Vulnerabilities (CVE)

Total 16400 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4926 1 Juniper 1 Junos Space 2017-03-22 7.5 HIGH 9.8 CRITICAL
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.
CVE-2014-9939 1 Gnu 1 Binutils 2017-03-22 7.5 HIGH 9.8 CRITICAL
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
CVE-2015-8981 1 Podofo Project 1 Podofo 2017-03-21 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.
CVE-2017-6880 1 Cerberus 1 Cerberus Ftp Server 2017-03-21 7.5 HIGH 9.8 CRITICAL
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.
CVE-2017-5358 1 Easycom-aura 1 Easycom For Php 2017-03-21 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.
CVE-2014-8704 1 Wondercms 1 Wondercms 2017-03-20 7.5 HIGH 9.8 CRITICAL
Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme.
CVE-2014-8705 1 Wondercms 1 Wondercms 2017-03-20 7.5 HIGH 9.8 CRITICAL
PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter.
CVE-2014-8708 1 Pluck-cms 1 Pluck 2017-03-20 7.5 HIGH 9.8 CRITICAL
Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature.
CVE-2015-3884 1 Qdpm 1 Qdpm 2017-03-20 7.5 HIGH 9.8 CRITICAL
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/.
CVE-2016-8363 1 Moxa 28 Awk-1121, Awk-1121 Firmware, Awk-1127 and 25 more 2017-03-16 7.5 HIGH 10.0 CRITICAL
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server.
CVE-2016-10131 1 Codeigniter 1 Codeigniter 2017-03-16 7.5 HIGH 9.8 CRITICAL
system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.
CVE-2017-5668 1 Bitlbee 2 Bitlbee, Bitlbee-libpurple 2017-03-16 7.5 HIGH 9.8 CRITICAL
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.
CVE-2016-8352 1 Schneider-electric 6 Connexium Firmware, Tcsefec23f3f20, Tcsefec23f3f21 and 3 more 2017-03-15 7.5 HIGH 10.0 CRITICAL
An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code.
CVE-2017-5674 1 Embedthis 1 Goahead 2017-03-15 5.0 MEDIUM 9.8 CRITICAL
A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password.
CVE-2013-4659 2 Asus, Trendnet 4 Rt-ac66u, Rt-ac66u Firmware, Tew-812dru and 1 more 2017-03-15 10.0 HIGH 9.8 CRITICAL
Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.
CVE-2017-6506 1 Azure Dex 1 Data Expert Ultimate 2017-03-15 7.5 HIGH 9.8 CRITICAL
In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
CVE-2017-6465 1 Ftpshell 1 Ftpshell Client 2017-03-14 7.5 HIGH 9.8 CRITICAL
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.
CVE-2016-5815 1 Schneider-electric 6 Ion5000, Ion7300, Ion7500 and 3 more 2017-03-14 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.
CVE-2016-1985 2 Hp, Microsoft 2 Operations Manager, Windows 2017-03-14 10.0 HIGH 10.0 CRITICAL
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
CVE-2017-5954 1 Serialize-to-js Project 1 Serialize-to-js 2017-03-13 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).