CVE-2001-0152

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/credentials/dynaziplog.rb 2025-02-06 03:13:37+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:08:02+00:00| seen|...

DEBIAN-CVE-2018-11202

A NULL pointer dereference was discovered in H5Shypermakespans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack...

undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)

It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value...

CVE-2018-8973

OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWorddeal.php?mudi=add request...

tribe (>=1.2.0 <=1.3.0) potentially affected by CVE-2017-16763 via confire (=0.2.0)

confire PYPI version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on confire and may be impacted: - tribe =1.2.0, =1.3.0 Source cves: CVE-2017-16763 Source advisory: OSV:PYSEC-2017-78...

Tuleap 9.6 Second-Order PHP Object Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------- Tuleap getPreferenceself::PREFERENCERECENTELEMENTS 1427. if $recentelements = unserialize$recentelements 1428. if isarray$recentelements 1429. return $recentelements; 1430. 1431...

MGASA-2017-0273 Updated subversion packages fix security vulnerability

A Subversion client sometimes connects to URLs provided by the repository. A maliciously constructed svn+ssh:// URL would cause Subversion clients to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to an honest server to attack...

CVE-2017-5375

creationtimestamp| type| source ---|---|--- 2017-07-15 13:59:23+00:00| seen| https://t.me/canyoupwnme/1768 2018-03-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44294 2018-03-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44293 2025-08-31 03:01:07+00:00| see...

CVE-2017-9585

The "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app 3.0.3 -- aka community-state-bank-lamar-mobile-banking/id1083927885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...

MATESO GmbH Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection Vulnerability

Exploit for multiple platform in category web applications Products: Password Safe and Repository Enterprise Manufacturer: MATESO GmbH Affected Versions: 7.4.4 Build 2247 Tested Versions: 7.4.4 Build 2247 Vulnerability Type: Violation of Secure Design Principles CWE-657 SQL Injection CWE-89 Risk...

CVE-2017-2479

creationtimestamp| type| source ---|---|--- 2017-04-11 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41866...

CVE-2014-9844

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service out-of-bounds read via a crafted image file...

EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)

EasyCom For PHP 4.0.0 - Buffer Overflow PoC + Credits: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: ================ easycom-aura.com Product:...

QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-048 Product: QNAP QTS Manufacturer: QNAP Affected Versions: 4.2.0 Build 20160311 and Build 20160601 Tested Versions: 4.2.0 Build 20160311 - 4.2.2 Build 20160812 Vulnerability Type: OS Command Injection CWE-78 Risk Level: High...

CVE-2016-3490

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, and 6.4.1 allows remote authenticated users to affect confidentiality via vectors related to Database...

IPS Community Suite 4.1.12.3 PHP Code Injection

--------------------------------------------------------------------------- IPS Community Suite contentclass ; 39. 40. if ! classexists $class or ! inarray 'IPS\Content', classparents $class 41. 42. \IPS\Output::i-error 'nodeerror', '2S226/2', 404, '' ; 43. User input passed through the...

php -- multiple vulnerabilities

The PHP Group reports: Please reference CVE/URL list for details...

C2Box 4.0.0(r19171) Validation Bypass

Title: Validation Bypass in C2Box application allows user to input negative value Author: Harish Ramadoss Vendor: boxautomationB.A.S Product: C2Box Version: All versions below 4.0.0r19171 Tested Version: Version 4.0.0r19171 Severity: Medium CVE Reference: 2015-4626 About the Product: B.A.S C2Box...

Novell Filr 1.2.0 Build 846 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-055 Product: Novell Filr Vendor: Novell Affected Versions: 1.2.0 build 846 Tested Versions: 1.2.0 build 846 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Vendor Notification:...

CVE-2015-8410

creationtimestamp| type| source ---|---|--- 2015-12-18 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39040...