CVE-2015-5946

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension...

postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference

A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code...

CVE-2014-8903

CVE-2014-8903 affects IBM Cúram Social Program Management (versions 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10, and 6.0.5 before 6.0.5.6). Root cause: Java reflection attack where external input specifies a class name, allowing remote authenticated users to load arbitrary Java classes. Impac...

CVE-2017-11364

CVE-2017-11364 affects Joomla! 3.x up to 3.7.3. The root cause is failure to verify ownership of a webspace in the installer, enabling an authenticated remote attacker to gain control of the target application by abusing Certificate Transparency logs. Scope is limited to versions 3.7.3 and earlie...

CVE-2017-11678

SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php...

CVE-2017-8919

CVE-2017-8919 affects NetApp OnCommand API Services (versions before 1.2P3). The vulnerability occurs because LDAP BIND passwords are logged when a user authenticates via the REST API, allowing remote authenticated users to obtain sensitive password information via unspecified vectors. Impact is ...

CVE-2017-2126

WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors...

CVE-2015-3640

phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the pat...

CentOS 6 : freeradius (CESA-2017:1759)

An update for freeradius is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Cisco Web Security Appliance Static Credentials Vulnerability

A vulnerability in AsyncOS for the Cisco Web Security Appliance WSA could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI. The vulnerability is due to a us...

RedHat Update for freeradius RHSA-2017:1759-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-9609

Cross-site scripting XSS vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the maplanguage parameter to backend/pages/langsettings.php...

Design/Logic Flaw

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language aka VTL...

CVE-2017-9843

CVE-2017-9843 affects SAP NetWeaver AS ABAP 7.40. The issue is a denial-of-service via disp+work.exe triggered by remote authenticated users with certain privileges; the vulnerability is tied to SAP Security Note 2406841. Affected components include SAP Kernel 7.40 64-bit and disp+work.exe. Impac...

CVE-2017-4054

Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter...

CVE-2017-4057

The CVE-2017-4057 entry documents a Privilege Escalation in the web interface of McAfee Advanced Threat Defense (ATD) affecting versions 3.10, 3.8, 3.6 and 3.4. The vulnerability allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands. The connected CNVD...

CVE-2017-10803

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...

CVE-2017-10803

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...

CVE-2017-10803

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request...