VIR Vulnerability Intelligence Relay

Search

Found 6,690 results in 620ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2015-8249 critical 9.8 10.0 EXP manageengine 9y ago The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.
CVE-2015-3643 high 7.8 8.8 EXP ubuntu ubuntu usb-creator_project 9y ago usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local…
CVE-2015-1336 high 7.8 8.8 EXPFIX debian debianubuntu ubuntu man-db_project 9y ago The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
CVE-2017-14704 high 8.8 9.8 EXP claydip 9y ago Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code …
CVE-2017-13129 high 8.0 9.0 EXP zkteco 9y ago Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators …
CVE-2017-14703 critical 9.8 10.0 EXP cashbackcomparisonscript 9y ago SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.
CVE-2014-0997 high 7.5 8.5 EXP 9y ago WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and poten…
CVE-2015-7293 high 8.8 9.8 EXP plonezope 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
CVE-2015-4669 high 7.8 8.8 EXP xceedium 9y ago The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
CVE-2015-4668 medium 6.1 7.1 EXP xceedium 9y ago Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
CVE-2015-4667 critical 9.8 10.0 EXP xceedium 9y ago Multiple hardcoded credentials in Xsuite 2.x.
CVE-2017-14627 high 7.8 8.8 EXP cyberlink 9y ago Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) a…
CVE-2017-14717 medium 5.4 6.4 EXP telaxius 9y ago In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.
CVE-2017-14712 medium 5.4 6.4 EXP telaxius 9y ago In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.
CVE-2017-14706 critical 9.8 10.0 EXP denyall 9y ago DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken …
CVE-2017-14680 high 7.5 8.5 EXP zkteco 9y ago ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
CVE-2017-12930 critical 9.8 10.0 EXP tecnovision 9y ago SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.
CVE-2017-12929 high 8.8 9.8 EXP tecnovision 9y ago Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.
CVE-2017-14619 medium 6.1 7.1 EXP phpmyfaq 9y ago Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
CVE-2017-14618 medium 4.8 5.8 EXP phpmyfaq 9y ago Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
CVE-2015-7347 medium 4.8 5.8 EXP zcms_project 9y ago Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.
CVE-2015-2826 medium 5.3 6.3 EXP simple_ads_manager_project 9y ago WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
CVE-2017-12611 critical 9.8 10.0 EXP apache 9y ago Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
CVE-2017-7924 high 7.5 8.5 EXP 9y ago An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could s…
CVE-2015-4075 high 8.1 9.1 EXP helpdeskpro 9y ago The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.
CVE-2015-4074 high 7.5 8.5 EXP helpdesk_pro_project 9y ago Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download…
CVE-2015-4073 critical 9.8 10.0 EXP helpdesk_pro_project 9y ago Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (…
CVE-2015-4072 medium 5.4 6.4 EXP helpdesk_pro_project 9y ago Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and m…
CVE-2017-8770 high 7.5 8.5 EXP 9y ago There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.
CVE-2015-4685 high 7.0 8.0 EXP polycom 9y ago Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo m…
CVE-2015-4684 medium 6.5 7.5 EXP polycom 9y ago Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modi…
CVE-2015-4683 critical 9.8 10.0 EXP polycom 9y ago Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters wit…
CVE-2015-4682 medium 6.5 7.5 EXP polycom 9y ago Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
CVE-2015-4681 high 7.8 8.8 EXP polycom 9y ago Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
CVE-2014-8686 critical 9.8 10.0 EXP codeigniter 9y ago CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
CVE-2014-8684 critical 9.8 10.0 EXP codeigniterkohanaframework 9y ago CodeIgniter and Kohana vulnerable to PHP Object Injection
CVE-2017-6315 critical 9.8 10.0 EXP 9y ago Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.
CVE-2017-14311 high 7.8 8.8 EXP netmechanica 9y ago The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call.
CVE-2017-14143 critical 9.8 10.0 EXP kaltura 9y ago The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and cons…
CVE-2014-9619 high 7.2 8.2 EXP netsweeper 9y ago Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with a…
CVE-2014-9618 critical 9.8 10.0 EXP netsweeper 9y ago The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via …
CVE-2014-9611 critical 9.8 10.0 EXP netsweeper 9y ago Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
CVE-2014-9610 medium 5.3 6.3 EXP netsweeper 9y ago Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user…
CVE-2017-9798 high 7.5 8.5 EXPFIX debian debianarch arch sles apache 9y ago Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsb…
CVE-2017-14244 critical 9.8 10.0 EXP 9y ago An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs wi…
CVE-2017-14243 critical 9.8 10.0 EXP 9y ago An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials fr…
CVE-2014-9463 high 8.8 9.8 EXP vbseovbulletin 9y ago functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.
CVE-2017-14489 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 9y ago The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.
CVE-2017-0785 medium 6.5 7.5 EXP 9y ago A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
CVE-2017-0781 high 8.8 9.8 EXP 9y ago A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.
CVE-2017-13067 critical 9.8 10.0 EXP 9y ago QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerabili…
CVE-2017-1002008 critical 9.8 10.0 EXP membership_simplified_project 9y ago Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a use…
CVE-2017-1002003 critical 9.8 10.0 EXP wp2android-turn-wp-site-into-android-app_project 9y ago Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
CVE-2017-1002002 critical 9.8 10.0 EXP webapp-builder_project 9y ago Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
CVE-2017-1002001 critical 9.8 10.0 EXP mobile-app-builder-by-wappress_project 9y ago Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
CVE-2017-1002000 critical 9.8 10.0 EXP mobile-friendly-app-builder-by-easytouch_project 9y ago Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check …
CVE-2017-6008 high 7.8 8.8 EXP sophos 9y ago A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate p…
CVE-2017-8755 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting eng…
CVE-2017-8751 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft…
CVE-2017-8740 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in…
CVE-2017-8734 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft E…
CVE-2017-8731 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses object…
CVE-2017-8729 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in…
CVE-2017-8708 medium 4.7 5.7 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W…
CVE-2017-8687 medium 5.5 6.5 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W…
CVE-2017-8685 medium 5.5 6.5 EXP windows windows 9y ago Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure…
CVE-2017-8684 medium 5.5 6.5 EXP windows windows 9y ago Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses ke…
CVE-2017-8683 medium 5.5 6.5 EXP windows windows 9y ago Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Serve…
CVE-2017-8682 high 8.8 9.8 EXP windows windows microsoft 9y ago Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 20…
CVE-2017-8681 medium 5.5 6.5 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W…
CVE-2017-8680 medium 5.5 6.5 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerab…
CVE-2017-8678 medium 5.5 6.5 EXP windows windows 9y ago The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W…
CVE-2017-11764 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scri…
CVE-2017-14396 critical 9.8 10.0 EXP osticket 9y ago In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
CVE-2017-8918 medium 5.5 6.5 EXP blackwave 9y ago XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.
CVE-2017-14344 high 7.8 8.8 EXP jungo 9y ago This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system i…
CVE-2017-1000251 high 8.0 9.0 EXPFIX slesarch archdebian debian nvidia 9y ago The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing …
CVE-2017-14335 high 7.5 8.5 EXP 9y ago On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.
CVE-2017-14266 high 7.8 8.8 EXPFIX debian debian broadcom 9y ago tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.
CVE-2017-3133 medium 6.1 7.1 EXP 9y ago A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
CVE-2017-3132 medium 6.1 7.1 EXP 9y ago A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToke…
CVE-2017-3131 medium 5.4 6.4 EXP 9y ago A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under …
CVE-2015-8351 critical 9.0 10.0 EXP gwolle_guestbook_project 9y ago PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code v…
CVE-2017-14153 high 7.8 8.8 EXP jungo 9y ago This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system i…
CVE-2017-14075 high 7.8 8.8 EXP jungo 9y ago This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system i…
CVE-2015-4523 critical 9.3 10.0 EXP symantec 9y ago Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, caus…
CVE-2017-9095 medium 5.5 6.5 EXP divinglog 9y ago XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.
CVE-2017-14219 medium 6.1 7.1 EXP 9y ago XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSu…
CVE-2015-3314 high 8.1 9.1 EXP tune_library_project 9y ago SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.
CVE-2015-3313 critical 9.8 10.0 EXP community_events_project 9y ago SQL injection vulnerability in WordPress Community Events plugin before 1.4.
CVE-2015-3222 high 7.0 8.0 EXP ossec 9y ago syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root.
CVE-2017-9834 critical 9.8 10.0 EXP calendarscripts 9y ago SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action…
CVE-2017-14147 critical 9.8 10.0 EXP 9y ago An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link ht…
CVE-2017-13754 medium 5.4 6.4 EXP wibu 9y ago Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the …
CVE-2017-13713 high 8.8 9.8 EXP 9y ago T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg.
CVE-2017-11567 high 8.8 9.8 EXP cesanta 9y ago Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to…
CVE-2015-7241 critical 9.8 10.0 EXP sap 9y ago XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
CVE-2017-1130 medium 6.5 7.5 EXP ibm 9y ago IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and h…
CVE-2017-1129 medium 6.5 7.5 EXP ibm 9y ago IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 1213…
CVE-2017-1000083 high 7.8 8.8 EXPFIX debian debianarch arch sles gnome 9y ago backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a fi…