VIR Vulnerability Intelligence Relay

Search

Found 3,445 results in 485ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-8024 high 8.1 9.1 EXP mcafee 9y ago Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensit…
CVE-2016-8023 high 8.1 9.1 EXP mcafee 9y ago Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentic…
CVE-2016-8022 high 7.5 8.5 EXP mcafee 9y ago Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a den…
CVE-2016-8020 high 8.0 9.0 EXP mcafee 9y ago Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted …
CVE-2017-6896 high 8.8 9.8 EXP 9y ago Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session…
CVE-2017-6398 high 8.8 9.8 EXP trendmicro 9y ago An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is …
CVE-2017-6367 high 7.5 8.5 EXP cerberusftp 9y ago In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.
CVE-2017-6823 high 8.8 9.8 EXP fiyo 9y ago Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
CVE-2017-6444 high 7.5 8.5 EXP 9y ago The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU…
CVE-2017-6427 high 7.5 8.5 EXP evostream 9y ago A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a…
CVE-2017-6529 high 8.8 9.8 EXP dnatools 9y ago An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
CVE-2017-6528 high 8.1 9.1 EXP dnatools 9y ago An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
CVE-2017-6527 high 7.5 8.5 EXP dnatools 9y ago An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the…
CVE-2017-6552 high 7.5 8.5 EXP 9y ago Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue…
CVE-2017-6549 high 8.8 9.8 EXP 9y ago Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B…
CVE-2016-6255 high 7.5 8.5 EXP debian debian libupnp_project 9y ago Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
CVE-2017-6411 high 8.8 9.8 EXP 9y ago Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.
CVE-2017-5633 high 8.0 9.0 EXP 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (…
CVE-2017-6351 high 8.1 9.1 EXP 9y ago The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device u…
CVE-2017-6104 high 7.5 8.5 EXP zen_mobile_app_native_project 9y ago Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
CVE-2017-5982 high 7.5 8.5 EXPFIX debian debian kodi 9y ago Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by …
CVE-2016-2226 high 7.8 8.8 EXPFIX slesdebian debian gnu 9y ago Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
CVE-2017-6206 high 7.5 8.5 EXP 9y ago D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated I…
CVE-2017-6098 high 7.2 8.2 EXP mail-masta_project 9y ago A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parame…
CVE-2017-6097 high 7.2 8.2 EXP mail-masta_project 9y ago A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the PO…
CVE-2017-6096 high 7.2 8.2 EXP mail-masta_project 9y ago A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Param…
CVE-2017-5881 high 7.8 8.8 EXP gomlab 9y ago GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
CVE-2016-9315 high 8.8 9.8 EXP trendmicro 9y ago Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earli…
CVE-2016-9314 high 7.8 8.8 EXP trendmicro 9y ago Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authent…
CVE-2017-2373 high 8.8 9.8 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-2370 high 7.8 8.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve…
CVE-2017-2369 high 8.8 9.8 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-2362 high 8.8 9.8 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-2360 high 7.8 8.8 EXPFIX macos macos webkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve…
CVE-2017-2353 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex…
CVE-2016-7661 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain pr…
CVE-2016-7660 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allow…
CVE-2016-7644 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…
CVE-2016-7637 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…
CVE-2016-7633 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial …
CVE-2016-7626 high 8.8 9.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows …
CVE-2016-7621 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…
CVE-2016-7617 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex…
CVE-2016-7612 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…
CVE-2016-4669 high 7.8 8.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th…
CVE-2017-6074 high 7.8 8.8 EXPFIX arch arch slesdebian debian 9y ago The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain r…
CVE-2016-4312 high 7.5 8.5 EXP wso2 9y ago XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to …
CVE-2016-4311 high 8.8 9.8 EXP wso2 9y ago Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that proc…
CVE-2017-0313 high 7.8 8.8 EXP nvidia 9y ago All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where un…
CVE-2017-0312 high 7.8 8.8 EXP nvidia 9y ago All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit …
CVE-2016-8972 high 7.8 8.8 EXP ibm 9y ago IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.
CVE-2016-6079 high 7.8 8.8 EXP ibm 9y ago IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88…
CVE-2017-5991 high 7.5 8.5 EXPFIX debian debian artifex 9y ago An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pix…
CVE-2017-2992 high 8.8 9.8 EXP macos macos linux-kernelwindows windows adobe 9y ago Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2988 high 8.8 9.8 EXP macos macos linux-kernelwindows windows adobe 9y ago Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code executi…
CVE-2017-2986 high 8.8 9.8 EXP linux-kernelmacos macoswindows windows adobe 9y ago Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2985 high 8.8 9.8 EXP linux-kernelmacos macoswindows windows adobe 9y ago Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execut…
CVE-2017-5972 high 7.5 8.5 EXPFIX slesdebian debian linux-kernel 9y ago The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of servi…
CVE-2017-5146 high 7.5 8.5 EXP 9y ago An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.
CVE-2016-9351 high 7.0 8.0 EXP advantech 9y ago An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
CVE-2016-9349 high 7.5 8.5 EXP advantech 9y ago An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.
CVE-2016-9332 high 7.5 8.5 EXP moxa 9y ago An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to cr…
CVE-2016-8377 high 8.0 9.0 EXP 9y ago An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server,…
CVE-2016-5809 high 8.8 9.8 EXP 9y ago An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token gen…
CVE-2017-5180 high 8.8 9.8 EXPFIX arch archdebian debian firejail_project 9y ago Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users …
CVE-2017-3813 high 7.8 8.8 EXP cisco 9y ago A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with th…
CVE-2017-3807 high 8.8 9.8 EXP 9y ago A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause…
CVE-2016-9244 high 7.5 8.5 EXP f5 9y ago A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit thi…
CVE-2015-6023 high 7.3 8.3 EXP 9y ago ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE:…
CVE-2017-0412 high 7.8 8.8 EXP 9y ago An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H…
CVE-2017-0411 high 7.8 8.8 EXP 9y ago An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H…
CVE-2016-2539 high 8.8 9.8 EXP atutor 10y ago Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files an…
CVE-2017-5630 high 7.5 8.5 EXP slesdebian debian php 10y ago PEAR core file overwrite vulnerability
CVE-2016-3053 high 7.8 8.8 EXP 10y ago IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.
CVE-2016-10079 high 7.5 8.5 EXP sap 10y ago SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.
CVE-2017-3823 high 8.8 9.8 EXP cisco 10y ago An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plug…
CVE-2016-6267 high 8.8 9.8 EXP trendmicro 10y ago SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell meta…
CVE-2016-2399 high 7.8 8.8 EXPFIX slesdebian debian libquicktime 10y ago Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted h…
CVE-2016-9554 high 7.2 8.2 EXP sophos 10y ago The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occu…
CVE-2016-9553 high 7.2 8.2 EXP sophos 10y ago The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (…
CVE-2017-5329 high 7.8 8.8 EXP paloaltonetworks 10y ago Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation.
CVE-2017-3316 high 8.4 9.4 EXPFIX debian debian oracle 10y ago Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily explo…
CVE-2017-5594 high 7.5 8.5 EXP pagekit 10y ago Pagekit Weak Password Recovery Mechanism for Forgotten Password
CVE-2016-6601 high 7.5 8.5 EXP zohocorp 10y ago Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parame…
CVE-2016-4793 high 7.5 8.5 EXPFIX debian debian cakephp 10y ago CakePHP allows remote attackers to spoof their IP
CVE-2016-4340 high 8.8 9.8 EXP gitlab 10y ago The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as …
CVE-2016-4338 high 8.1 9.1 EXPFIX debian debian zabbix 10y ago The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, all…
CVE-2016-10156 high 7.8 8.8 EXPFIX debian debian systemd_project 10y ago A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. Th…
CVE-2016-6253 high 7.8 8.8 EXP freebsd freebsd 10y ago mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on th…
CVE-2016-6896 high 7.1 8.1 EXPFIX debian debian wordpress 10y ago Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read…
CVE-2016-7998 high 8.8 9.8 EXPFIX debian debian spip 10y ago The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag a…
CVE-2016-7982 high 7.5 8.5 EXPFIX debian debian spip 10y ago Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml acti…
CVE-2016-7980 high 8.8 9.8 EXPFIX debian debian spip 10y ago Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execu…
CVE-2016-2233 high 7.5 8.5 EXPFIX slesdebian debian hexchat_project 10y ago Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP …
CVE-2016-2087 high 7.4 8.4 EXPFIX slesdebian debian hexchat_project 10y ago Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
CVE-2017-5473 high 8.8 9.8 EXP ntop 10y ago Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user…
CVE-2016-7434 high 7.5 8.5 EXPFIX slesarch archdebian debian ntphpe 10y ago The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-6772 high 7.8 8.8 EXP 10y ago An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate becau…
CVE-2016-4808 high 8.8 9.8 EXP web2py 10y ago Web2py Cross-Site Request Forgery vulnerability
CVE-2016-4806 high 7.5 8.5 EXP web2py 10y ago Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files.