| Max CVSS | 6.8 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-3238 | 5.8 |
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
|
12-02-2023 - 23:15 | 24-08-2015 - 14:59 | |
| CVE-2015-5057 | 4.3 |
Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed.
|
14-03-2020 - 00:15 | 18-08-2017 - 18:29 | |
| CVE-2006-1878 | 2.6 |
Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
18-10-2018 - 16:37 | 20-04-2006 - 10:02 | |
| CVE-2015-5069 | 4.0 |
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors rel
|
10-10-2017 - 14:54 | 26-09-2017 - 14:29 | |
| CVE-2015-5070 | 3.5 |
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to
|
10-10-2017 - 14:54 | 26-09-2017 - 14:29 | |
| CVE-2013-0199 | 5.0 |
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
|
29-08-2017 - 01:33 | 29-05-2014 - 14:19 | |
| CVE-2003-1459 | 6.8 |
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2015-4174 | 4.3 |
Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
07-12-2016 - 18:11 | 28-06-2015 - 10:59 | |
| CVE-2015-2964 | 5.0 |
NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens (JWT) header.
|
03-12-2016 - 03:07 | 05-07-2015 - 01:59 | |
| CVE-2008-0570 | 5.0 |
The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers.
|
08-03-2011 - 03:04 | 05-02-2008 - 02:00 |