VIR Vulnerability Intelligence Relay

Search

Found 4,127 results in 502ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-8482 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8481 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8480 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8479 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8478 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8477 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen…
CVE-2017-8476 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-8473 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafte…
CVE-2017-8472 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initiali…
CVE-2017-8471 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen…
CVE-2017-8470 medium 5.0 6.0 EXP windows windows 9y ago Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authen…
CVE-2017-8469 medium 5.5 6.5 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an…
CVE-2017-8462 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-0300 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-0299 medium 5.0 6.0 EXP windows windows 9y ago The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all…
CVE-2017-0289 medium 5.0 6.0 EXP windows windows microsoft 9y ago Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper…
CVE-2017-0288 medium 5.0 6.0 EXP windows windows microsoft 9y ago Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper…
CVE-2017-0287 medium 5.0 6.0 EXP windows windows microsoft 9y ago Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper…
CVE-2017-0286 medium 5.0 6.0 EXP windows windows microsoft 9y ago Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper…
CVE-2017-0285 medium 5.0 6.0 EXP windows windows microsoft 9y ago Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office …
CVE-2017-0284 medium 5.0 6.0 EXP windows windows microsoft 9y ago Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office …
CVE-2017-0282 medium 5.0 6.0 EXP windows windows microsoft 9y ago Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office …
CVE-2017-9544 critical 9.8 10.0 EXP echatserver 9y ago There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering…
CVE-2017-9128 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 …
CVE-2017-9127 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted …
CVE-2017-9126 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
CVE-2017-9125 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.
CVE-2017-9124 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
CVE-2017-9123 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVE-2017-9122 medium 6.5 7.5 EXPFIX slesdebian debian libquicktime 9y ago The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
CVE-2017-8871 medium 6.5 7.5 EXP slessuse suse gnome 9y ago The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
CVE-2014-8687 critical 9.8 10.0 EXP 9y ago Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session token…
CVE-2017-9516 medium 5.4 6.4 EXP craftcms 9y ago Craft CMS XSS Vulnerability
CVE-2017-4901 critical 9.9 10.0 EXP vmware 9y ago The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execu…
CVE-2015-7346 critical 9.8 10.0 EXP zcms_project 9y ago SQL injection vulnerability in ZCMS 1.1.
CVE-2017-4905 medium 5.5 6.5 EXP macos macos vmware 9y ago VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch …
CVE-2017-4914 critical 9.8 10.0 EXP vmware 9y ago VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
CVE-2017-7312 critical 9.8 10.0 EXP personifycorp 9y ago An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and…
CVE-2016-9834 medium 6.1 7.1 EXP 9y ago An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is …
CVE-2017-8840 medium 5.3 6.3 EXP 9y ago Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request t…
CVE-2017-8839 medium 6.1 7.1 EXP 9y ago XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/p…
CVE-2017-8838 medium 6.1 7.1 EXP 9y ago XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/H…
CVE-2017-8837 critical 9.8 10.0 EXP 9y ago Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in questio…
CVE-2017-8835 critical 9.8 10.0 EXP 9y ago SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth coo…
CVE-2017-1000367 medium 6.4 7.4 EXPFIX slesarch archdebian debian sudo_project 9y ago Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
CVE-2017-9430 critical 9.8 10.0 EXP debian debian dnstracer_project 9y ago Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name ar…
CVE-2017-9417 critical 9.8 10.0 EXPFIX debian debian 9y ago Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
CVE-2015-0936 critical 9.8 10.0 EXP 9y ago Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
CVE-2017-9232 critical 9.8 10.0 EXP canonical 9y ago Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju
CVE-2017-8537 medium 5.5 6.5 EXP windows windows microsoft 9y ago The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and…
CVE-2017-8536 medium 5.5 6.5 EXP windows windows microsoft 9y ago The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and…
CVE-2017-8535 medium 5.5 6.5 EXP windows windows microsoft 9y ago The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and…
CVE-2016-6256 critical 9.6 10.0 EXP sap 9y ago SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i…
CVE-2017-2800 critical 9.8 10.0 EXPFIX debian debian wolfssl 9y ago A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and pos…
CVE-2015-4455 critical 9.8 10.0 EXP aviary_image_editor_add-on_for_gravity_forms_project 9y ago Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by up…
CVE-2017-9150 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 9y ago The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which all…
CVE-2017-1092 critical 9.8 10.0 EXP ibm 9y ago IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
CVE-2017-9147 medium 6.5 7.5 EXPFIX slesdebian debian libtiff 9y ago LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.
CVE-2017-4916 medium 6.5 7.5 EXP vmware 9y ago VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privilege…
CVE-2017-6982 medium 5.5 6.5 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app.
CVE-2017-2528 medium 6.1 7.1 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un…
CVE-2017-2527 critical 9.8 10.0 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a …
CVE-2017-2524 critical 9.8 10.0 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve…
CVE-2017-2523 critical 9.8 10.0 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve…
CVE-2017-2522 critical 9.8 10.0 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve…
CVE-2017-2516 medium 5.0 6.0 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c…
CVE-2017-2510 medium 6.1 7.1 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un…
CVE-2017-2509 medium 5.5 6.5 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c…
CVE-2017-2508 medium 6.1 7.1 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Un…
CVE-2017-2504 medium 6.1 7.1 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-9101 critical 9.8 10.0 EXP playsms 9y ago import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.
CVE-2017-7620 medium 6.5 7.5 EXP mantisbt 9y ago MantisBT vulnerable to CSRF and Open Redirect attacks
CVE-2017-5174 critical 9.8 10.0 EXP 9y ago An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architectu…
CVE-2017-5173 critical 9.8 10.0 EXP 9y ago An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnera…
CVE-2017-6622 critical 9.8 10.0 EXP cisco 9y ago A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privil…
CVE-2017-8917 critical 9.8 10.0 EXP joomla 9y ago SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-10372 critical 9.8 10.0 EXP 9y ago The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80…
CVE-2017-8382 medium 4.5 5.5 EXP admidio 9y ago admidio CSRF Vulnerability
CVE-2017-7953 medium 5.4 6.4 EXP infor 9y ago INFOR EAM V11.0 Build 201410 has XSS via comment fields.
CVE-2017-0259 medium 4.7 5.7 EXP windows windows 9y ago The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive info…
CVE-2017-0258 medium 4.7 5.7 EXP windows windows 9y ago The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server …
CVE-2017-0245 medium 4.7 5.7 EXP windows windows 9y ago The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain ker…
CVE-2017-0220 medium 4.7 5.7 EXP windows windows 9y ago The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, …
CVE-2017-0175 medium 4.7 5.7 EXP windows windows 9y ago The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Inform…
CVE-2017-7472 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 9y ago The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring cal…
CVE-2017-8798 critical 9.8 10.0 EXPFIX arch archdebian debian miniupnp_project 9y ago Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2017-8895 critical 9.8 10.0 EXP veritas 9y ago In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of ser…
CVE-2017-8295 medium 5.9 6.9 EXPFIX debian debian wordpress 9y ago WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?ac…
CVE-2016-5810 medium 4.9 5.9 EXP advantech 9y ago upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.
CVE-2016-5063 medium 5.3 6.3 EXP bmc 9y ago The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vecto…
CVE-2017-5631 medium 6.1 7.1 EXP kmc_information_systems 9y ago An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.
CVE-2017-6553 critical 9.8 10.0 EXP quest 9y ago Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory …
CVE-2017-5135 critical 9.1 10.0 EXP 9y ago Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c34…
CVE-2017-8225 critical 9.8 10.0 EXP 9y ago On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and…
CVE-2017-8224 critical 9.8 10.0 EXP 9y ago Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.
CVE-2017-3623 critical 10.0 10.0 EXP 9y ago Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily "exploitable" vulnerability allows un…
CVE-2017-3549 critical 9.1 10.0 EXP oracle 9y ago Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 1…
CVE-2017-3548 medium 6.5 7.5 EXP oracle 9y ago Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "expl…
CVE-2017-3546 medium 6.5 7.5 EXP oracle 9y ago Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "…
CVE-2017-3528 medium 5.4 6.4 EXP oracle 9y ago Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.…