VIR Vulnerability Intelligence Relay

Search

Found 2,563 results in 475ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-4313 high 7.8 8.8 EXP extplorer 9y ago Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.
CVE-2015-7570 high 7.2 8.2 EXP yeager 9y ago Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb…
CVE-2015-7569 high 8.8 9.8 EXP yeager 9y ago SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
CVE-2015-7245 high 7.5 8.5 EXP 9y ago Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage p…
CVE-2017-7852 high 8.8 9.8 EXP 9y ago D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the …
CVE-2015-0104 high 8.8 9.8 EXP ibm 9y ago IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol…
CVE-2016-5399 high 7.8 8.8 EXP sles php 9y ago The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary co…
CVE-2016-1561 high 7.5 8.5 EXP 9y ago ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a pri…
CVE-2015-8285 high 7.5 8.5 EXP quickheal 9y ago The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service.
CVE-2017-7692 high 8.8 9.8 EXP squirrelmail 9y ago SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit …
CVE-2017-7615 high 8.8 9.8 EXP mantisbt 9y ago MantisBT allows arbitrary password reset
CVE-2017-7690 high 7.8 8.8 EXP proxifier 9y ago Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.
CVE-2017-6554 high 7.2 8.2 EXP quest 9y ago pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privil…
CVE-2016-1713 high 7.3 8.3 EXP vtiger 9y ago Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated…
CVE-2016-0727 high 7.8 8.8 EXPFIX ubuntu ubuntudebian debian 9y ago The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3…
CVE-2015-6568 high 8.8 9.8 EXP wolfcms 9y ago Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" …
CVE-2015-6567 high 8.8 9.8 EXP wolfcms 9y ago Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exp…
CVE-2017-7643 high 7.8 8.8 EXP proxifier 9y ago Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.
CVE-2017-7456 high 7.5 8.5 EXP moxa 9y ago Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.
CVE-2017-7455 high 7.5 8.5 EXP moxa 9y ago Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.
CVE-2015-8356 high 8.0 9.0 EXP bitrix_project 9y ago Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to adm…
CVE-2016-1914 high 8.8 9.8 EXP blackberry 9y ago Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrar…
CVE-2015-8284 high 8.8 9.8 EXP seawell_networks 9y ago SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.
CVE-2015-7563 high 8.8 9.8 EXP teampass 9y ago Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.
CVE-2017-3064 high 7.8 8.8 EXP linux-kernelwindows windowsmacos macos adobe 9y ago Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3006 high 8.8 9.8 EXP adobe 9y ago Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.
CVE-2017-0202 high 7.5 8.5 EXP microsoft 9y ago A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrar…
CVE-2017-0165 high 7.8 8.8 EXP windows windows 9y ago An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handle…
CVE-2017-0160 high 7.8 8.8 EXP microsoft 9y ago Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."
CVE-2015-7893 high 8.8 9.8 EXP 9y ago SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.
CVE-2017-6088 high 7.2 8.2 EXP eyesofnetwork 9y ago Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (…
CVE-2017-7185 high 7.5 8.5 EXP cesanta 9y ago Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows r…
CVE-2017-6190 high 7.5 8.5 EXP 9y ago Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" r…
CVE-2015-8258 high 7.5 8.5 EXP 9y ago AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."
CVE-2015-8255 high 8.8 9.8 EXP 9y ago AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.
CVE-2017-6019 high 7.5 8.5 EXP 9y ago An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.
CVE-2017-0569 high 7.0 8.0 EXP linux-kernel 9y ago An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…
CVE-2016-7786 high 8.8 9.8 EXP 9y ago Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. …
CVE-2017-7571 high 8.0 9.0 EXP ladybirdweb 9y ago public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.
CVE-2017-7447 high 8.8 9.8 EXP helpdezk 9y ago HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code.
CVE-2017-7446 high 8.8 9.8 EXP helpdezk 9y ago HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.
CVE-2016-9091 high 7.2 8.2 EXP bluecoat 9y ago Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious ad…
CVE-2017-7358 high 7.3 8.3 EXPFIX arch archdebian debianubuntu ubuntu lightdm_project 9y ago In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user …
CVE-2017-7398 high 8.8 9.8 EXP 9y ago D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin i…
CVE-2017-7228 high 8.2 9.2 EXPFIX debian debian 9y ago An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, al…
CVE-2017-7397 high 7.5 8.5 EXP 9y ago BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This…
CVE-2014-1677 high 7.5 8.5 EXP 9y ago Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
CVE-2017-1001000 high 7.5 8.5 EXPFIX debian debian wordpress 9y ago The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows …
CVE-2014-3222 high 7.0 8.0 EXP huawei 9y ago In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key…
CVE-2017-2490 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2483 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2482 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2478 high 7.0 8.0 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2476 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2474 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2473 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2472 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2471 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-…
CVE-2017-2470 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2469 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2468 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2466 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2464 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2460 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2459 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2457 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitr…
CVE-2017-2456 high 7.0 8.0 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2455 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2454 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2447 high 8.1 9.1 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2446 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2443 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi…
CVE-2015-4624 high 7.5 8.5 EXP 9y ago Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
CVE-2017-6412 high 8.1 9.1 EXP sophos 9y ago In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
CVE-2017-7310 high 7.8 8.8 EXP flexense 9y ago A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Se…
CVE-2017-7308 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 9y ago The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (in…
CVE-2017-7285 high 7.5 8.5 EXP 9y ago A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, prevent…
CVE-2017-5671 high 8.8 9.8 EXP 9y ago Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, whic…
CVE-2017-7183 high 7.5 8.5 EXP extraputty 9y ago The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
CVE-2016-10225 high 7.8 8.8 EXP 9y ago The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
CVE-2017-5899 high 7.0 8.0 EXPFIX debian debian s-nail_project 9y ago Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a …
CVE-2017-5850 high 7.5 8.5 EXP freebsd freebsd 9y ago httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
CVE-2017-7240 high 7.5 8.5 EXP 9y ago An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefor…
CVE-2017-6087 high 8.8 9.8 EXP eonweb_project 9y ago EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3…
CVE-2017-5869 high 8.8 9.8 EXP nuxeo 9y ago Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in …
CVE-2017-6191 high 7.8 8.8 EXP apng_disassembler_project 9y ago Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename.
CVE-2017-5227 high 7.5 8.5 EXP 9y ago QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration…
CVE-2017-6971 high 8.8 9.8 EXP alienvaultnfsen 9y ago AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving t…
CVE-2017-6970 high 8.4 9.4 EXP alienvaultnfsen 9y ago AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.
CVE-2016-6816 high 7.1 8.1 EXPFIX slesdebian debian apache 9y ago The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could b…
CVE-2017-6803 high 8.8 9.8 EXP solarwinds 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication…
CVE-2017-6178 high 7.8 8.8 EXP usbpcap_project 9y ago The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
CVE-2017-7178 high 8.8 9.8 EXPFIX debian debian deluge-torrent 9y ago CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) caus…
CVE-2015-3884 high 8.8 9.8 EXP qdpm 9y ago Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute…
CVE-2014-8722 high 7.5 8.5 EXP get-simple 9y ago GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.x…
CVE-2017-0108 high 7.8 8.8 EXP windows windows microsoft 9y ago The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows…
CVE-2017-0103 high 7.0 8.0 EXP windows windows 9y ago The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privi…
CVE-2017-0100 high 7.8 8.8 EXP windows windows 9y ago A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 201…
CVE-2017-0090 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…
CVE-2017-0089 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…