VIR Vulnerability Intelligence Relay

Search

Found 3,958 results in 516ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-9683 critical 9.8 10.0 EXP 9y ago The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'exten…
CVE-2016-9682 critical 9.8 10.0 EXP 9y ago The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the …
CVE-2017-6098 high 7.2 8.2 EXP mail-masta_project 9y ago A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parame…
CVE-2017-6097 high 7.2 8.2 EXP mail-masta_project 9y ago A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the PO…
CVE-2017-6096 high 7.2 8.2 EXP mail-masta_project 9y ago A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Param…
CVE-2017-6095 critical 9.8 10.0 EXP mail-masta_project 9y ago A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
CVE-2017-5881 high 7.8 8.8 EXP gomlab 9y ago GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
CVE-2016-9315 high 8.8 9.8 EXP trendmicro 9y ago Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earli…
CVE-2016-9314 high 7.8 8.8 EXP trendmicro 9y ago Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authent…
CVE-2016-9269 critical 9.9 10.0 EXP trendmicro 9y ago Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,…
CVE-2017-2373 high 8.8 9.8 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-2370 high 7.8 8.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve…
CVE-2017-2369 high 8.8 9.8 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-2362 high 8.8 9.8 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-2360 high 7.8 8.8 EXPFIX macos macos webkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve…
CVE-2017-2353 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex…
CVE-2016-7661 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain pr…
CVE-2016-7660 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allow…
CVE-2016-7644 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…
CVE-2016-7637 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…
CVE-2016-7633 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial …
CVE-2016-7626 high 8.8 9.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows …
CVE-2016-7621 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…
CVE-2016-7617 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex…
CVE-2016-7612 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…
CVE-2016-4669 high 7.8 8.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th…
CVE-2017-6074 high 7.8 8.8 EXPFIX arch arch slesdebian debian 9y ago The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain r…
CVE-2017-5344 critical 9.8 10.0 EXP dotcms 9y ago An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query e…
CVE-2016-4312 high 7.5 8.5 EXP wso2 9y ago XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to …
CVE-2016-4311 high 8.8 9.8 EXP wso2 9y ago Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that proc…
CVE-2016-10134 critical 9.8 10.0 EXPFIX debian debian zabbix 9y ago SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
CVE-2017-0313 high 7.8 8.8 EXP nvidia 9y ago All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where un…
CVE-2017-0312 high 7.8 8.8 EXP nvidia 9y ago All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit …
CVE-2016-8972 high 7.8 8.8 EXP ibm 9y ago IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.
CVE-2016-6079 high 7.8 8.8 EXP ibm 9y ago IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88…
CVE-2016-3694 critical 9.8 10.0 EXP modified 9y ago Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands vi…
CVE-2017-5991 high 7.5 8.5 EXPFIX debian debian artifex 9y ago An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pix…
CVE-2017-2992 high 8.8 9.8 EXP macos macos linux-kernelwindows windows adobe 9y ago Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2988 high 8.8 9.8 EXP macos macos linux-kernelwindows windows adobe 9y ago Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code executi…
CVE-2017-2986 high 8.8 9.8 EXP linux-kernelmacos macoswindows windows adobe 9y ago Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2985 high 8.8 9.8 EXP linux-kernelmacos macoswindows windows adobe 9y ago Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execut…
CVE-2017-5972 high 7.5 8.5 EXPFIX slesdebian debian linux-kernel 9y ago The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of servi…
CVE-2017-5162 critical 9.8 10.0 EXP 9y ago An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.
CVE-2017-5146 high 7.5 8.5 EXP 9y ago An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.
CVE-2016-9361 critical 9.8 10.0 EXP moxa 9y ago An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…
CVE-2016-9351 high 7.0 8.0 EXP advantech 9y ago An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
CVE-2016-9349 high 7.5 8.5 EXP advantech 9y ago An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.
CVE-2016-9332 high 7.5 8.5 EXP moxa 9y ago An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to cr…
CVE-2016-8377 high 8.0 9.0 EXP 9y ago An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server,…
CVE-2016-5809 high 8.8 9.8 EXP 9y ago An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token gen…
CVE-2017-5941 critical 9.8 10.0 EXP node-serialize_project 9y ago Code Execution through IIFE in node-serialize
CVE-2017-5180 high 8.8 9.8 EXPFIX arch archdebian debian firejail_project 9y ago Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users …
CVE-2017-3813 high 7.8 8.8 EXP cisco 9y ago A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with th…
CVE-2017-3807 high 8.8 9.8 EXP 9y ago A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause…
CVE-2016-9244 high 7.5 8.5 EXP f5 9y ago A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit thi…
CVE-2015-6024 critical 9.8 10.0 EXP 9y ago ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in…
CVE-2015-6023 high 7.3 8.3 EXP 9y ago ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE:…
CVE-2017-0412 high 7.8 8.8 EXP 9y ago An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H…
CVE-2017-0411 high 7.8 8.8 EXP 9y ago An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H…
CVE-2016-7400 critical 9.8 10.0 EXP exponentcms 10y ago Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action,…
CVE-2016-6175 critical 9.8 10.0 EXPFIX debian debian php-gettext_project 10y ago Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.
CVE-2016-2539 high 8.8 9.8 EXP atutor 10y ago Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files an…
CVE-2015-2794 critical 9.8 10.0 EXP dnnsoftware 10y ago The installation wizard in DotNetNuke (DNN) allows privilege escalation
CVE-2017-5630 high 7.5 8.5 EXP slesdebian debian php 10y ago PEAR core file overwrite vulnerability
CVE-2016-3053 high 7.8 8.8 EXP 10y ago IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.
CVE-2016-10079 high 7.5 8.5 EXP sap 10y ago SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.
CVE-2017-3823 high 8.8 9.8 EXP cisco 10y ago An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plug…
CVE-2016-10043 critical 10.0 10.0 EXP mrf 10y ago An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use…
CVE-2016-6267 high 8.8 9.8 EXP trendmicro 10y ago SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell meta…
CVE-2016-2399 high 7.8 8.8 EXPFIX slesdebian debian libquicktime 10y ago Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted h…
CVE-2016-10176 critical 9.8 10.0 EXP 10y ago The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server…
CVE-2016-10175 critical 9.8 10.0 EXP 10y ago The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password…
CVE-2016-9554 high 7.2 8.2 EXP sophos 10y ago The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occu…
CVE-2016-9553 high 7.2 8.2 EXP sophos 10y ago The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (…
CVE-2017-5329 high 7.8 8.8 EXP paloaltonetworks 10y ago Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation.
CVE-2017-3316 high 8.4 9.4 EXPFIX debian debian oracle 10y ago Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily explo…
CVE-2017-3248 critical 9.8 10.0 EXP oracle 10y ago Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. …
CVE-2017-3241 critical 9.0 10.0 EXPFIX slesdebian debian oracle 10y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u…
CVE-2017-5594 high 7.5 8.5 EXP pagekit 10y ago Pagekit Weak Password Recovery Mechanism for Forgotten Password
CVE-2016-7567 critical 9.8 10.0 EXP sles openslp 10y ago Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
CVE-2016-6603 critical 9.8 10.0 EXP zohocorp 10y ago ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
CVE-2016-6602 critical 9.8 10.0 EXP zohocorp 10y ago ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/…
CVE-2016-6601 high 7.5 8.5 EXP zohocorp 10y ago Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parame…
CVE-2016-6600 critical 9.8 10.0 EXP zohocorp 10y ago Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the…
CVE-2016-4793 high 7.5 8.5 EXPFIX debian debian cakephp 10y ago CakePHP allows remote attackers to spoof their IP
CVE-2016-4340 high 8.8 9.8 EXP gitlab 10y ago The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as …
CVE-2016-4338 high 8.1 9.1 EXPFIX debian debian zabbix 10y ago The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, all…
CVE-2016-4010 critical 9.8 10.0 EXP magento 10y ago Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
CVE-2016-10156 high 7.8 8.8 EXPFIX debian debian systemd_project 10y ago A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. Th…
CVE-2016-6253 high 7.8 8.8 EXP freebsd freebsd 10y ago mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on th…
CVE-2016-6896 high 7.1 8.1 EXPFIX debian debian wordpress 10y ago Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read…
CVE-2016-7998 high 8.8 9.8 EXPFIX debian debian spip 10y ago The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag a…
CVE-2016-7982 high 7.5 8.5 EXPFIX debian debian spip 10y ago Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml acti…
CVE-2016-7980 high 8.8 9.8 EXPFIX debian debian spip 10y ago Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execu…
CVE-2016-2233 high 7.5 8.5 EXPFIX slesdebian debian hexchat_project 10y ago Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP …
CVE-2016-2087 high 7.4 8.4 EXPFIX slesdebian debian hexchat_project 10y ago Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
CVE-2017-5473 high 8.8 9.8 EXP ntop 10y ago Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user…
CVE-2016-7434 high 7.5 8.5 EXPFIX slesarch archdebian debian ntphpe 10y ago The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-9299 critical 9.8 10.0 EXP fedora fedora jenkins 10y ago Improper Neutralization of Special Elements used in an LDAP Query in Jenkins
CVE-2016-6772 high 7.8 8.8 EXP 10y ago An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate becau…