VIR Vulnerability Intelligence Relay

Search

Found 6,356 results in 934ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-6805 medium 5.3 6.3 EXP mobatek 9y ago Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
CVE-2017-6803 high 8.8 9.8 EXP solarwinds 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication…
CVE-2017-6178 high 7.8 8.8 EXP usbpcap_project 9y ago The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
CVE-2017-5930 low 2.7 3.7 EXPFIX suse susedebian debian postfixadmin_project 9y ago The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission ch…
CVE-2016-8855 medium 6.1 7.1 EXP sitecore 9y ago Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or …
CVE-2017-7178 high 8.8 9.8 EXPFIX debian debian deluge-torrent 9y ago CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) caus…
CVE-2015-3884 high 8.8 9.8 EXP qdpm 9y ago Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute…
CVE-2014-8722 high 7.5 8.5 EXP get-simple 9y ago GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.x…
CVE-2017-0128 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0127 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0126 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0125 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0124 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0123 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0122 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0121 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows…
CVE-2017-0120 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0119 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0118 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows…
CVE-2017-0117 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0116 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0115 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0114 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0113 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0112 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0111 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0108 high 7.8 8.8 EXP windows windows microsoft 9y ago The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows…
CVE-2017-0103 high 7.0 8.0 EXP windows windows 9y ago The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privi…
CVE-2017-0100 high 7.8 8.8 EXP windows windows 9y ago A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 201…
CVE-2017-0092 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0091 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0090 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…
CVE-2017-0089 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…
CVE-2017-0088 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote…
CVE-2017-0087 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…
CVE-2017-0086 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…
CVE-2017-0085 medium 4.3 5.3 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka…
CVE-2017-0084 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows…
CVE-2017-0083 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…
CVE-2017-0072 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…
CVE-2017-0070 high 7.5 8.5 EXP windows windows microsoft 9y ago A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i…
CVE-2017-0063 medium 6.5 7.5 EXP windows windows 9y ago The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT…
CVE-2017-0062 medium 4.7 5.7 EXP windows windows 9y ago The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol…
CVE-2017-0061 medium 5.3 6.3 EXP windows windows 9y ago The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code i…
CVE-2017-0060 medium 5.5 6.5 EXP windows windows microsoft 9y ago The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol…
CVE-2017-0045 medium 5.5 6.5 EXP windows windows 9y ago Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise …
CVE-2017-6510 high 7.5 8.5 EXP efssoft 9y ago Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.
CVE-2017-6443 medium 6.1 7.1 EXP epson 9y ago Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.
CVE-2017-5359 high 7.5 8.5 EXP easycom-aura 9y ago EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.
CVE-2017-6366 high 8.8 9.8 EXP 9y ago Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that pe…
CVE-2017-6060 high 7.8 8.8 EXPFIX arch archdebian debian artifex 9y ago Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.
CVE-2016-8025 medium 6.2 7.2 EXP mcafee 9y ago SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request paramete…
CVE-2016-8024 high 8.1 9.1 EXP mcafee 9y ago Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensit…
CVE-2016-8023 high 8.1 9.1 EXP mcafee 9y ago Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentic…
CVE-2016-8022 high 7.5 8.5 EXP mcafee 9y ago Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a den…
CVE-2016-8021 medium 5.0 6.0 EXP mcafee 9y ago Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and exe…
CVE-2016-8020 high 8.0 9.0 EXP mcafee 9y ago Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted …
CVE-2016-8019 medium 6.1 7.1 EXP mcafee 9y ago Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script o…
CVE-2016-8018 medium 4.3 5.3 EXP mcafee 9y ago Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a cr…
CVE-2016-8017 medium 4.1 5.1 EXP mcafee 9y ago Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user…
CVE-2016-8016 low 3.4 4.4 EXP mcafee 9y ago Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a UR…
CVE-2017-6896 high 8.8 9.8 EXP 9y ago Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session…
CVE-2017-6516 medium 6.7 7.7 EXP magnicomp 9y ago A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-…
CVE-2017-6398 high 8.8 9.8 EXP trendmicro 9y ago An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is …
CVE-2017-6367 high 7.5 8.5 EXP cerberusftp 9y ago In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.
CVE-2017-6823 high 8.8 9.8 EXP fiyo 9y ago Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
CVE-2017-6444 high 7.5 8.5 EXP 9y ago The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU…
CVE-2017-6427 high 7.5 8.5 EXP evostream 9y ago A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a…
CVE-2017-6529 high 8.8 9.8 EXP dnatools 9y ago An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
CVE-2017-6528 high 8.1 9.1 EXP dnatools 9y ago An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
CVE-2017-6527 high 7.5 8.5 EXP dnatools 9y ago An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the…
CVE-2017-6552 high 7.5 8.5 EXP 9y ago Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue…
CVE-2017-6549 high 8.8 9.8 EXP 9y ago Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B…
CVE-2017-6547 medium 6.1 7.1 EXP 9y ago Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12…
CVE-2016-6255 high 7.5 8.5 EXP debian debian libupnp_project 9y ago Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
CVE-2017-6411 high 8.8 9.8 EXP 9y ago Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.
CVE-2017-5633 high 8.0 9.0 EXP 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (…
CVE-2017-6351 high 8.1 9.1 EXP 9y ago The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device u…
CVE-2017-6478 medium 6.1 7.1 EXP mangoswebv4_project 9y ago paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
CVE-2016-6883 medium 5.9 6.9 EXP matrixssl 9y ago MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.
CVE-2017-6104 high 7.5 8.5 EXP zen_mobile_app_native_project 9y ago Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
CVE-2017-5982 high 7.5 8.5 EXPFIX debian debian kodi 9y ago Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by …
CVE-2016-2226 high 7.8 8.8 EXPFIX slesdebian debian gnu 9y ago Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
CVE-2017-6206 high 7.5 8.5 EXP 9y ago D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated I…
CVE-2017-6098 high 7.2 8.2 EXP mail-masta_project 9y ago A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parame…
CVE-2017-6097 high 7.2 8.2 EXP mail-masta_project 9y ago A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the PO…
CVE-2017-6096 high 7.2 8.2 EXP mail-masta_project 9y ago A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Param…
CVE-2017-5881 high 7.8 8.8 EXP gomlab 9y ago GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
CVE-2016-9316 medium 5.4 6.4 EXP trendmicro 9y ago Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Bu…
CVE-2016-9315 high 8.8 9.8 EXP trendmicro 9y ago Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earli…
CVE-2016-9314 high 7.8 8.8 EXP trendmicro 9y ago Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authent…
CVE-2017-0038 medium 5.5 6.5 EXP windows windows 9y ago gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windo…
CVE-2017-2373 high 8.8 9.8 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-2371 medium 6.5 7.5 EXPFIX slesmacos macosdebian debian 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.
CVE-2017-2370 high 7.8 8.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve…
CVE-2017-2369 high 8.8 9.8 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-2365 medium 6.5 7.5 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-2364 medium 6.5 7.5 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the…
CVE-2017-2363 medium 6.5 7.5 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve…
CVE-2017-2362 high 8.8 9.8 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…