Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
WordPress WoodMart Theme <= 7.1.0 - Unauthenticated Arbitrary Shortcodes Injection
08.03.2023
FearZzZz
Low
NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery
18.05.2021
Harry Sintonen
Med.
Dovecot 2.3.11.3 Denial Of Service
07.01.2021
Innokentii Sennovskiy
Med.
October CMS <= Build 465 Multiple Vulnerabilities
03.08.2020
Sivanesh Ashok
Med.
Open-Xchange Dovecot 2.3.10 Null Pointer Dereference / Denial Of Service
20.05.2020
Philippe Antoine
Med.
SCP Server Verification Issues
16.01.2019
Harry Sintonen
Low
Wordpress Plugin Ninja Forms - CSV Injection
20.08.2018
Mostafa Gharzi
High
HPE VAN SDN 2.7.18.0503 Remote Root
28.06.2018
KoreLogic
High
HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
27.06.2018
Matthew Bergin
Low
GNU Wget 1.19.4 Cookie Injection
08.05.2018
Harry Sintonen
Low
The First MicroFinance Bank | RCE / File Upload
24.06.2017
Infinity Security Team
Low
AXIS Communications XSS / Content Inclusion
18.03.2017
orwelllabs
Low
AXIS Network Camera Cross Site Scripting
18.03.2017
orwelllabs
High
AXIS Authenticated Remote Command Execution
28.07.2016
orwelllabs
Low
CMS Made Simple Cache Poisoning
04.05.2016
I-Tracing
Low
pgpdump 0.29 Endless Loop
20.04.2016
Klaus Eisentraut
Med.
innovaphone IP222 UDP Denial Of Service
26.03.2016
Sven Freund
Med.
innovaphone IP222 11r2 sr9 Download Denial Of Service
26.03.2016
Sven Freund
Med.
Dell Authentication Driver Uncontrolled Write
19.12.2015
Matt Bergin
High
ZyXEL PMG5318-B20A OS Command Injection
16.10.2015
Karn Ganeshen
Low
GPON Zhone R4.0.2.566b D.O.S.
03.03.2015
Kaczinski lramirez
High
Linux Kernel Qualcomm Innovation Center (QuIC) Android gain privileges
14.12.2014
quicinc
High
VMWare vmx86.sys Arbitrary Kernel Read
06.11.2014
Matt Bergin
Med.
Apache HTTP Server 2.4.7 mod_log_config denial of service
19.03.2014
Apache
High
Apple MacOSX 10.9.2 OpenSSL Verification Surprises
05.03.2014
hynek
Med.
Microsoft Windows 8.1 XMLDOM XML Injection Vulnerability
27.02.2014
soroush
Low
PERL 5.10.0, 5.12.0, 5.14.0 Denial of Service
10.02.2014
Nobody
Med.
Conceptronic C54APM Open Redirect
12.01.2014
antonio vazquez blanco
Med.
OpenSSL 1.0.1e NULL Pointer dereference DoS
11.01.2014
Dr. Stephen Henson
Med.
Linux Kernel 3.12.3 inet uninitialized memory to user in recv syscalls
09.01.2014
mpb
High
Linux kernel Multiple CVE fixes
23.11.2013
Nico Golde and Fabian ...
Med.
Goodix GT915 Driver Memory Corruption / DoS / Privilege Escalation
08.11.2013
Jonathan Salwan
Med.
Vino VNC Server 3.7.3 Denial Of Service
18.09.2013
Jonathan Claudius
Med.
WordPress Event Easy Calendar 1.0.0 XSS / CSRF / Input Validation
09.09.2013
RogueCoder
High
Hikvision IP Cameras Overflow / Bypass / Privilege Escalation
07.08.2013
CORE
Low
Xpient POS / Iris 3.8 Cash Drawer Operation Remote Trigger
06.06.2013
CORE
High
NextApp Echo XML Injection Vulnerability
02.05.2013
Anonymous
High
Cisco Unified Computing System Multiple Vulnerabilities
24.04.2013
CISCO
High
Cisco NX-OS-Based Products Multiple Vulnerabilities
24.04.2013
CISCO
Med.
Cisco IOS XE Software for 1000 Series Multiple Vulnerabilities
10.04.2013
Cisco
Low
Pebble 2.6.4 Open Redirection
04.11.2012
Anonymous
Low
VirtualBox CPU-emulation bug (missing CPL check)
08.09.2012
halfdog
Low
IBM Lotus Domino HTTP Response Splitting and Cross-Site Scripting
07.09.2012
MustLive
Low
IOServer Root Directory Trailing Backslash Multiple Vulnerabilities
20.08.2012
hinge
High
LifeSize Room Command Injection
13.11.2011
Spencer McIntyre (zero...
High
Apple Safari Webkit libxslt Arbitrary File Creation
29.10.2011
metasploit
Med.
astersik open source 1.8.7 Remote crash vulnerability
26.10.2011
Asterisk Security Team
High
CMS WebManager-Pro Vulnerabilities
12.10.2011
MustLive
High
Opera 10/11 (bad nesting with frameset tag) Memory Corruption
10.10.2011
Jose A. Vazquez
High
Mac OS X < 10.6.7 Kernel Panic Exploit
02.10.2011
hkpco
High
LifeSize Room Command Injection
05.09.2011
Spencer McIntyre
High
iOS SSL Implementation Does Not Validate Certificate Chain
01.09.2011
Trustwave Advisories
Low
Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS
01.09.2011
Timo Warns
Low
Android Browser Cross-Application Scripting
16.08.2011
Roee Hay
High
HP Data Protector Remote Shell for HP-UX
08.08.2011
Adrian Puente Z.
High
ioQuake3 Remote shell injection
06.08.2011
Thilo Schulz
High
HP Data Protector Remote Shell for HPUX
06.08.2011
Adrian Puente Z.
Med.
phpMyAdmin 3.x Conditional Session Manipulation
03.08.2011
Mango
High
Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability
19.07.2011
metasploit
Med.
Symantec Backup Exec 12.5 MiTM Attack
11.07.2011
Nibin
High
Black Ice Cover Page ActiveX Control Arbitrary File Download
22.06.2011
metasploit
High
Black Ice Cover Page SDK insecure method DownloadImageFileURL() exploit
22.06.2011
mr_me
High
Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
10.06.2011
metasploit
High
HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055)
30.05.2011
fdisk
Low
Opera : SELECT SIZE Arbitrary null write
13.05.2011
Advisories Toucan-Syst...
Low
CA SiteMinder Security Notice
02.05.2011
Williams, James K
Low
Linux Kernel 2.4 and 2.6 disclosure of sensitive information
12.04.2011
Timo Warns
Med.
Apache Tomcat 7.0.11 information disclosure
12.04.2011
Mark Thomas
High
xpdf multiple vulnerabilities allow remote code execution
02.04.2011
Advisories Toucan-Syst...
Med.
Mutt: failure to check server certificate in SMTP TLS connection
18.03.2011
dave b
Low
SugarCRM list privilege restriction bypass
18.03.2011
RedTeam Pentesting Gmb...
High
Linux Kernel Buffer Overflow ldm_frag_add() Elevated Privileges
04.03.2011
PRE
High
Cisco Secure Desktop CSDWebInstaller Remote Code Execution
01.03.2011
ZDI
Med.
ZOHO ManageEngine ADSelfService multiple vulnerabilities
18.02.2011
CORE Security Technolo...
Med.
mit kerberos 5-1.9 kpropd denial of service
12.02.2011
Tom Yu
Med.
MyProxy SSL Certificate Validation Security Bypass Vulnerability
03.02.2011
Venkat Yekkirala
High
OpenVAS Manager Command Injection Vulnerability
01.02.2011
Tim Brown
High
OpenVAS Manager Vulnerable To Command Injection
31.01.2011
Tim Brown
High
CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability
18.01.2011
felix
High
MS11-002: Microsoft Data Access Components Vulnerability
15.01.2011
Peter Vreugdenhil
High
Mono/Moonlight Generic Type Argument Local Privilege Escalation
15.01.2011
Chris Howie
Med.
Symantec Intel Handler Service Remote Denial-of-Service
25.12.2010
Core
High
Windows Win32k Pointer Dereferencement (MS10-098)
18.12.2010
Stefan LE BERRE
Low
PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference
05.11.2010
Maksymilian Arciemowic...
High
Android 2.0-2.1 Reverse Shell Exploit
05.11.2010
MJ Keith
Med.
KDC uninitialized pointer crash in authorization data handling
11.10.2010
Tom Yu
High
Adobe Acrobat and Reader Array Indexing Remote Code Execution Vulnerability
09.10.2010
Knud and nSense
Med.
IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability
07.10.2010
ZDI
High
Microsoft Unicode Scripts Processor Remote Code Execution
06.10.2010
Abysssec
Low
HP System Management Homepage (SMH) Remote URL Redirection
28.09.2010
HP
High
Novell iPrint Client ActiveX Control \'debug\' Buffer Overflow Exploit
23.09.2010
Trancer
Med.
MailEnable SMTP Service Two Denial of Service Vulnerabilities
17.09.2010
Secunia Research
Med.
Apache Traffic Server 2.0.0 issue
15.09.2010
Tim Brown
Low
linux kernel 2.6.34 xfs swapext ioctl issue
13.09.2010
Eugene Teo
High
Adobe Shockwave 11.20005.7.609 tSAC Chunk Invalid Seek
31.08.2010
ZDI
High
Adobe Shockwave 11.20005.7.609 CSWV Chunk Memory Corruption
31.08.2010
ZDI
High
Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
30.08.2010
ZDI
High
Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerdability
30.08.2010
ZDI
High
Adobe Shockwave Player Director Remote Code Execution Vulnerability
30.08.2010
ZDI
High
ssmtp 2.62 standardise() Buffer overflow
24.08.2010
Jan Lieskovsky
CVEMAP Search Results
CVE
Details
Description
2024-04-18
CVE-2024-3928
Updating...
A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261367.
2024-04-17
CVE-2023-36505
Updating...
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24.
CVE-2024-32506
Updating...
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.
2024-04-16
CVE-2024-3574
Updating...
In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking.
CVE-2024-3029
Updating...
In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the 'multi_user_mode'. The vulnerability allows an attacker to remove all existing users and potentially create a new admin user without requiring a password, leading to unauthorized access and control over the application.
CVE-2024-3028
Updating...
mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logo_filename' parameter in the 'system-preferences' API endpoint, an attacker can construct requests to read sensitive files or the application's '.env' file, and even delete files by setting the 'logo_filename' to the path of the target file and invoking the 'remove-logo' API endpoint. This vulnerability is due to the lack of proper sanitization of user-supplied input.
CVE-2024-32086
Updating...
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1.
2024-04-15
CVE-2024-3774
Updating...
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.
CVE-2024-3505
Updating...
JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments.
CVE-2024-3780
Updating...
A vulnerability of Information Exposure has been found on Technicolor CGA2121 affecting the version 1.01, this vulnerability allows a local attacker to obtain sensitive information stored on the device such as wifi network's SSID and their respective passwords.
Copyright
2024
, cxsecurity.com
Back to Top
