Path traversal

Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter...

CVE-2015-5382

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the alt parameter when uploading a vCard...

CVE-2017-4014

Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request...

CVE-2017-7488

Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames...

CVE-2017-8080

Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads...

Netgear WNR2000\R2000 Series Buffer Overflow Vulnerability

The WNR2000v3, WNR2000v4, WNR2000v5 and R2000 are all router products from Netgear. A buffer overflow vulnerability exists in the Netgear WNR2000\R2000 family of products, which can be exploited by remote attackers to bypass authentication and execute arbitrary commands...

Code injection

Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation...

Intel AMT Remote Authentication Bypass Vulnerability

Intel AMT is known as INTEL Active Management Technology, a preset feature that uses Web-based control pages to allow administrators to manage the system remotely via remote ports 16992 and 16993. A remote authentication bypass vulnerability exists in Intel AMT. An unauthorized user can bypass th...

CVE-2015-8257

CVE-2015-8257 affects Axis Communications AXIS Network Cameras with the devtools.sh vector. Remote authenticated users can execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml....

CVE-2016-5810

Advantech WebAccess vulnerable upAdminPg.asp (before 8.1_20160519) exposes password information to remote authenticated administrators via unspecified vectors. The CVE-2016-5810 issue is classified as an information-disclosure vulnerability in the upAdminPg.asp component, enabling an admin higher...

CVE-2017-7644

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541...

CVE-2016-8588

The hotfixupload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file...

Code injection

logquerydlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cacheid parameter...

CVE-2016-8584

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value...

CVE-2017-2115

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors...

CVE-2017-2114

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-2115

CVE-2017-2115 affects Cybozu Office 10.0.0–10.5.0. It describes an access restriction bypass in the "+customapp" component, allowing remote authenticated attackers to obtain information from other logged-in users via unspecified vectors. The connected documents also reference related issues (CVE-...

Directory Traversal Vulnerability in Multiple IBM Devices

Tivoli is IBM's IT administrator management component specifically tailored for enterprise use of IBM products, which corresponds to the range of medium to large enterprise systems management platforms. A directory traversal vulnerability exists in multiple IBM devices. Allows remote authenticate...

CVE-2016-6903

lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands...

CVE-2016-3733

The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber...