Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2017-14037 |
|
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability.
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability.
|
| CVE-2017-14038 |
|
CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability.
CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability.
|
| CVE-2017-11157 |
|
Vulnerability in synology (CVE-2017-11157)
vulnerability in synology (CVE-2017-11157). Successful exploitation can lead to full system takeover.
|
| CVE-2016-5001 |
|
Information Disclosure in apache (CVE-2016-5001)
vulnerability in apache (CVE-2016-5001). Confidential information can be exposed externally.
|
| CVE-2017-13780 |
|
Path Traversal in path-traversal (CVE-2017-13780)
path traversal in path-traversal (CVE-2017-13780). Confidential information can be exposed externally.
|
| CVE-2016-4462 |
|
Vulnerability in apache (CVE-2016-4462)
vulnerability in apache (CVE-2016-4462). Successful exploitation can lead to full system takeover.
|
| CVE-2016-6800 |
|
Cross-Site Scripting (XSS) in apache (CVE-2016-6800)
cross-site scripting in apache (CVE-2016-6800). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-3163 |
|
Path Traversal in apache (CVE-2017-3163)
path traversal in apache (CVE-2017-3163). Confidential information can be exposed externally.
|
| CVE-2017-13778 |
|
Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter.
Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter.
|
| CVE-2017-13768 |
|
Vulnerability in c (CVE-2017-13768)
vulnerability in c (CVE-2017-13768). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-13769 |
|
Out-of-Bounds Read in c (CVE-2017-13769)
vulnerability in c (CVE-2017-13769). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-13758 |
|
Buffer Overflow in c (CVE-2017-13758)
vulnerability in c (CVE-2017-13758). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-8752 |
|
Vulnerability in apache (CVE-2016-8752)
vulnerability in apache (CVE-2016-8752). Confidential information can be exposed externally.
|
| CVE-2017-3150 |
|
Cross-Site Scripting (XSS) in apache (CVE-2017-3150)
cross-site scripting in apache (CVE-2017-3150). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-3151 |
|
Cross-Site Scripting (XSS) in apache (CVE-2017-3151)
cross-site scripting in apache (CVE-2017-3151). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-3152 |
|
Cross-Site Scripting (XSS) in apache (CVE-2017-3152)
cross-site scripting in apache (CVE-2017-3152). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-3153 |
|
Cross-Site Scripting (XSS) in apache (CVE-2017-3153)
cross-site scripting in apache (CVE-2017-3153). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-3154 |
|
Information Disclosure in apache (CVE-2017-3154)
vulnerability in apache (CVE-2017-3154). Confidential information can be exposed externally.
|
| CVE-2017-3155 |
|
Cross-Site Scripting (XSS) in apache (CVE-2017-3155)
cross-site scripting in apache (CVE-2017-3155). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-7517 |
|
SQL Injection in wordpress (CVE-2015-7517)
SQL injection in wordpress (CVE-2015-7517). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12775 |
|
Vulnerability in question2answer (CVE-2017-12775)
vulnerability in question2answer (CVE-2017-12775). Data can be tampered with by attackers.
|
| CVE-2017-12856 |
|
Cross-Site Scripting (XSS) in c (CVE-2017-12856)
cross-site scripting in c (CVE-2017-12856). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-5209 |
|
Vulnerability in apache (CVE-2015-5209)
vulnerability in apache (CVE-2015-5209). Data can be tampered with by attackers.
|
| CVE-2017-11455 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-11455)
vulnerability in csrf (CVE-2017-11455). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12875 |
|
Vulnerability in dos (CVE-2017-12875)
vulnerability in dos (CVE-2017-12875). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-10844 |
|
Code Injection in basercms (CVE-2017-10844)
code injection in basercms (CVE-2017-10844). Successful exploitation can lead to full system takeover.
|
| CVE-2017-3735 |
|
Buffer Overflow in openssl (CVE-2017-3735)
vulnerability in openssl (CVE-2017-3735). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12876 |
|
Out-of-Bounds Write in c (CVE-2017-12876)
out-of-bounds write in c (CVE-2017-12876). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12877 |
|
Use-After-Free in c (CVE-2017-12877)
vulnerability in c (CVE-2017-12877). Risk of unauthorized operations or information disclosure.
|
| CVE-2014-5301 |
|
Path Traversal in path-traversal (CVE-2014-5301)
path traversal in path-traversal (CVE-2014-5301). Successful exploitation can lead to full system takeover.
|
| CVE-2014-5302 |
|
Path Traversal in path-traversal (CVE-2014-5302)
path traversal in path-traversal (CVE-2014-5302). Successful exploitation can lead to full system takeover.
|
| CVE-2014-9469 |
|
Cross-Site Scripting (XSS) in vbulletin (CVE-2014-9469)
cross-site scripting in vbulletin (CVE-2014-9469). Risk of unauthorized operations or information disclosure.
|
| CVE-2014-7860 |
|
Information Disclosure in d-link (CVE-2014-7860)
vulnerability in d-link (CVE-2014-7860). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-3211 |
|
php-fpm allows local users to write to or create arbitrary files via a symlink attack.
php-fpm allows local users to write to or create arbitrary files via a symlink attack.
|
| CVE-2015-4180 |
|
Path Traversal in path-traversal (CVE-2015-4180)
path traversal in path-traversal (CVE-2015-4180). Confidential information can be exposed externally.
|
| CVE-2015-4181 |
|
Path Traversal in path-traversal (CVE-2015-4181)
path traversal in path-traversal (CVE-2015-4181). Confidential information can be exposed externally.
|
| CVE-2015-4017 |
|
Vulnerability in salt (CVE-2015-4017)
vulnerability in salt (CVE-2015-4017). Data can be tampered with by attackers. Mitigation: upgrade to `2014.7.6` or later.
|
| CVE-2017-13697 |
|
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
|
| CVE-2015-8352 |
|
Path Traversal in path-traversal (CVE-2015-8352)
path traversal in path-traversal (CVE-2015-8352). Successful exploitation can lead to full system takeover.
|
| CVE-2015-8355 |
|
SQL Injection in sqli (CVE-2015-8355)
SQL injection in sqli (CVE-2015-8355). Successful exploitation can lead to full system takeover.
|
| CVE-2017-13671 |
|
Cross-Site Scripting (XSS) in misp (CVE-2017-13671)
cross-site scripting in misp (CVE-2017-13671). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-9555 |
|
Cross-Site Scripting (XSS) in synology (CVE-2017-9555)
cross-site scripting in synology (CVE-2017-9555). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12879 |
|
Cross-Site Scripting (XSS) in paessler (CVE-2017-12879)
cross-site scripting in paessler (CVE-2017-12879). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-9511 |
|
Path Traversal in path-traversal (CVE-2017-9511)
path traversal in path-traversal (CVE-2017-9511). Confidential information can be exposed externally.
|
| CVE-2017-12679 |
|
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
|
| CVE-2017-13669 |
|
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
|
| CVE-2017-13658 |
|
Vulnerability in c (CVE-2017-13658)
vulnerability in c (CVE-2017-13658). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12970 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-12970)
vulnerability in csrf (CVE-2017-12970). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12971 |
|
Cross-Site Scripting (XSS) in apache2triad (CVE-2017-12971)
cross-site scripting in apache2triad (CVE-2017-12971). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11159 |
|
Vulnerability in synology (CVE-2017-11159)
vulnerability in synology (CVE-2017-11159). Successful exploitation can lead to full system takeover.
|