid
30-12-2016 - 21:59 30-12-2016 - 21:59
CVE-2015-2994 6.5
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/us
30-12-2016 - 21:59 08-06-2015 - 10:59
CVE-2016-7274 9.3
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arb
21-12-2016 - 22:00 20-12-2016 - 01:59
CVE-2016-4004 4.0
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
02-12-2016 - 22:27 12-04-2016 - 13:59
CVE-2015-3224 4.3
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection
02-12-2016 - 22:08 26-07-2015 - 18:59
CVE-2016-1209 7.5
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
23-06-2016 - 13:54 14-05-2016 - 11:59
CVE-2012-6636 6.8
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded
01-06-2016 - 22:20 02-03-2014 - 23:50
CVE-2014-3828 10.0
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter
31-08-2015 - 14:25 22-10-2014 - 21:55
CVE-2014-3829 10.0
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
23-10-2014 - 12:30 22-10-2014 - 21:55
CVE-2013-7184 4.3
Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.
11-08-2014 - 12:01 24-01-2014 - 10:08
CVE-2013-4710 9.3
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service
10-03-2014 - 13:25 02-03-2014 - 23:50
CVE-2012-0262 10.0
op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
02-01-2014 - 11:32 31-12-2013 - 15:55
CVE-2012-0261 10.0
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
02-01-2014 - 11:24 31-12-2013 - 15:55
CVE-2013-1406 7.2
The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1
02-11-2013 - 23:30 11-02-2013 - 17:55
CVE-2013-0758 10.0
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScri
02-11-2013 - 23:30 13-01-2013 - 15:55
CVE-2013-0757 9.3
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of
02-11-2013 - 23:30 13-01-2013 - 15:55
CVE-2009-0955 9.3
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."
02-11-2013 - 22:48 02-06-2009 - 14:30
CVE-2009-3547 6.9
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathna
20-08-2013 - 02:34 04-11-2009 - 10:30
CVE-2007-2671 7.1
Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access.
05-11-2012 - 22:39 14-05-2007 - 19:19
CVE-2008-4250 10.0
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during p
30-10-2012 - 23:04 23-10-2008 - 18:00
CVE-2012-0241 5.0
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.
29-10-2012 - 23:59 21-02-2012 - 08:31
CVE-2012-3831 4.3
Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag.
13-08-2012 - 23:38 03-07-2012 - 18:55
CVE-2012-3830 4.3
Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive.
13-08-2012 - 23:38 03-07-2012 - 18:55
CVE-2011-1020 2.1
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive informat
19-03-2012 - 00:00 28-02-2011 - 11:00
CVE-2010-0415 4.6
The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other
19-03-2012 - 00:00 17-02-2010 - 13:30
CVE-2010-1029 5.0
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (ap
26-01-2012 - 22:49 19-03-2010 - 17:30
CVE-2009-0565 9.3
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Forma
21-09-2011 - 23:06 10-06-2009 - 14:00
CVE-2009-3103 10.0
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (syste
24-06-2011 - 00:00 08-09-2009 - 18:30
CVE-2008-0493 9.3
fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information.
07-03-2011 - 22:04 30-01-2008 - 17:00
CVE-2006-3199 5.0
Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation.
07-03-2011 - 21:38 23-06-2006 - 16:06
CVE-2010-0822 9.3
Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record,
21-08-2010 - 01:40 08-06-2010 - 16:30
CVE-2010-0520 6.8
Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI
21-08-2010 - 01:39 30-03-2010 - 14:30
CVE-2009-2532 10.0
Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a
21-08-2010 - 01:34 14-10-2009 - 06:30
CVE-2009-2526 7.8
Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server se
21-08-2010 - 01:34 14-10-2009 - 06:30
CVE-2009-0341 9.3
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
20-02-2009 - 01:47 29-01-2009 - 14:30
CVE-1999-0502 7.5
A Unix account has a default, null, blank, or missing password.
09-09-2008 - 08:34 01-03-1998 - 00:00
CVE-2005-4664 5.0
SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662.
05-09-2008 - 16:57 31-12-2005 - 00:00
Back to Top Mark selected
Back to Top