Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
WordPress WoodMart Theme <= 7.1.0 - Unauthenticated Arbitrary Shortcodes Injection
08.03.2023
FearZzZz
Low
NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery
18.05.2021
Harry Sintonen
Med.
Dovecot 2.3.11.3 Denial Of Service
07.01.2021
Innokentii Sennovskiy
Med.
October CMS <= Build 465 Multiple Vulnerabilities
03.08.2020
Sivanesh Ashok
Med.
Open-Xchange Dovecot 2.3.10 Null Pointer Dereference / Denial Of Service
20.05.2020
Philippe Antoine
Med.
SCP Server Verification Issues
16.01.2019
Harry Sintonen
Low
Wordpress Plugin Ninja Forms - CSV Injection
20.08.2018
Mostafa Gharzi
High
HPE VAN SDN 2.7.18.0503 Remote Root
28.06.2018
KoreLogic
High
HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
27.06.2018
Matthew Bergin
Low
GNU Wget 1.19.4 Cookie Injection
08.05.2018
Harry Sintonen
Low
The First MicroFinance Bank | RCE / File Upload
24.06.2017
Infinity Security Team
Low
AXIS Communications XSS / Content Inclusion
18.03.2017
orwelllabs
Low
AXIS Network Camera Cross Site Scripting
18.03.2017
orwelllabs
High
AXIS Authenticated Remote Command Execution
28.07.2016
orwelllabs
Low
CMS Made Simple Cache Poisoning
04.05.2016
I-Tracing
Low
pgpdump 0.29 Endless Loop
20.04.2016
Klaus Eisentraut
Med.
innovaphone IP222 UDP Denial Of Service
26.03.2016
Sven Freund
Med.
innovaphone IP222 11r2 sr9 Download Denial Of Service
26.03.2016
Sven Freund
Med.
Dell Authentication Driver Uncontrolled Write
19.12.2015
Matt Bergin
High
ZyXEL PMG5318-B20A OS Command Injection
16.10.2015
Karn Ganeshen
Low
GPON Zhone R4.0.2.566b D.O.S.
03.03.2015
Kaczinski lramirez
High
Linux Kernel Qualcomm Innovation Center (QuIC) Android gain privileges
14.12.2014
quicinc
High
VMWare vmx86.sys Arbitrary Kernel Read
06.11.2014
Matt Bergin
Med.
Apache HTTP Server 2.4.7 mod_log_config denial of service
19.03.2014
Apache
High
Apple MacOSX 10.9.2 OpenSSL Verification Surprises
05.03.2014
hynek
Med.
Microsoft Windows 8.1 XMLDOM XML Injection Vulnerability
27.02.2014
soroush
Low
PERL 5.10.0, 5.12.0, 5.14.0 Denial of Service
10.02.2014
Nobody
Med.
Conceptronic C54APM Open Redirect
12.01.2014
antonio vazquez blanco
Med.
OpenSSL 1.0.1e NULL Pointer dereference DoS
11.01.2014
Dr. Stephen Henson
Med.
Linux Kernel 3.12.3 inet uninitialized memory to user in recv syscalls
09.01.2014
mpb
High
Linux kernel Multiple CVE fixes
23.11.2013
Nico Golde and Fabian ...
Med.
Goodix GT915 Driver Memory Corruption / DoS / Privilege Escalation
08.11.2013
Jonathan Salwan
Med.
Vino VNC Server 3.7.3 Denial Of Service
18.09.2013
Jonathan Claudius
Med.
WordPress Event Easy Calendar 1.0.0 XSS / CSRF / Input Validation
09.09.2013
RogueCoder
High
Hikvision IP Cameras Overflow / Bypass / Privilege Escalation
07.08.2013
CORE
Low
Xpient POS / Iris 3.8 Cash Drawer Operation Remote Trigger
06.06.2013
CORE
High
NextApp Echo XML Injection Vulnerability
02.05.2013
Anonymous
High
Cisco Unified Computing System Multiple Vulnerabilities
24.04.2013
CISCO
High
Cisco NX-OS-Based Products Multiple Vulnerabilities
24.04.2013
CISCO
Med.
Cisco IOS XE Software for 1000 Series Multiple Vulnerabilities
10.04.2013
Cisco
Low
Pebble 2.6.4 Open Redirection
04.11.2012
Anonymous
Low
VirtualBox CPU-emulation bug (missing CPL check)
08.09.2012
halfdog
Low
IBM Lotus Domino HTTP Response Splitting and Cross-Site Scripting
07.09.2012
MustLive
Low
IOServer Root Directory Trailing Backslash Multiple Vulnerabilities
20.08.2012
hinge
High
LifeSize Room Command Injection
13.11.2011
Spencer McIntyre (zero...
High
Apple Safari Webkit libxslt Arbitrary File Creation
29.10.2011
metasploit
Med.
astersik open source 1.8.7 Remote crash vulnerability
26.10.2011
Asterisk Security Team
High
CMS WebManager-Pro Vulnerabilities
12.10.2011
MustLive
High
Opera 10/11 (bad nesting with frameset tag) Memory Corruption
10.10.2011
Jose A. Vazquez
High
Mac OS X < 10.6.7 Kernel Panic Exploit
02.10.2011
hkpco
High
LifeSize Room Command Injection
05.09.2011
Spencer McIntyre
High
iOS SSL Implementation Does Not Validate Certificate Chain
01.09.2011
Trustwave Advisories
Low
Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS
01.09.2011
Timo Warns
Low
Android Browser Cross-Application Scripting
16.08.2011
Roee Hay
High
HP Data Protector Remote Shell for HP-UX
08.08.2011
Adrian Puente Z.
High
ioQuake3 Remote shell injection
06.08.2011
Thilo Schulz
High
HP Data Protector Remote Shell for HPUX
06.08.2011
Adrian Puente Z.
Med.
phpMyAdmin 3.x Conditional Session Manipulation
03.08.2011
Mango
High
Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability
19.07.2011
metasploit
Med.
Symantec Backup Exec 12.5 MiTM Attack
11.07.2011
Nibin
High
Black Ice Cover Page ActiveX Control Arbitrary File Download
22.06.2011
metasploit
High
Black Ice Cover Page SDK insecure method DownloadImageFileURL() exploit
22.06.2011
mr_me
High
Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
10.06.2011
metasploit
High
HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055)
30.05.2011
fdisk
Low
Opera : SELECT SIZE Arbitrary null write
13.05.2011
Advisories Toucan-Syst...
Low
CA SiteMinder Security Notice
02.05.2011
Williams, James K
Low
Linux Kernel 2.4 and 2.6 disclosure of sensitive information
12.04.2011
Timo Warns
Med.
Apache Tomcat 7.0.11 information disclosure
12.04.2011
Mark Thomas
High
xpdf multiple vulnerabilities allow remote code execution
02.04.2011
Advisories Toucan-Syst...
Med.
Mutt: failure to check server certificate in SMTP TLS connection
18.03.2011
dave b
Low
SugarCRM list privilege restriction bypass
18.03.2011
RedTeam Pentesting Gmb...
High
Linux Kernel Buffer Overflow ldm_frag_add() Elevated Privileges
04.03.2011
PRE
High
Cisco Secure Desktop CSDWebInstaller Remote Code Execution
01.03.2011
ZDI
Med.
ZOHO ManageEngine ADSelfService multiple vulnerabilities
18.02.2011
CORE Security Technolo...
Med.
mit kerberos 5-1.9 kpropd denial of service
12.02.2011
Tom Yu
Med.
MyProxy SSL Certificate Validation Security Bypass Vulnerability
03.02.2011
Venkat Yekkirala
High
OpenVAS Manager Command Injection Vulnerability
01.02.2011
Tim Brown
High
OpenVAS Manager Vulnerable To Command Injection
31.01.2011
Tim Brown
High
CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability
18.01.2011
felix
High
MS11-002: Microsoft Data Access Components Vulnerability
15.01.2011
Peter Vreugdenhil
High
Mono/Moonlight Generic Type Argument Local Privilege Escalation
15.01.2011
Chris Howie
Med.
Symantec Intel Handler Service Remote Denial-of-Service
25.12.2010
Core
High
Windows Win32k Pointer Dereferencement (MS10-098)
18.12.2010
Stefan LE BERRE
Low
PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference
05.11.2010
Maksymilian Arciemowic...
High
Android 2.0-2.1 Reverse Shell Exploit
05.11.2010
MJ Keith
Med.
KDC uninitialized pointer crash in authorization data handling
11.10.2010
Tom Yu
High
Adobe Acrobat and Reader Array Indexing Remote Code Execution Vulnerability
09.10.2010
Knud and nSense
Med.
IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability
07.10.2010
ZDI
High
Microsoft Unicode Scripts Processor Remote Code Execution
06.10.2010
Abysssec
Low
HP System Management Homepage (SMH) Remote URL Redirection
28.09.2010
HP
High
Novell iPrint Client ActiveX Control \'debug\' Buffer Overflow Exploit
23.09.2010
Trancer
Med.
MailEnable SMTP Service Two Denial of Service Vulnerabilities
17.09.2010
Secunia Research
Med.
Apache Traffic Server 2.0.0 issue
15.09.2010
Tim Brown
Low
linux kernel 2.6.34 xfs swapext ioctl issue
13.09.2010
Eugene Teo
High
Adobe Shockwave 11.20005.7.609 tSAC Chunk Invalid Seek
31.08.2010
ZDI
High
Adobe Shockwave 11.20005.7.609 CSWV Chunk Memory Corruption
31.08.2010
ZDI
High
Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
30.08.2010
ZDI
High
Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerdability
30.08.2010
ZDI
High
Adobe Shockwave Player Director Remote Code Execution Vulnerability
30.08.2010
ZDI
High
ssmtp 2.62 standardise() Buffer overflow
24.08.2010
Jan Lieskovsky
CVEMAP Search Results
CVE
Details
Description
2024-10-21
CVE-2024-49368
Updating...
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue.
2024-10-19
CVE-2024-9889
Updating...
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view private/draft/password protected posts, pages, and Elementor templates that they should not have access to.
2024-10-18
CVE-2024-49361
Updating...
ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit malicious input data, bypassing input validation, resulting in remote code execution in certain machine learning applications using the ACON library. All users utilizing ACON�??s input-handling functions are potentially at risk. Specifically, machine learning models or applications that ingest user-generated data without proper sanitization are the most vulnerable. Users running ACON on production servers are at heightened risk, as the vulnerability could be exploited remotely. As of time of publication, it is unclear whether a fix is available.
2024-10-17
CVE-2024-7417
Updating...
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts.
CVE-2024-45713
Updating...
SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes.
CVE-2024-49284
Updating...
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1.
CVE-2024-49235
Updating...
Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2.
2024-10-16
CVE-2024-9540
Updating...
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.
CVE-2024-45219
Updating...
Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Additionally, all user-uploaded or registered KVM-compatible templates and volumes can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run this on their secondary storage(s) and inspect output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done The command can also be run for the file-based primary storages; however, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done
CVE-2017-20194
Updating...
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.
Copyright
2024
, cxsecurity.com
Back to Top
