Lucene search
+L

332 matches found

CNVD
CNVD
added 2016/11/14 12:0 a.m.2 views

Unspecified Cross-Site Scripting Vulnerability in TYPO3 HTML5 Video Player Extension

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. An unspecified cross-site scripting vulnerability exists in TYPO3 HTML5 Video Player Extension. Because the program fails to properly filter user-supplied input, an attacker could exploit the...

6.8AI score
Exploits0References1
CNVD
CNVD
added 2016/10/11 12:0 a.m.3 views

VLC Media Player Buffer Overflow Vulnerability (CNVD-2016-08641)

VLC media player is a well-known multimedia player that can play video and audio in many formats. A buffer overflow vulnerability exists in VLC media player, which can be exploited by an attacker to cause a denial of service and execute arbitrary code because the program fails to adequately...

7.9AI score
Exploits0References1
CNVD
CNVD
added 2016/07/29 12:0 a.m.4 views

SAP TREX Directory Traversal Vulnerability

SAP TREX is a search engine from SAP for the SAP NetWeaver integrated technology platform. A directory traversal vulnerability exists in SAP TREX because the program fails to adequately filter user-submitted input. An attacker could leverage the directory traversal character '...' The vulnerabili...

10CVSS6.8AI score0.05786EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/20 12:0 a.m.4 views

Joomla! SecurityCheck and SecurityCheck Pro SQL Injection Vulnerability

Joomla! is a U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other features . SecurityCheck and SecurityCheck Pro are among the network security extension components. A SQL injection vulnerability exists in...

8.2AI score
Exploits0References1
CNVD
CNVD
added 2016/01/08 12:0 a.m.7 views

markdown-it and NodeBB HTML Injection Vulnerabilities

markdown-it is a parser product. NodeBB is a forum system developed by the Design Create Play team and built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. An HTML injection vulnerability exists in markdown-it versions prior to 4.1.0 and NodeBB versions...

5.3CVSS7.7AI score0.01287EPSS
Exploits0References1
CNVD
CNVD
added 2015/07/14 12:0 a.m.55 views

Merethis Centreon 'getStats.php' Remote Command Execution Vulnerability

Merethis Centreon is an open source IT monitoring software from Merethis France that needs to be paired with Nagios to manage Nagios via the web web and to enable monitoring of networks, operating systems and applications via third-party components. A remote command execution vulnerability exists...

6.5CVSS7.9AI score0.09146EPSS
Exploits5References1
CNVD
CNVD
added 2015/05/07 12:0 a.m.1 views

ManageEngine Applications Manager CommonAPIUtil getAdminMG Remote Code Execution Vulnerability

ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. A remote code execution...

8.9AI score
Exploits0References1
CNVD
CNVD
added 2015/04/15 12:0 a.m.19 views

IBM Tivoli Storage Manager stack buffer overflow vulnerability (CNVD-2015-02431)

IBM Tivoli Storage Manager TSM is a backup and recovery management solution from IBM in the United States. A stack buffer overflow vulnerability exists in IBM Tivoli Storage Manager. Due to the application failing to properly filter user-supplied input. Allowing an attacker to exploit the...

7.2CVSS8AI score0.00456EPSS
Exploits0References1
CNVD
CNVD
added 2015/03/26 12:0 a.m.2 views

Nodesforum Remote File Inclusion Vulnerability

Nodesforum is a free PHP forum script. A remote file inclusion vulnerability exists in Nodesforum that stems from the program failing to adequately filter user-submitted input. An attacker could use this vulnerability to compromise the application and computer...

7AI score
Exploits0References1
CNVD
CNVD
added 2015/02/06 12:0 a.m.4 views

Ektron CMS XML External Entity Injection Vulnerability

Ektron CMS is a content management system. An injection vulnerability exists in the Ektron CMS XML external entity due to the application failing to properly filter user-supplied input before dynamically generating content. An attacker could exploit this vulnerability to execute arbitrary code...

6.8CVSS8.1AI score0.02441EPSS
Exploits0References1
OSV
OSV
added 2015/01/14 11:27 p.m.12 views

USN-2473-1 coreutils vulnerabilities

It was discovered that the distcheck rule in dist-check.mk in GNU coreutils allows local users to gain privileges via a symlink attack on a directory tree under /tmp. This issue only affected Ubuntu 10.04 LTS. CVE-2009-4135 Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly...

7.5CVSS6.5AI score0.07087EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2013/06/28 2:55 p.m.5 views

CVE-2013-4660

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation...

6.8CVSS7.2AI score0.17186EPSS
Exploits7References5
Rows per page
Query Builder