Search
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5876 | medium | — | 6.0 | EXP | nero | 12y ago | Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (… | |
| CVE-2014-3415 | medium | — | 7.5 | EXP | sharetronix | 12y ago | SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group. | |
| CVE-2014-3414 | medium | — | 7.8 | EXP | sharetronix | 12y ago | Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a u… | |
| CVE-2012-4915 | medium | — | 6.0 | EXP | davistribewordpress | 12y ago | Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php. | |
| CVE-2013-2225 | medium | — | 7.4 | EXP | glpi-project | 12y ago | inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php. | |
| CVE-2014-3866 | medium | — | 7.8 | EXP | usercake | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that c… | |
| CVE-2013-3982 | medium | — | 6.0 | EXP | ibm | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. | |
| CVE-2013-3977 | medium | — | 5.3 | EXP | ibm | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. | |
| CVE-2013-3975 | medium | — | 6.0 | EXP | ibm | 12y ago | Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a sear… | |
| CVE-2014-3849 | medium | — | 5.3 | EXP | imember360 | 12y ago | The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Emai… | |
| CVE-2014-3848 | medium | — | 6.0 | EXP | imember360 | 12y ago | The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter. | |
| CVE-2014-3442 | medium | — | 5.3 | EXP | nullsoft | 12y ago | Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s. | |
| CVE-2013-2713 | medium | — | 7.8 | EXP | krisonav | 12y ago | Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user a… | |
| CVE-2013-2712 | medium | — | 5.3 | EXP | krisonav | 12y ago | Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter. | |
| CVE-2013-2107 | medium | — | 7.8 | EXP | mail_on_update_project | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change… | |
| CVE-2010-5299 | medium | — | 7.8 | EXP | microp_project | 12y ago | Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName paramet… | |
| CVE-2014-3842 | medium | — | 5.3 | EXP | imember360 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or… | |
| CVE-2014-3210 | medium | — | 7.5 | EXP | dotonpaperwordpress | 12y ago | SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via… | |
| CVE-2014-1770 | critical | — | 10.0 | EXP | microsoft | 12y ago | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage … | |
| CVE-2014-3806 | medium | — | 6.0 | EXP | vmturbo | 12y ago | Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter. | |
| CVE-2014-3792 | medium | — | 7.8 | EXP | 12y ago | Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change… | ||
| CVE-2014-3791 | critical | — | 10.0 | EXP | efssoft | 12y ago | Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp. | |
| CVE-2014-3738 | medium | — | 5.3 | EXP | zenoss | 12y ago | Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device. | |
| CVE-2014-3444 | critical | — | 10.0 | EXP | realnetworks | 12y ago | The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and app… | |
| CVE-2013-7382 | medium | — | 6.0 | EXP | vicidial | 12y ago | VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to o… | |
| CVE-2014-0749 | critical | — | 10.0 | EXP | adaptivecomputing | 12y ago | Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary… | |
| CVE-2014-3247 | medium | — | 5.3 | EXP | o-dyn | 12y ago | Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.p… | |
| CVE-2013-4730 | critical | — | 10.0 | EXP | pcman\'s_ftp_server_project | 12y ago | Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command. | |
| CVE-2014-3443 | medium | — | 5.3 | EXP | jetaudio | 12y ago | JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file. | |
| CVE-2014-3441 | medium | — | 5.3 | EXPFIX | debian | videolan | 12y ago | codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file. |
| CVE-2014-1603 | medium | — | 5.3 | EXP | get-simple | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3)… | |
| CVE-2013-7376 | medium | — | 7.8 | EXP | openx | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by r… | |
| CVE-2013-4468 | medium | — | 7.5 | EXP | vicidial | 12y ago | VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an … | |
| CVE-2013-3514 | medium | — | 5.3 | EXP | openx | 12y ago | Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferen… | |
| CVE-2013-1765 | medium | — | 5.3 | EXP | smart-flv_plugin_project | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2) playerr… | |
| CVE-2014-1815 | critical | — | 10.0 | EXP | microsoft | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 201… | |
| CVE-2014-1806 | critical | — | 10.0 | EXP | microsoft | 12y ago | The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitra… | |
| CVE-2014-3225 | medium | — | 5.0 | EXP | cobblerd | 12y ago | Cobbler Path Traversal vulnerability | |
| CVE-2014-2046 | critical | — | 10.0 | EXP | broadcom | 12y ago | cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information vi… | |
| CVE-2014-1849 | critical | — | 10.0 | EXP | 12y ago | Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijac… | ||
| CVE-2013-4490 | medium | — | 7.5 | EXP | gitlab | 12y ago | The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands … | |
| CVE-2014-3246 | medium | — | 7.5 | EXP | o-dyn | 12y ago | SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php. | |
| CVE-2014-2989 | medium | — | 7.8 | EXP | open_assessment_technologies_ | 12y ago | Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrativ… | |
| CVE-2013-5748 | medium | — | 7.8 | EXP | simplerisk | 12y ago | Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that… | |
| CVE-2014-3220 | critical | — | 10.0 | EXP | 12y ago | F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/auth… | ||
| CVE-2014-3138 | medium | — | 7.5 | EXP | xerox | 12y ago | SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary… | |
| CVE-2013-1807 | medium | — | 6.0 | EXP | php-fusion | 12y ago | PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information v… | |
| CVE-2013-1806 | medium | — | 7.5 | EXP | php-fusion | 12y ago | Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to… | |
| CVE-2013-1804 | medium | — | 5.3 | EXP | php-fusion | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php;… | |
| CVE-2014-1843 | medium | — | 6.0 | EXP | southrivertech | 12y ago | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Propert… | |
| CVE-2014-1842 | medium | — | 6.0 | EXP | southrivertech | 12y ago | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar … | |
| CVE-2014-1841 | medium | — | 6.0 | EXP | southrivertech | 12y ago | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot… | |
| CVE-2014-0515 | critical | — | 10.0 | EXP | macos linux-kernel | adobe | 12y ago | Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitra… |
| CVE-2014-3008 | critical | — | 10.0 | EXP | unitrends | 12y ago | Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php. | |
| CVE-2014-2383 | medium | — | 7.8 | EXPFIX | debian | dompdf | 12y ago | DOMPDF Arbitrary File Read |
| CVE-2014-1766 | critical | — | 10.0 | EXP | microsoft | 12y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt … | |
| CVE-2014-1764 | critical | — | 10.0 | EXP | microsoft | 12y ago | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstra… | |
| CVE-2014-2994 | critical | — | 10.0 | EXP | acunetix | 12y ago | Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (… | |
| CVE-2013-5660 | critical | — | 10.0 | EXP | powersoftware | 12y ago | Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file. | |
| CVE-2013-5954 | medium | — | 7.8 | EXP | revive-adserveropenx | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via adm… | |
| CVE-2014-2908 | medium | — | 5.3 | EXP | 12y ago | Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified… | ||
| CVE-2014-2976 | medium | — | 6.0 | EXP | sixnet | 12y ago | Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081. | |
| CVE-2014-1322 | medium | — | 5.9 | EXP | macos | 12y ago | The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mecha… | |
| CVE-2014-2341 | medium | — | 7.8 | EXP | cubecart | 12y ago | Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | |
| CVE-2014-2922 | medium | — | 7.4 | EXP | pimcore | 12y ago | The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which all… | |
| CVE-2014-1990 | medium | — | 7.8 | EXP | 12y ago | Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authen… | ||
| CVE-2013-7196 | medium | — | 6.5 | EXP | phpfox | 12y ago | static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[it… | |
| CVE-2014-2880 | medium | — | 6.8 | EXP | oracle | 12y ago | Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web … | |
| CVE-2014-2879 | medium | — | 5.3 | EXP | sonicwall | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the upl… | |
| CVE-2014-0984 | medium | — | 5.3 | EXP | sap | 12y ago | The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrec… | |
| CVE-2013-2143 | medium | — | 7.5 | EXP | redhattheforeman | 12y ago | The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by se… | |
| CVE-2011-4089 | medium | — | 5.6 | EXPFIX | debian | bzip | 12y ago | The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by prec… |
| CVE-2014-2424 | medium | — | 5.0 | EXP | oracle | 12y ago | Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system. | |
| CVE-2014-2399 | medium | — | 5.3 | EXP | oracle | 12y ago | Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information … | |
| CVE-2014-0514 | critical | — | 10.0 | EXP | adobe | 12y ago | The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related… | |
| CVE-2013-7368 | medium | — | 5.3 | EXP | raoul_proenca | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles… | |
| CVE-2014-2851 | medium | — | 7.9 | EXPFIX | debian linux-kernel | 12y ago | Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gai… | |
| CVE-2014-0787 | critical | — | 10.0 | EXP | wellintech | 12y ago | Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet. | |
| CVE-2012-6644 | medium | — | 5.3 | EXP | clip-bucket | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3)… | |
| CVE-2011-4958 | medium | — | 5.3 | EXP | silverstripe | 12y ago | Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML vi… | |
| CVE-2012-2095 | medium | — | 7.9 | EXP | fedora | david_paleino | 12y ago | The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus messag… |
| CVE-2013-5680 | medium | — | 7.8 | EXPFIX | debian | lee_howard | 12y ago | Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code v… |
| CVE-2013-2287 | medium | — | 5.3 | EXP | roberta_bramski | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or … | |
| CVE-2012-6429 | critical | — | 10.0 | EXP | samsung | 12y ago | Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the pass… | |
| CVE-2014-2340 | medium | — | 7.8 | EXP | xcloner | 12y ago | Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create websit… | |
| CVE-2013-2945 | medium | — | 7.5 | EXP | b2evolution | 12y ago | SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this … | |
| CVE-2013-4240 | medium | — | 7.8 | EXP | hitmyserver | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for request… | |
| CVE-2013-0662 | critical | — | 10.0 | EXP | schneider-electricschneider_electric | 12y ago | Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a … | |
| CVE-2009-5141 | medium | — | 5.0 | EXP | jgaa | 12y ago | Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command. | |
| CVE-2014-2671 | medium | — | 7.8 | EXP | microsoft | 12y ago | Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file. | |
| CVE-2014-1982 | critical | — | 10.0 | EXP | 12y ago | The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges … | ||
| CVE-2014-0983 | medium | — | 7.9 | EXPFIX | debian | oracle | 12y ago | Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.… |
| CVE-2014-0981 | medium | — | 5.4 | EXPFIX | debian | oracle | 12y ago | VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local gue… |
| CVE-2014-2668 | medium | — | 6.0 | EXP | apache | 12y ago | Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. | |
| CVE-2013-0807 | medium | — | 5.3 | EXP | gpeasy | 12y ago | Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HT… | |
| CVE-2013-7346 | medium | — | 7.8 | EXP | getsymphony | 12y ago | Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via… | |
| CVE-2013-2559 | medium | — | 7.5 | EXP | getsymphony | 12y ago | SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged us… | |
| CVE-2014-1303 | critical | — | 10.0 | EXP | apple | 12y ago | Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen dur… | |
| CVE-2014-2016 | medium | — | 5.3 | EXP | oxid-esales | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and e… | |
| CVE-2013-1604 | medium | — | 6.0 | EXP | 12y ago | Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. |