Vulnerabilities (CVE)

Total 23892 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1002016 1 Flickr Picture Backup Project 1 Flickr Picture Backup 2023-12-10 7.5 HIGH 9.8 CRITICAL
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.
CVE-2015-7877 1 User Dashboard Project 1 User Dashboard 2023-12-10 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-17968 1 Xi-soft 1 Nettransport Download Manager 2023-12-10 10.0 HIGH 9.8 CRITICAL
A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.
CVE-2017-17643 1 Lynda Clone Project 1 Lynda Clone 2023-12-10 7.5 HIGH 9.8 CRITICAL
FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.
CVE-2015-7841 1 Huawei 10 Fusionserver Ch121 V3, Fusionserver Ch220 V3, Fusionserver Ch222 V3 and 7 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a "user creation command."
CVE-2017-13997 1 Schneider-electric 2 Wonderware Indusoft Web Studio, Wonderware Intouch 2023-12-10 10.0 HIGH 9.8 CRITICAL
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.
CVE-2017-7105 1 Apple 3 Iphone Os, Tvos, Watchos 2023-12-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.
CVE-2017-15978 1 Arox 1 School Erp Php Script 2023-12-10 7.5 HIGH 9.8 CRITICAL
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
CVE-2015-9246 1 Skyboxsecurity 1 Skybox Platform 2023-12-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost.
CVE-2012-4449 1 Apache 1 Hadoop 2023-12-10 7.5 HIGH 9.8 CRITICAL
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.
CVE-2016-10375 1 Yodl Project 1 Yodl 2023-12-10 7.5 HIGH 9.8 CRITICAL
Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c.
CVE-2017-14648 1 Bladeenc 1 Bladeenc 2023-12-10 7.5 HIGH 9.8 CRITICAL
A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.
CVE-2017-17946 1 Novosoft 1 Handy Password 2023-12-10 7.5 HIGH 9.8 CRITICAL
A buffer overflow in Handy Password 4.9.3 allows remote attackers to execute arbitrary code via a long "Title name" field in "mail box" data that is mishandled in an "Open from mail box" action.
CVE-2017-11459 1 Sap 1 Trex 2023-12-10 7.5 HIGH 9.8 CRITICAL
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.
CVE-2017-17701 1 K7computing 1 Antivirus 2023-12-10 7.5 HIGH 9.8 CRITICAL
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.
CVE-2017-13026 1 Tcpdump 1 Tcpdump 2023-12-10 7.5 HIGH 9.8 CRITICAL
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions.
CVE-2017-10685 1 Gnu 1 Ncurses 2023-12-10 7.5 HIGH 9.8 CRITICAL
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
CVE-2017-10670 1 Xoev 1 Osci Transport Library 2023-12-10 7.5 HIGH 9.8 CRITICAL
An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure.
CVE-2017-12940 1 Rarlab 1 Unrar 2023-12-10 7.5 HIGH 9.8 CRITICAL
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
CVE-2017-13006 1 Tcpdump 1 Tcpdump 2023-12-10 7.5 HIGH 9.8 CRITICAL
The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.