VIR Vulnerability Intelligence Relay

Search

Found 4,306 results in 537ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-0062 medium 4.7 5.7 EXP windows windows 9y ago The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol…
CVE-2017-0061 medium 5.3 6.3 EXP windows windows 9y ago The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code i…
CVE-2017-0060 medium 5.5 6.5 EXP windows windows microsoft 9y ago The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol…
CVE-2017-0045 medium 5.5 6.5 EXP windows windows 9y ago Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise …
CVE-2017-6443 medium 6.1 7.1 EXP epson 9y ago Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.
CVE-2017-5496 critical 9.8 10.0 EXP sawmill 9y ago Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.
CVE-2017-5358 critical 9.8 10.0 EXP easycom-aura 9y ago Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (…
CVE-2016-8025 medium 6.2 7.2 EXP mcafee 9y ago SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request paramete…
CVE-2016-8021 medium 5.0 6.0 EXP mcafee 9y ago Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and exe…
CVE-2016-8019 medium 6.1 7.1 EXP mcafee 9y ago Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script o…
CVE-2016-8018 medium 4.3 5.3 EXP mcafee 9y ago Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a cr…
CVE-2016-8017 medium 4.1 5.1 EXP mcafee 9y ago Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user…
CVE-2016-8016 low 3.4 4.4 EXP mcafee 9y ago Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a UR…
CVE-2017-6516 medium 6.7 7.7 EXP magnicomp 9y ago A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-…
CVE-2013-4659 critical 9.8 10.0 EXP 9y ago Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U an…
CVE-2017-6506 critical 9.8 10.0 EXP azure_dex 9y ago In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that se…
CVE-2017-6465 critical 9.8 10.0 EXP ftpshell 9y ago Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leadin…
CVE-2017-6526 critical 9.8 10.0 EXP dnatools 9y ago An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi PO…
CVE-2017-6558 critical 9.8 10.0 EXP 9y ago iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router…
CVE-2017-6548 critical 9.8 10.0 EXP 9y ago Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-A…
CVE-2017-6547 medium 6.1 7.1 EXP 9y ago Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12…
CVE-2017-6416 critical 9.8 10.0 EXP flexense 9y ago An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a …
CVE-2017-6478 medium 6.1 7.1 EXP mangoswebv4_project 9y ago paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
CVE-2016-6883 medium 5.9 6.9 EXP matrixssl 9y ago MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.
CVE-2017-6187 critical 9.8 10.0 EXP disksavvy 9y ago Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.
CVE-2017-5586 critical 9.8 10.0 EXP opentext 9y ago OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons C…
CVE-2016-9684 critical 9.8 10.0 EXP 9y ago The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewc…
CVE-2016-9683 critical 9.8 10.0 EXP 9y ago The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'exten…
CVE-2016-9682 critical 9.8 10.0 EXP 9y ago The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the …
CVE-2017-6095 critical 9.8 10.0 EXP mail-masta_project 9y ago A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
CVE-2016-9316 medium 5.4 6.4 EXP trendmicro 9y ago Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Bu…
CVE-2016-9269 critical 9.9 10.0 EXP trendmicro 9y ago Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,…
CVE-2017-0038 medium 5.5 6.5 EXP windows windows 9y ago gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windo…
CVE-2017-2371 medium 6.5 7.5 EXPFIX slesmacos macosdebian debian 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.
CVE-2017-2365 medium 6.5 7.5 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allow…
CVE-2017-2364 medium 6.5 7.5 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the…
CVE-2017-2363 medium 6.5 7.5 EXPFIX slesmacos macosdebian debian applewebkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve…
CVE-2017-2361 medium 6.1 7.1 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.
CVE-2016-7608 medium 5.5 6.5 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from…
CVE-2017-5344 critical 9.8 10.0 EXP dotcms 9y ago An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query e…
CVE-2016-4316 medium 6.1 7.1 EXP wso2 9y ago WSO2 Carbon vulnerable to Cross-site Scripting
CVE-2016-4315 medium 5.7 6.7 EXP wso2 9y ago Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action…
CVE-2016-4314 medium 4.9 5.9 EXP wso2 9y ago WSO2 Carbon directory traversal vulnerability
CVE-2016-10134 critical 9.8 10.0 EXPFIX debian debian zabbix 9y ago SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
CVE-2016-3694 critical 9.8 10.0 EXP modified 9y ago Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands vi…
CVE-2017-5162 critical 9.8 10.0 EXP 9y ago An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.
CVE-2016-9361 critical 9.8 10.0 EXP moxa 9y ago An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…
CVE-2016-6210 medium 5.9 6.9 EXPFIX slesdebian debian openbsd 9y ago sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enu…
CVE-2017-5941 critical 9.8 10.0 EXP node-serialize_project 9y ago Code Execution through IIFE in node-serialize
CVE-2015-6024 critical 9.8 10.0 EXP 9y ago ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in…
CVE-2016-7400 critical 9.8 10.0 EXP exponentcms 9y ago Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action,…
CVE-2016-6175 critical 9.8 10.0 EXPFIX debian debian php-gettext_project 9y ago Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.
CVE-2015-2794 critical 9.8 10.0 EXP dnnsoftware 10y ago The installation wizard in DotNetNuke (DNN) allows privilege escalation
CVE-2016-10043 critical 10.0 10.0 EXP mrf 10y ago An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use…
CVE-2016-10176 critical 9.8 10.0 EXP 10y ago The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server…
CVE-2016-10175 critical 9.8 10.0 EXP 10y ago The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password…
CVE-2017-3248 critical 9.8 10.0 EXP oracle 10y ago Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. …
CVE-2017-3241 critical 9.0 10.0 EXPFIX slesdebian debian oracle 10y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u…
CVE-2016-7567 critical 9.8 10.0 EXP sles openslp 10y ago Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
CVE-2016-6603 critical 9.8 10.0 EXP zohocorp 10y ago ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
CVE-2016-6602 critical 9.8 10.0 EXP zohocorp 10y ago ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/…
CVE-2016-6600 critical 9.8 10.0 EXP zohocorp 10y ago Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the…
CVE-2016-5237 medium 4.8 5.8 EXP 10y ago Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse …
CVE-2016-4010 critical 9.8 10.0 EXP magento 10y ago Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
CVE-2014-2045 medium 6.1 7.1 EXP 10y ago Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the usernam…
CVE-2016-5725 medium 5.9 6.9 EXPFIX debian debian jcraft 10y ago Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
CVE-2016-6283 medium 6.1 7.1 EXP atlassian 10y ago Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.a…
CVE-2016-3411 medium 6.1 7.1 EXP synacor 10y ago Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609.
CVE-2016-6897 medium 6.5 7.5 EXPFIX debian debian wordpress 10y ago Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authenticatio…
CVE-2017-5223 medium 5.5 6.5 EXPFIX slesdebian debian phpmailer_project 10y ago Local file disclosure in PHPMailer
CVE-2017-5487 medium 5.3 6.3 EXPFIX arch archdebian debian wordpress 10y ago wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote…
CVE-2016-9813 medium 5.5 6.5 EXPFIX slesdebian debian gstreamer 10y ago The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
CVE-2016-9299 critical 9.8 10.0 EXP fedora fedora jenkins 10y ago Improper Neutralization of Special Elements used in an LDAP Query in Jenkins
CVE-2016-4807 medium 4.8 5.8 EXP web2py 10y ago Web2py Reflected XSS vulnerability
CVE-2015-4594 critical 9.8 10.0 EXP eclinicalworks 10y ago eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an exist…
CVE-2015-4591 medium 6.1 7.1 EXP eclinicalworks 10y ago eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage para…
CVE-2016-10108 critical 9.8 10.0 EXP western_digital 10y ago Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
CVE-2016-10074 critical 9.8 10.0 EXPFIX debian debian swiftmailer 10y ago Swift Mailer mail transport Command Injection
CVE-2016-10045 critical 9.8 10.0 EXPFIX arch archdebian debian phpmailer_projectwordpressjoomla 10y ago Remote code execution in PHPMailer
CVE-2016-10034 critical 9.8 10.0 EXP zend 10y ago zend-mail remote code execution via Sendmail adapter
CVE-2016-7456 critical 9.8 10.0 EXP vmware 10y ago VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
CVE-2016-9951 medium 6.5 7.5 EXP apport_project 10y ago An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user click…
CVE-2016-9565 critical 9.8 10.0 EXP nagios 10y ago MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed serv…
CVE-2016-7866 critical 9.8 10.0 EXP adobe 10y ago Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2016-6854 medium 6.1 7.1 EXP open-xchange 10y ago An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script cod…
CVE-2016-6853 medium 6.1 7.1 EXP open-xchange 10y ago An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on …
CVE-2016-6851 medium 6.1 7.1 EXP open-xchange 10y ago An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks aga…
CVE-2016-5740 medium 6.1 7.1 EXP open-xchange 10y ago An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's l…
CVE-2016-9796 critical 9.8 10.0 EXP alcatel-lucent 10y ago Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista i…
CVE-2016-9150 critical 9.8 10.0 EXP 10y ago Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 …
CVE-2016-7237 medium 6.5 7.5 EXP windows windows 10y ago Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Win…
CVE-2016-7226 medium 6.1 7.1 EXP windows windows 10y ago Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, …
CVE-2016-7225 medium 6.1 7.1 EXP windows windows 10y ago Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, …
CVE-2016-7224 medium 6.1 7.1 EXP windows windows 10y ago Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files…
CVE-2016-7216 medium 5.5 6.5 EXP windows windows 10y ago The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka…
CVE-2016-7386 medium 5.5 6.5 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler …
CVE-2016-7851 medium 6.1 7.1 EXP adobe 10y ago Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
CVE-2016-9111 medium 6.8 7.8 EXP citrix 10y ago Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection o…
CVE-2016-8869 critical 9.8 10.0 EXP joomla 10y ago The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use o…
CVE-2016-9018 medium 5.5 6.5 EXP realnetworks 10y ago Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.