Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1458 | 1 Fortinet | 1 Fortiauthenticator | 2017-09-08 | 6.9 MEDIUM | N/A |
| Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. | |||||
| CVE-2015-1459 | 1 Fortinet | 1 Fortiauthenticator | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. | |||||
| CVE-2015-1475 | 1 Mylittleforum | 1 My Little Forum | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to forum.php or the (3) page or (4) order parameter to (a) board_entry.php or (b) forum_entry.php. | |||||
| CVE-2015-1499 | 1 Samsung | 1 Samsung Security Manager | 2017-09-08 | 8.5 HIGH | N/A |
| The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. | |||||
| CVE-2015-1512 | 1 Fancyfon | 1 Famoc | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FancyFon FAMOC before 3.17.4 allow remote attackers to inject arbitrary web script or HTML via the (1) LoginForm[username] to ui/system/login or the (2) order or (3) myorgs to index.php. | |||||
| CVE-2015-1513 | 1 Siphon | 1 Siphone Enterprise Pbx | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username. | |||||
| CVE-2015-1545 | 1 Openldap | 1 Openldap | 2017-09-08 | 5.0 MEDIUM | N/A |
| The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. | |||||
| CVE-2015-1559 | 1 Epignosis | 1 Efront | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that (1) delete modules via the delete_module parameter, (2) deactivate modules via the deactivate_module parameter, (3) activate modules via the activate_module parameter, (4) delete users via the delete_user parameter, (5) deactivate users via the deactivate_user parameter, (6) activate users via the activate_user parameter, (7) activate themes via the set_theme parameter, (8) deactivate themes via the set_theme parameter, (9) delete themes via the delete parameter, (10) deactivate events (user registration or email activation) via the deactivate_notification parameter, (11) activate events via the activate_notification parameter, (12) delete events via the delete_notification parameter, (13) deactivate language settings via the deactivate_language parameter, (14) activate language settings via the activate_language parameter, (15) delete language settings via the delete_language parameter, or (16) activate or deactivate the autologin feature for a user via a crafted maintenance request. | |||||
| CVE-2015-1567 | 1 Studio.gd | 1 Gd Infinite Scroll | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the admin page in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote authenticated users with the "edit gd infinite scroll settings" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1568 | 1 Studio.gd | 1 Gd Infinite Scroll | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the "edit gd infinite scroll settings" permission for requests that delete settings via unspecified vectors. | |||||
| CVE-2015-1589 | 1 Archmage Project | 1 Archmage | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a .. (dot dot) in a CHM file. | |||||
| CVE-2015-2039 | 1 Acobot Live Chat \& Contact Form Project | 1 Acobot Live Chat \& Contact Form | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or (2) conduct cross-site scripting (XSS) attacks via the acobot_token parameter in the acobot page to wp-admin/options-general.php. | |||||
| CVE-2015-2040 | 1 Cfdbplugin | 1 Contact Form Db | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit_time parameter in the CF7DBPluginSubmissions page to wp-admin/admin.php. | |||||
| CVE-2015-3389 | 1 Public Download Count Project | 1 Public Download Count | 2017-09-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Download counts report page in the Public Download Count module (pubdlcnt) 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3390 | 1 Facebook Album Fetcher Project | 1 Facebook Album Fetcher | 2017-09-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3392 | 1 Ajax Timeline Project | 1 Ajax Timeline | 2017-09-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax Timeline module before 7.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2015-3393 | 1 Fibonacciorange | 1 Wedeal | 2017-09-08 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Commerce WeDeal module before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. | |||||
| CVE-2015-5574 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2017-09-08 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682. | |||||
| CVE-2015-8048 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2017-09-08 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. | |||||
| CVE-2015-8426 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2017-09-08 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. | |||||
| CVE-2015-0935 | 1 Bomgar | 1 Remote Support | 2017-09-07 | 7.5 HIGH | N/A |
| Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts. | |||||
| CVE-2017-5716 | 2017-09-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12865. Reason: This candidate is a reservation duplicate of CVE-2017-12865. Notes: All CVE users should reference CVE-2017-12865 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-8380 | 1 Splunk | 1 Splunk | 2017-09-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression. | |||||
| CVE-2015-1497 | 1 Persistent Systems | 1 Radia Client Automation | 2017-09-03 | 10.0 HIGH | N/A |
| radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465. | |||||
| CVE-2015-2866 | 1 Grandstream | 2 Gxv3611 Hd, Gxv3611 Hd Firmware | 2017-09-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. | |||||
| CVE-2013-1086 | 1 Novell | 1 Groupwise | 2017-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. | |||||
| CVE-2011-4060 | 1 Qnx | 1 Neutrino Rtos | 2017-09-02 | 3.3 LOW | N/A |
| The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack. | |||||
| CVE-2012-5324 | 1 Tracker-software | 1 Pdf-xchange | 2017-09-02 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker Software PDF-XChange 3.60.0128 allow remote attackers to execute arbitrary code via a long string in the (1) sub_path parameter to the StoreInRegistry function or (2) sub_key parameter to the InitFromRegistry function. | |||||
| CVE-2012-5897 | 1 Quest | 1 Intrust | 2017-09-02 | 9.3 HIGH | N/A |
| The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument. | |||||
| CVE-2014-3712 | 1 Katello | 1 Katello | 2017-09-02 | 5.0 MEDIUM | N/A |
| Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method. | |||||
| CVE-2015-6565 | 1 Openbsd | 1 Openssh | 2017-09-02 | 7.2 HIGH | N/A |
| sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence. | |||||
| CVE-2017-13753 | 2017-08-31 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9396. Reason: This candidate is a duplicate of CVE-2016-9396. Notes: All CVE users should reference CVE-2016-9396 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-3277 | 1 Cisco | 2 Ios, Ios Xe | 2017-08-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted H.323 packets to TCP port 1720, aka Bug ID CSCth11006. | |||||
| CVE-2011-3278 | 1 Cisco | 2 Ios, Ios Xe | 2017-08-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCti48483. | |||||
| CVE-2012-3949 | 1 Cisco | 3 Ios, Ios Xe, Unified Communications Manager | 2017-08-29 | 7.8 HIGH | N/A |
| The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664. | |||||
| CVE-2014-4403 | 1 Apple | 1 Mac Os X | 2017-08-29 | 2.1 LOW | N/A |
| The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. | |||||
| CVE-2014-4409 | 1 Apple | 1 Iphone Os | 2017-08-29 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. | |||||
| CVE-2014-4416 | 1 Apple | 1 Mac Os X | 2017-08-29 | 6.9 MEDIUM | N/A |
| An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4401. | |||||
| CVE-2014-4417 | 1 Apple | 1 Mac Os X | 2017-08-29 | 5.0 MEDIUM | N/A |
| Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification. | |||||
| CVE-2014-4423 | 1 Apple | 1 Iphone Os | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | |||||
| CVE-2014-4424 | 1 Apple | 1 Os X Server | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4425 | 1 Apple | 1 Mac Os X | 2017-08-29 | 4.6 MEDIUM | N/A |
| CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2014-4426 | 1 Apple | 1 Mac Os X | 2017-08-29 | 4.3 MEDIUM | N/A |
| AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. | |||||
| CVE-2014-4427 | 1 Apple | 1 Mac Os X | 2017-08-29 | 7.5 HIGH | N/A |
| App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. | |||||
| CVE-2014-4428 | 1 Apple | 1 Mac Os X | 2017-08-29 | 5.4 MEDIUM | N/A |
| Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing. | |||||
| CVE-2014-4430 | 1 Apple | 1 Mac Os X | 2017-08-29 | 4.7 MEDIUM | N/A |
| CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. | |||||
| CVE-2014-4431 | 1 Apple | 1 Mac Os X | 2017-08-29 | 2.1 LOW | N/A |
| Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. | |||||
| CVE-2014-4432 | 1 Apple | 1 Mac Os X | 2017-08-29 | 4.7 MEDIUM | N/A |
| fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. | |||||
| CVE-2014-4433 | 1 Apple | 1 Mac Os X | 2017-08-29 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem. | |||||
| CVE-2014-4434 | 1 Apple | 1 Mac Os X | 2017-08-29 | 4.9 MEDIUM | N/A |
| The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem. | |||||