| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-9485 | 4.3 |
Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive.
|
24-01-2024 - 21:15 | 16-01-2018 - 19:29 | |
| CVE-2003-0072 | 5.0 |
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of a
|
21-01-2020 - 15:47 | 02-04-2003 - 05:00 | |
| CVE-2019-1674 | 9.0 |
A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insu
|
09-10-2019 - 23:47 | 28-02-2019 - 18:29 | |
| CVE-2006-1373 | 4.3 |
Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter.
|
18-10-2018 - 16:32 | 24-03-2006 - 02:02 | |
| CVE-2008-0184 | 6.4 |
Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter.
|
15-10-2018 - 21:58 | 09-01-2008 - 22:46 | |
| CVE-2014-8085 | 6.8 |
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then acces
|
09-10-2018 - 19:53 | 05-01-2015 - 20:59 | |
| CVE-2014-8084 | 7.5 |
Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action.
|
09-10-2018 - 19:53 | 05-01-2015 - 20:59 | |
| CVE-2014-8083 | 7.5 |
SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.
|
09-10-2018 - 19:53 | 05-01-2015 - 20:59 | |
| CVE-2014-7862 | 7.5 |
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
|
09-10-2018 - 19:53 | 04-01-2018 - 17:29 | |
| CVE-2011-1715 | 5.0 |
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (enc
|
17-08-2017 - 01:34 | 18-04-2011 - 18:55 | |
| CVE-2011-1714 | 4.3 |
Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web sc
|
17-08-2017 - 01:34 | 18-04-2011 - 18:55 | |
| CVE-2009-0895 | 10.0 |
Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow.
|
17-08-2017 - 01:30 | 03-12-2009 - 17:30 | |
| CVE-2016-6807 | 7.5 |
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari A
|
04-04-2017 - 15:42 | 28-03-2017 - 20:59 |