| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball. |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm |
| PotPlayer 1.5.40688: .avi File Memory Corruption |
| Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges. |
| ClamAV before 0.97.7: dbg_printhex possible information leak |
| D-Link DIR-100 4.03B07: cli.cgi CSRF |
| D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries. |
| Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges |
| Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book |
| TRENDnet TS-S402 has a backdoor to enable TELNET. |
| PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. |
| QNAP VioCard 300 has hardcoded RSA private keys. |
| Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload." |
| SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script |
| OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability |
| RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. |
| Wiz 5.0.3 has a user mode write access violation |
| AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request |
| FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability |
