Lucene search
K

77 matches found

CNVD
CNVD
added 2017/12/07 12:0 a.m.5 views

IBM InfoSphere BigInsights Remote Code Injection Vulnerability

IBM InfoSphere BigInsights is a suite of software platforms for storing and analyzing "Big Data" from IBM in the United States. The platform provides solutions for managing and analyzing massive amounts of structured and unstructured data. A remote code injection vulnerability exists in IBM...

4.4CVSS7.8AI score0.00676EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/24 12:0 a.m.3 views

EasySNS Minimalist Community loginHandle method suffers from SQL injection vulnerability

EasySNS Minimalist Community is for the new database architecture and program structure, to the group as the basic unit to form an interactive community. A SQL injection vulnerability exists in the loginHandle method of the EasySNS community. The vulnerability is due to the failure of the system ...

7.7AI score
Exploits0
CNVD
CNVD
added 2017/10/23 12:0 a.m.5 views

IrfanView BabaCAD4Image plugin buffer overflow vulnerability (CNVD-2017-32369)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. BabaCAD4Image plugin is one of the plugins for reading DXF and DWG CAD files. A buffer overflow vulnerability exis...

7.8CVSS7.8AI score0.01722EPSS
Exploits0References1
CNVD
CNVD
added 2017/09/08 12:0 a.m.6 views

Concrete5 cross-site scripting vulnerability (CNVD-2017-32458)

concrete5 is a free content management system CMS. The system can be edited and typeset directly on the page. A cross-site scripting vulnerability exists in concrete5 version 5.7.3.1, which stems from the program failing to validate or encrypt user-submitted input. A remote attacker can exploit...

6.1CVSS6.3AI score0.00738EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/19 12:0 a.m.5 views

GNU PSPP Denial of Service Vulnerability (CNVD-2017-28754)

GNU PSPP is a free application developed by the GNU Project for data sampling, statistics and analysis. A security vulnerability exists in the 'dictaddmrset' function in the data/dictionary.c file in GNU PSPP version 0.11.0. A remote attacker could exploit this vulnerability to cause a denial of...

7.5CVSS7.3AI score0.01262EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/25 12:0 a.m.6 views

AutoTrace heap buffer overflow vulnerability (CNVD-2017-08490)

AutoTrace is a set of software for converting bitmap files Bitmap to vector files Vector. A heap buffer overflow vulnerability exists in the 'GETCOLOR' function at color.c:16:11 in the libautotrace.a file in AutoTrace version 0.31.1. An attacker can exploit this vulnerability to cause a heap buff...

9.8CVSS7.3AI score0.01928EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/08 12:0 a.m.3 views

WordPress REST API Endpoint Cross-Site Scripting Vulnerability

WordPress is a free and open source blogging software and content management system that uses PHP and MySQL as its platform. A cross-site scripting vulnerability exists in WordPress REST API Endpoint versions prior to 4.7.3, which can be exploited by an attacker to inject arbitrary JavaScript...

6AI score
Exploits0References1
CNVD
CNVD
added 2017/01/19 12:0 a.m.4 views

Zimbra Collaboration suffers from multiple cross-site scripting vulnerabilities (CNVD-2017-00758)

Zimbra can provide open source email server software and shared calendars. Multiple cross-site scripting vulnerabilities in versions prior to Zimbra Collaboration 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors also known as errors...

6.1CVSS6.1AI score0.01449EPSS
Exploits0References1
CNVD
CNVD
added 2016/12/22 12:0 a.m.2 views

SQL Injection Vulnerability in the uuid Parameter of Shenzhen Siquan CRM System

Ltd. is engaged in OA, CRM, ERP, HRM, enterprise mailbox system consulting and services. SQL injection vulnerability exists in the uuid parameter of the Shenzhen SiQuan CRM system. Allows attackers to exploit the vulnerability to obtain sensitive database information...

7.9AI score
Exploits0
CNVD
CNVD
added 2016/12/14 12:0 a.m.3 views

Struts2 Remote Command Execution Vulnerability in Shenzhen Pengjiao Project Management System

Shenzhen Pengjiao Project Management System is a product of Shenzhen Pengjiao Management Consultant Co., Ltd, which mainly serves primary and secondary schools, private educational institutions, government education and so on. A Struts2 remote command execution vulnerability exists in the Shenzhe...

7.3AI score
Exploits0
CNVD
CNVD
added 2016/11/23 12:0 a.m.4 views

LibTIFF tif_pixarlog.c Heap Buffer Overflow Vulnerability

LibTIFF is a library for reading and writing the Tagged Image File Format abbreviated as TIFF. A security vulnerability exists in libtiff version 4.0.6 in tifpixarlog.c, which can lead to out-of-bounds write operations in the heap buffer...

9.8CVSS7.1AI score0.03194EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/25 12:0 a.m.3 views

Design Vulnerability in Oceanis Browser

Maxthon Browser is a versatile and personalized multi-tab browser. It reduces the browser's usage of system resources and improves the efficiency of web surfing. A design vulnerability exists in Maxthon Browser that allows attackers to exploit the vulnerability to bypass the homology policy...

6.8AI score
Exploits0
CNVD
CNVD
added 2016/04/27 12:0 a.m.7 views

xWPE Local Buffer Overflow Vulnerability

A buffer overflow vulnerability exists in xwpe v1.5.30a-2.1 and earlier versions due to a failure to strictly limit user input. An attacker is able to exploit this vulnerability to arbitrarily execute code in the context of the application, potentially resulting in a denial of service...

7.5AI score
Exploits0References1
CNVD
CNVD
added 2015/12/20 12:0 a.m.5 views

IBM Tivoli Storage FlashCopy Manager and Tivoli Storage Manager local boost vulnerability (CNVD-2015-08435)

IBM Tivoli Storage FlashCopy Manager is a suite of software that provides a high level of data protection for critical applications and databases through integrated snapshot capabilities.Tivoli Storage Manager is a suite of software that automates data protection for e-mail servers. A security...

8.5CVSS6.5AI score0.00984EPSS
Exploits0References1
CNVD
CNVD
added 2015/12/18 12:0 a.m.1 views

libxml2 heap buffer overflow vulnerability (CNVD-2015-08397)

libxml2 is an XML parser and markup toolset. A heap buffer overflow vulnerability exists in versions of libxml2 prior to 2.9.3. An attacker is able to rely on context to cause a denial of service via an unspecified vector...

5CVSS8.2AI score0.0721EPSS
Exploits0References1
CNVD
CNVD
added 2015/09/27 12:0 a.m.1 views

PHP 'php_zip.c' Directory Traversal Vulnerability

PHP is an open source general-purpose computer scripting language. A directory traversal vulnerability in PHP 'phpzip.c' allows remote attackers to exploit the vulnerability by submitting the special directory traversal character '...' to create or overwrite arbitrary files...

6.9AI score
Exploits0References1
CNVD
CNVD
added 2015/01/07 12:0 a.m.11 views

Multiple HTML Injection Vulnerabilities in AdaptCMS

AdaptCMS is a content management system. AdaptCMS has multiple HTML injection vulnerabilities because it fails to properly filter user-supplied input. An attacker can execute supplied HTML and script code in the context of the affected site...

4.3CVSS7.5AI score0.04266EPSS
Exploits2References1
Rows per page
Query Builder