VIR Vulnerability Intelligence Relay

Search

Found 4,306 results in 542ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2011-4333 medium 6.1 7.1 EXP scilico 9y ago Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no…
CVE-2017-15687 medium 6.1 7.1 EXP logitech 9y ago DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.
CVE-2017-15580 critical 9.8 10.0 EXP osticket 9y ago osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as…
CVE-2017-7089 medium 6.1 7.1 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It all…
CVE-2017-15727 medium 5.4 6.4 EXP phpmyfaq 9y ago In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
CVE-2017-15291 medium 6.1 7.1 EXP 9y ago Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description fi…
CVE-2017-14937 medium 4.7 5.7 EXP 9y ago The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control unit…
CVE-2017-15646 medium 6.1 7.1 EXP webmin 9y ago Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After set…
CVE-2017-15639 medium 6.5 7.5 EXP getmura 9y ago tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature.
CVE-2017-10366 critical 9.8 10.0 EXP oracle 9y ago Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.54, 8.55 and 8.56. Ea…
CVE-2017-10355 medium 5.3 6.3 EXPFIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Em…
CVE-2017-10033 medium 4.0 5.0 EXP oracle 9y ago Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools). Supported versions that are affected are 11.1.1.8.0 and 12.2.1.2.0. Difficult to explo…
CVE-2017-15359 medium 6.5 7.5 EXP 3cx 9y ago In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInf…
CVE-2017-14956 medium 5.7 6.7 EXP alienvault 9y ago AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local d…
CVE-2017-14322 critical 9.8 10.0 EXP interspire 9y ago The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administra…
CVE-2017-15579 critical 9.8 10.0 EXP phpsugar 9y ago In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
CVE-2015-2780 critical 9.8 10.0 EXP berta 9y ago Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct re…
CVE-2014-9148 critical 9.8 10.0 EXP fiyo 9y ago Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct …
CVE-2017-15374 medium 6.1 7.1 EXP shopware 9y ago Shopware XSS Vulnerability
CVE-2017-12629 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntu rhel apacheredhat 9y ago Remote code execution occurs in Apache Solr
CVE-2017-15014 medium 4.3 5.3 EXP opentext 9y ago OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardl…
CVE-2017-11823 medium 6.7 7.7 EXP windows windows 9y ago The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microso…
CVE-2017-11785 medium 5.5 6.5 EXP windows windows 9y ago The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1…
CVE-2017-15287 medium 6.1 7.1 EXP bouqueteditor_project 9y ago There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
CVE-2017-15284 medium 5.4 6.4 EXP octobercms 9y ago OctoberCMS Cross-Site Scripting
CVE-2017-15220 critical 9.8 10.0 EXP flexense 9y ago Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary cod…
CVE-2013-6924 critical 9.8 10.0 EXP 9y ago Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
CVE-2017-14980 critical 9.8 10.0 EXP flexense 9y ago Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.
CVE-2014-0030 critical 9.8 10.0 EXP apache 9y ago The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
CVE-2015-2147 critical 9.8 10.0 EXP phpbugtracker_project 9y ago Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2015-2145 medium 4.8 5.8 EXP phpbugtracker_project 9y ago Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2017-15084 medium 6.5 7.5 EXP rapid7 9y ago The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
CVE-2017-14089 critical 9.8 10.0 EXP trendmicro 9y ago An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and ca…
CVE-2017-14085 medium 5.3 6.3 EXP trendmicro 9y ago Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version a…
CVE-2017-14491 critical 9.8 10.0 EXPFIX arch arch slesdebian debian thekelleyssusenvidia 9y ago Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2017-6089 critical 9.8 10.0 EXP phpcollab 9y ago SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parame…
CVE-2017-14494 medium 5.9 6.9 EXPFIX arch arch slesdebian debian thekelleys 9y ago dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
CVE-2017-14493 critical 9.8 10.0 EXPFIX arch arch slesdebian debian thekelleys 9y ago Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
CVE-2017-14492 critical 9.8 10.0 EXPFIX arch arch slesdebian debian thekelleys 9y ago Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
CVE-2017-14955 medium 5.9 6.9 EXP checkmk 9y ago Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GU…
CVE-2017-14939 medium 5.5 6.5 EXPFIX debian debian sles gnu 9y ago decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a d…
CVE-2017-14738 critical 9.8 10.0 EXP filerun 9y ago FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search f…
CVE-2017-14702 critical 9.8 10.0 EXP branaghgroup 9y ago ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.
CVE-2017-14620 medium 6.1 7.1 EXP smartertools 9y ago SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
CVE-2017-14507 critical 9.8 10.0 EXP shindiristudio 9y ago Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_c…
CVE-2017-14841 medium 6.5 7.5 EXP dasinfomedia 9y ago Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
CVE-2017-11120 critical 9.8 10.0 EXPFIX macos macos 9y ago On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2…
CVE-2015-8249 critical 9.8 10.0 EXP manageengine 9y ago The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.
CVE-2017-14703 critical 9.8 10.0 EXP cashbackcomparisonscript 9y ago SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.
CVE-2015-4668 medium 6.1 7.1 EXP xceedium 9y ago Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
CVE-2015-4667 critical 9.8 10.0 EXP xceedium 9y ago Multiple hardcoded credentials in Xsuite 2.x.
CVE-2017-14717 medium 5.4 6.4 EXP telaxius 9y ago In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.
CVE-2017-14712 medium 5.4 6.4 EXP telaxius 9y ago In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.
CVE-2017-14706 critical 9.8 10.0 EXP denyall 9y ago DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken …
CVE-2017-12930 critical 9.8 10.0 EXP tecnovision 9y ago SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.
CVE-2017-14619 medium 6.1 7.1 EXP phpmyfaq 9y ago Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
CVE-2017-14618 medium 4.8 5.8 EXP phpmyfaq 9y ago Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
CVE-2015-7347 medium 4.8 5.8 EXP zcms_project 9y ago Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.
CVE-2015-2826 medium 5.3 6.3 EXP simple_ads_manager_project 9y ago WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
CVE-2017-12611 critical 9.8 10.0 EXP apache 9y ago Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
CVE-2015-4073 critical 9.8 10.0 EXP helpdesk_pro_project 9y ago Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (…
CVE-2015-4072 medium 5.4 6.4 EXP helpdesk_pro_project 9y ago Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and m…
CVE-2015-4684 medium 6.5 7.5 EXP polycom 9y ago Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modi…
CVE-2015-4683 critical 9.8 10.0 EXP polycom 9y ago Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters wit…
CVE-2015-4682 medium 6.5 7.5 EXP polycom 9y ago Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
CVE-2014-8686 critical 9.8 10.0 EXP codeigniter 9y ago CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
CVE-2014-8684 critical 9.8 10.0 EXP codeigniterkohanaframework 9y ago CodeIgniter and Kohana vulnerable to PHP Object Injection
CVE-2017-6315 critical 9.8 10.0 EXP 9y ago Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.
CVE-2017-14143 critical 9.8 10.0 EXP kaltura 9y ago The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and cons…
CVE-2014-9618 critical 9.8 10.0 EXP netsweeper 9y ago The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via …
CVE-2014-9611 critical 9.8 10.0 EXP netsweeper 9y ago Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
CVE-2014-9610 medium 5.3 6.3 EXP netsweeper 9y ago Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user…
CVE-2017-14244 critical 9.8 10.0 EXP 9y ago An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs wi…
CVE-2017-14243 critical 9.8 10.0 EXP 9y ago An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials fr…
CVE-2017-14489 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 9y ago The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.
CVE-2017-0785 medium 6.5 7.5 EXP 9y ago A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
CVE-2017-13067 critical 9.8 10.0 EXP 9y ago QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerabili…
CVE-2017-1002008 critical 9.8 10.0 EXP membership_simplified_project 9y ago Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a use…
CVE-2017-1002003 critical 9.8 10.0 EXP wp2android-turn-wp-site-into-android-app_project 9y ago Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
CVE-2017-1002002 critical 9.8 10.0 EXP webapp-builder_project 9y ago Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
CVE-2017-1002001 critical 9.8 10.0 EXP mobile-app-builder-by-wappress_project 9y ago Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
CVE-2017-1002000 critical 9.8 10.0 EXP mobile-friendly-app-builder-by-easytouch_project 9y ago Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check …
CVE-2017-8708 medium 4.7 5.7 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W…
CVE-2017-8687 medium 5.5 6.5 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W…
CVE-2017-8685 medium 5.5 6.5 EXP windows windows 9y ago Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure…
CVE-2017-8684 medium 5.5 6.5 EXP windows windows 9y ago Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses ke…
CVE-2017-8683 medium 5.5 6.5 EXP windows windows 9y ago Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Serve…
CVE-2017-8681 medium 5.5 6.5 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W…
CVE-2017-8680 medium 5.5 6.5 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerab…
CVE-2017-8678 medium 5.5 6.5 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W…
CVE-2017-14396 critical 9.8 10.0 EXP osticket 9y ago In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
CVE-2017-8918 medium 5.5 6.5 EXP blackwave 9y ago XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.
CVE-2017-3133 medium 6.1 7.1 EXP 9y ago A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
CVE-2017-3132 medium 6.1 7.1 EXP 9y ago A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToke…
CVE-2017-3131 medium 5.4 6.4 EXP 9y ago A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under …
CVE-2015-8351 critical 9.0 10.0 EXP gwolle_guestbook_project 9y ago PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code v…
CVE-2015-4523 critical 9.3 10.0 EXP symantec 9y ago Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, caus…
CVE-2017-9095 medium 5.5 6.5 EXP divinglog 9y ago XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.
CVE-2017-14219 medium 6.1 7.1 EXP 9y ago XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSu…
CVE-2015-3313 critical 9.8 10.0 EXP community_events_project 9y ago SQL injection vulnerability in WordPress Community Events plugin before 1.4.