Max CVSS 9.0 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2016-3672 4.6
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, a
12-09-2023 - 14:55 27-04-2016 - 17:59
CVE-2002-0839 7.2
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that
23-09-2022 - 15:11 11-10-2002 - 04:00
CVE-2016-6270 9.0
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password
13-09-2021 - 12:04 30-01-2017 - 22:59
CVE-2013-2559 6.5
SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers
25-08-2020 - 15:59 27-03-2014 - 16:55
CVE-2013-2267 9.0
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
29-01-2020 - 21:18 27-01-2020 - 22:15
CVE-2018-1314 4.0
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
03-10-2019 - 00:03 08-11-2018 - 14:29
CVE-2007-5220 7.5
SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters.
15-10-2018 - 21:41 05-10-2007 - 00:17
CVE-2010-4444 6.8
Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
17-08-2017 - 01:33 19-01-2011 - 17:00
CVE-2008-6875 7.5
SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220.
17-08-2017 - 01:29 24-07-2009 - 16:30
CVE-2005-4297 4.3
Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the "keys" parameter.
08-03-2011 - 02:27 16-12-2005 - 23:03
Back to Top Mark selected
Back to Top