CVE-2005-1274

Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter...

CVE-2005-1607

Cross-site scripting XSS vulnerability in shop.cgi in Remote Cart allows remote attackers to inject arbitrary web script or HTML via the 1 merchant or 2 demo parameters...

CVE-2005-1449

Unknown vulnerability in serendipityconfiglocal.inc.php for Serendipity before 0.8 has unknown impact...

CVE-2023-43457

An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint...

CVE-2023-29487

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service DoS via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS...

CVE-2023-29996

In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfodecode and unsubinfodecode...

CVE-2023-31289

Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort...

CGA-23HH-MGPW-H5HP

Bulletin has no description...

CVE-2023-40134

In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-40300

NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key...

CVE-2023-40278

An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error...

CVE-2023-40287

An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue...

CVE-2018-21000

An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption...

CVE-2018-10190

A vulnerability in London Trust Media Private Internet Access PIA VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vulnerability is due to insufficient implementation of access controls. The "Changelog" and "Help"...

CVE-2018-9399

In /proc/driver/wmtdbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-18890

MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete= with an invalid filename...

CVE-2018-6631

In Micropoint proactive defense software 2.0.20266.0146, the driver file mp110009.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000170...

CVE-2018-6846

Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zbsystem/function/lib/upload.php...

CVE-2018-19620

ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified pageid...

CVE-2018-4365

An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12.1...