Total
24574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2355 | 1 Dotcms | 1 Dotcms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | |||||
CVE-2017-5158 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified. | |||||
CVE-2016-10082 | 1 S9y | 1 Serendipity | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file. | |||||
CVE-2016-7479 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. | |||||
CVE-2017-2785 | 1 Pharos | 1 Popup | 2023-12-10 | 10.0 HIGH | 10.0 CRITICAL |
An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit. | |||||
CVE-2016-7986 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions. | |||||
CVE-2016-7955 | 1 Alienvault | 2 Ossim, Unified Security Management | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header. | |||||
CVE-2007-6759 | 1 Dataprobe | 2 Ibootbar, Ibootbar Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie. | |||||
CVE-2014-9921 | 1 Mcafee | 1 Cloud Analysis And Deconstructive Services | 2023-12-10 | 9.7 HIGH | 9.8 CRITICAL |
Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error. | |||||
CVE-2016-9835 | 1 Zikula | 1 Zikula Application Framework | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file. | |||||
CVE-2016-9481 | 1 Exponentcms | 1 Exponent Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection. | |||||
CVE-2017-5139 | 1 Honeywell | 1 Xl Web Ii Controller | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. | |||||
CVE-2016-9052 | 1 Aerospike | 1 Database Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. | |||||
CVE-2016-9639 | 1 Saltstack | 1 Salt | 2023-12-10 | 7.5 HIGH | 9.1 CRITICAL |
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | |||||
CVE-2016-7663 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string. | |||||
CVE-2016-7984 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print(). | |||||
CVE-2016-7866 | 1 Adobe | 1 Animate | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-6551 | 1 Pexip | 1 Pexip Infinity | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes. | |||||
CVE-2017-7878 | 1 Flatcore | 1 Flatcore-cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | |||||
CVE-2017-9188 | 1 Autotrace Project | 1 Autotrace | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63. |