VIR Vulnerability Intelligence Relay

Search

Found 3,443 results in 440ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-15645 high 8.8 9.8 EXP webmin 9y ago CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
CVE-2017-15644 high 8.6 9.6 EXP webmin 9y ago SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
CVE-2017-15643 high 7.4 8.4 EXP ikarussecurity 9y ago An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum …
CVE-2017-10309 high 7.1 8.1 EXPFIX sles rheldebian debian oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthentic…
CVE-2017-12579 high 7.8 8.8 EXP hashicorp 9y ago An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.
CVE-2015-7715 high 8.8 9.8 EXP realtyna 9y ago Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests th…
CVE-2015-7714 high 7.2 8.2 EXP realtyna 9y ago Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in…
CVE-2017-15595 high 8.8 9.8 EXPFIX slesdebian debian 9y ago An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via…
CVE-2017-15578 high 8.8 9.8 EXP phpsugar 9y ago In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
CVE-2014-9118 high 8.8 9.8 EXP 9y ago The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.
CVE-2014-8357 high 8.8 9.8 EXP 9y ago backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the s…
CVE-2017-15221 high 7.8 8.8 EXP asx_to_mp3_converter_project 9y ago ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324.
CVE-2014-9147 high 7.5 8.5 EXP fiyo 9y ago Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.
CVE-2017-15276 high 8.8 9.8 EXP opentext 9y ago OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser…
CVE-2017-15013 high 8.8 9.8 EXP opentext 9y ago OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser…
CVE-2017-15012 high 8.8 9.8 EXP opentext 9y ago OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack…
CVE-2017-11811 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s…
CVE-2017-11810 high 7.5 8.5 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201…
CVE-2017-11809 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s…
CVE-2017-11802 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s…
CVE-2017-11799 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s…
CVE-2017-11793 high 7.5 8.5 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201…
CVE-2017-15236 high 7.5 8.5 EXP 9y ago Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config…
CVE-2017-15235 high 7.5 8.5 EXPFIX debian debian horde 9y ago The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact fi…
CVE-2015-2856 high 7.5 8.5 EXP accellion 9y ago Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (d…
CVE-2017-5637 high 7.5 8.5 EXPFIX debian debian apache 9y ago Uncontrolled Resource Consumption in Apache ZooKeeper
CVE-2015-2673 high 8.8 9.8 EXP wpeasycart 9y ago The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain a…
CVE-2015-2143 high 8.8 9.8 EXP phpbugtracker_project 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecifi…
CVE-2015-2142 high 8.0 9.0 EXP phpbugtracker_project 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that caus…
CVE-2017-13068 high 7.5 8.5 EXP qnap 9y ago QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attack…
CVE-2017-14087 high 7.5 8.5 EXP trendmicro 9y ago A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a mali…
CVE-2017-14086 high 7.5 8.5 EXP trendmicro 9y ago Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executabl…
CVE-2017-14084 high 8.1 9.1 EXP trendmicro 9y ago A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
CVE-2017-14083 high 7.5 8.5 EXP trendmicro 9y ago A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.
CVE-2017-15035 high 7.5 8.5 EXP emtec 9y ago EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash).
CVE-2017-1000119 high 7.2 8.2 EXP octobercms 9y ago October CMS PHP Code Execution
CVE-2017-1000117 high 8.8 9.8 EXPFIX arch arch slesdebian debian git-scm 9y ago A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Suc…
CVE-2017-1000112 high 7.0 8.0 EXPFIX slesarch archdebian debian 9y ago Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two…
CVE-2017-6090 high 8.8 9.8 EXP phpcollab 9y ago Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte…
CVE-2017-14848 high 8.8 9.8 EXP dasinfomedia 9y ago WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.
CVE-2017-14758 high 8.8 9.8 EXP opentext 9y ago OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.…
CVE-2017-14757 high 8.8 9.8 EXP opentext 9y ago OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/down…
CVE-2017-14496 high 7.5 8.5 EXPFIX arch archdebian debianubuntu ubuntu thekelleys 9y ago multiple issues in dnsmasq
CVE-2017-14495 high 7.5 8.5 EXPFIX arch arch slesdebian debian thekelleys 9y ago multiple issues in dnsmasq
CVE-2017-11322 high 8.2 9.2 EXP ucopia 9y ago The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
CVE-2017-11321 high 7.2 8.2 EXP ucopia 9y ago The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
CVE-2015-7358 high 7.8 8.8 EXP ciphershedidrixtruecrypt 9y ago The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which …
CVE-2017-14847 high 8.8 9.8 EXP dasinfomedia 9y ago Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14846 high 8.8 9.8 EXP dasinfomedia 9y ago Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14845 high 8.8 9.8 EXP dasinfomedia 9y ago Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14844 high 8.8 9.8 EXP dasinfomedia 9y ago Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
CVE-2017-14843 high 8.8 9.8 EXP dasinfomedia 9y ago Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14842 high 8.8 9.8 EXP dasinfomedia 9y ago Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.
CVE-2017-14840 high 8.8 9.8 EXP teamworktec 9y ago TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
CVE-2017-14839 high 8.8 9.8 EXP teamworktec 9y ago TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
CVE-2017-14838 high 8.8 9.8 EXP teamworktec 9y ago TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
CVE-2015-3643 high 7.8 8.8 EXP ubuntu ubuntu usb-creator_project 9y ago usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local…
CVE-2015-1336 high 7.8 8.8 EXPFIX debian debianubuntu ubuntu man-db_project 9y ago The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
CVE-2017-14704 high 8.8 9.8 EXP claydip 9y ago Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code …
CVE-2017-13129 high 8.0 9.0 EXP zkteco 9y ago Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators …
CVE-2014-0997 high 7.5 8.5 EXP 9y ago WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and poten…
CVE-2015-7293 high 8.8 9.8 EXP plonezope 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
CVE-2015-4669 high 7.8 8.8 EXP xceedium 9y ago The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
CVE-2017-14627 high 7.8 8.8 EXP cyberlink 9y ago Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) a…
CVE-2017-14680 high 7.5 8.5 EXP zkteco 9y ago ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
CVE-2017-12929 high 8.8 9.8 EXP tecnovision 9y ago Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.
CVE-2017-7924 high 7.5 8.5 EXP 9y ago An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could s…
CVE-2015-4075 high 8.1 9.1 EXP helpdeskpro 9y ago The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.
CVE-2015-4074 high 7.5 8.5 EXP helpdesk_pro_project 9y ago Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download…
CVE-2017-8770 high 7.5 8.5 EXP 9y ago There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.
CVE-2015-4685 high 7.0 8.0 EXP polycom 9y ago Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo m…
CVE-2015-4681 high 7.8 8.8 EXP polycom 9y ago Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
CVE-2017-14311 high 7.8 8.8 EXP netmechanica 9y ago The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call.
CVE-2014-9619 high 7.2 8.2 EXP netsweeper 9y ago Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with a…
CVE-2017-9798 high 7.5 8.5 EXPFIX debian debianarch arch sles apache 9y ago Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsb…
CVE-2014-9463 high 8.8 9.8 EXP vbseovbulletin 9y ago functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.
CVE-2017-0781 high 8.8 9.8 EXP 9y ago A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.
CVE-2017-6008 high 7.8 8.8 EXP sophos 9y ago A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate p…
CVE-2017-8755 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting eng…
CVE-2017-8751 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft…
CVE-2017-8740 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in…
CVE-2017-8734 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft E…
CVE-2017-8731 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses object…
CVE-2017-8729 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in…
CVE-2017-8682 high 8.8 9.8 EXP windows windows microsoft 9y ago Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 20…
CVE-2017-11764 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scri…
CVE-2017-14344 high 7.8 8.8 EXP jungo 9y ago This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system i…
CVE-2017-1000251 high 8.0 9.0 EXPFIX slesarch archdebian debian nvidia 9y ago The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing …
CVE-2017-14335 high 7.5 8.5 EXP 9y ago On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.
CVE-2017-14266 high 7.8 8.8 EXPFIX debian debian broadcom 9y ago tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.
CVE-2017-14153 high 7.8 8.8 EXP jungo 9y ago This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system i…
CVE-2017-14075 high 7.8 8.8 EXP jungo 9y ago This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system i…
CVE-2015-3314 high 8.1 9.1 EXP tune_library_project 9y ago SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.
CVE-2015-3222 high 7.0 8.0 EXP ossec 9y ago syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root.
CVE-2017-13713 high 8.8 9.8 EXP 9y ago T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg.
CVE-2017-11567 high 8.8 9.8 EXP cesanta 9y ago Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to…
CVE-2017-1000083 high 7.8 8.8 EXPFIX debian debianarch arch sles gnome 9y ago backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a fi…
CVE-2015-5958 high 8.8 9.8 EXP phpfilemanager_project 9y ago phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.
CVE-2014-8675 high 7.5 8.5 EXP soplanning 9y ago Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force at…
CVE-2017-12763 high 8.8 9.8 EXP macos macos linux-kernel nomachine 9y ago An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.