Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2017-11631 |
|
dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.
dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.
|
| CVE-2017-11613 |
|
Vulnerability in dos (CVE-2017-11613)
vulnerability in dos (CVE-2017-11613). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11638 |
|
Vulnerability in c (CVE-2017-11638)
vulnerability in c (CVE-2017-11638). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11629 |
|
Cross-Site Scripting (XSS) in c (CVE-2017-11629)
cross-site scripting in c (CVE-2017-11629). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11651 |
|
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
|
| CVE-2017-11639 |
|
Out-of-Bounds Read in c (CVE-2017-11639)
vulnerability in c (CVE-2017-11639). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11624 |
|
Vulnerability in dos (CVE-2017-11624)
vulnerability in dos (CVE-2017-11624). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11625 |
|
Vulnerability in dos (CVE-2017-11625)
vulnerability in dos (CVE-2017-11625). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11626 |
|
Vulnerability in dos (CVE-2017-11626)
vulnerability in dos (CVE-2017-11626). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11627 |
|
Vulnerability in dos (CVE-2017-11627)
vulnerability in dos (CVE-2017-11627). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11628 |
|
Buffer Overflow in c (CVE-2017-11628)
vulnerability in c (CVE-2017-11628). Successful exploitation can lead to full system takeover.
|
| CVE-2017-9233 |
|
XXE (XML External Entity) in libexpat-project (CVE-2017-9233)
vulnerability in libexpat-project (CVE-2017-9233). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-6133 |
|
Cross-Site Scripting (XSS) in ektron (CVE-2016-6133)
cross-site scripting in ektron (CVE-2016-6133). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-6746 |
|
Vulnerability in cisco (CVE-2017-6746)
vulnerability in cisco (CVE-2017-6746). Successful exploitation can lead to full system takeover.
|
| CVE-2017-6751 |
|
Vulnerability in cisco (CVE-2017-6751)
vulnerability in cisco (CVE-2017-6751). Data can be tampered with by attackers.
|
| CVE-2017-6749 |
|
Cross-Site Scripting (XSS) in cisco (CVE-2017-6749)
cross-site scripting in cisco (CVE-2017-6749). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-6755 |
|
Cross-Site Scripting (XSS) in cisco (CVE-2017-6755)
cross-site scripting in cisco (CVE-2017-6755). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-6672 |
|
Authorization Flaw in cisco (CVE-2017-6672)
vulnerability in cisco (CVE-2017-6672). Data can be tampered with by attackers.
|
| CVE-2017-6612 |
|
Buffer Overflow in cisco (CVE-2017-6612)
vulnerability in cisco (CVE-2017-6612). Data can be tampered with by attackers.
|
| CVE-2017-6753 |
|
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected br...
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meeti...
|
| CVE-2017-6748 |
|
Vulnerability in cisco (CVE-2017-6748)
vulnerability in cisco (CVE-2017-6748). Successful exploitation can lead to full system takeover.
|
| CVE-2017-6750 |
|
Vulnerability in cisco (CVE-2017-6750)
vulnerability in cisco (CVE-2017-6750). Data can be tampered with by attackers.
|
| CVE-2017-9413 |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a po...
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via t...
|
| CVE-2016-10401 |
|
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists w...
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).
|
| CVE-2017-11457 |
|
XXE (XML External Entity) in ssrf (CVE-2017-11457)
vulnerability in ssrf (CVE-2017-11457). Confidential information can be exposed externally.
|
| CVE-2017-11458 |
|
Cross-Site Scripting (XSS) in sap (CVE-2017-11458)
cross-site scripting in sap (CVE-2017-11458). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11460 |
|
Cross-Site Scripting (XSS) in sap (CVE-2017-11460)
cross-site scripting in sap (CVE-2017-11460). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11434 |
|
Out-of-Bounds Read in c (CVE-2017-11434)
vulnerability in c (CVE-2017-11434). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11459 |
|
Code Injection in sap (CVE-2017-11459)
code injection in sap (CVE-2017-11459). Successful exploitation can lead to full system takeover.
|
| CVE-2015-1417 |
|
Vulnerability in dos (CVE-2015-1417)
vulnerability in dos (CVE-2015-1417). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-0904 |
|
Vulnerability in shidax (CVE-2015-0904)
vulnerability in shidax (CVE-2015-0904). Confidential information can be exposed externally.
|
| CVE-2015-1332 |
|
The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute ar...
The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.
|
| CVE-2015-1438 |
|
Buffer Overflow in panda-security (CVE-2015-1438)
vulnerability in panda-security (CVE-2015-1438). Successful exploitation can lead to full system takeover.
|
| CVE-2015-6585 |
|
Buffer Overflow in hancom (CVE-2015-6585)
vulnerability in hancom (CVE-2015-6585). Successful exploitation can lead to full system takeover.
|
| CVE-2015-3171 |
|
Information Disclosure in sosreport (CVE-2015-3171)
vulnerability in sosreport (CVE-2015-3171). Confidential information can be exposed externally. Mitigation: upgrade to `d7759d3ddae5fe99a340c88a1d370d65cfa73fd6` or later.
|
| CVE-2015-5187 |
|
Information Disclosure in candlepinproject (CVE-2015-5187)
vulnerability in candlepinproject (CVE-2015-5187). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-4462 |
|
Unrestricted File Upload in path-traversal (CVE-2015-4462)
vulnerability in path-traversal (CVE-2015-4462). Confidential information can be exposed externally.
|
| CVE-2015-4463 |
|
Unrestricted File Upload in efrontlearning (CVE-2015-4463)
vulnerability in efrontlearning (CVE-2015-4463). Data can be tampered with by attackers.
|
| CVE-2015-3149 |
|
Vulnerability in redhat (CVE-2015-3149)
vulnerability in redhat (CVE-2015-3149). Data can be tampered with by attackers.
|
| CVE-2015-3243 |
|
Vulnerability in rsyslog (CVE-2015-3243)
vulnerability in rsyslog (CVE-2015-3243). Confidential information can be exposed externally.
|
| CVE-2015-8013 |
|
Vulnerability in openpgpjs (CVE-2015-8013)
vulnerability in openpgpjs (CVE-2015-8013). Confidential information can be exposed externally.
|
| CVE-2015-2798 |
|
SQL Injection in sqli (CVE-2015-2798)
SQL injection in sqli (CVE-2015-2798). Successful exploitation can lead to full system takeover.
|
| CVE-2015-3278 |
|
Vulnerability in nss-compat-ossl-project (CVE-2015-3278)
vulnerability in nss-compat-ossl-project (CVE-2015-3278). Successful exploitation can lead to full system takeover.
|
| CVE-2015-4035 |
|
Vulnerability in tukaani (CVE-2015-4035)
vulnerability in tukaani (CVE-2015-4035). Successful exploitation can lead to full system takeover.
|
| CVE-2015-0674 |
|
Cross-Site Scripting (XSS) in cisco (CVE-2015-0674)
cross-site scripting in cisco (CVE-2015-0674). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-5594 |
|
Cross-Site Scripting (XSS) in zenphoto (CVE-2015-5594)
cross-site scripting in zenphoto (CVE-2015-5594). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-5221 |
|
Use-After-Free in c (CVE-2015-5221)
vulnerability in c (CVE-2015-5221). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11617 |
|
Cross-Site Scripting (XSS) in atmail (CVE-2017-11617)
cross-site scripting in atmail (CVE-2017-11617). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11614 |
|
Vulnerability in medhost (CVE-2017-11614)
vulnerability in medhost (CVE-2017-11614). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11566 |
|
AppUse 4.0 allows shell command injection via a proxy field.
AppUse 4.0 allows shell command injection via a proxy field.
|