Navis DocumentCloud <0.1.1 - Cross-Site Scripting

Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. id: CVE-2015-2807 info: name: Navis DocumentCloud 0.1.1 - Cross-Site...

Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. id: CVE-2020-7980 info: name: Satellian Intellian Aptus Web...

CVE-2024-9982 ESi Technology AIM LINE Marketing Platform - SQL Injection

AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content...

ILIAS <= 4.4.1 Multiple Vulnerabilities

ILIAS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ilias:ilias"; if description...

SUSE CVE-2015-3277

The modnss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring...

CVE-2022-47515

An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service daemon crash via a long message in a TCP request that leads to std::lengtherror...

CVE-2021-28890

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the 1 compId parameter to fast/sys/user/list, 2 deptId parameter to fast/sys/role/list, or 3 roleId parameter to fast/sys/role/authUser/list, related to the use of $ to join SQL statements...

Denial Of Service (DoS)

elfutils is vulnerable to denial of service. The allocateelf function in common.h allows remote attackers to crash the application via a malicious ELF file, which would trigger a memory allocation failure...

CVE-2020-7660

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js"...

CVE-2011-4901

TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database...

CVE-2018-11516

The vlcdemuxchainedDelete function in input/demuxchained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service heap corruption and application crash or possibly have unspecified other impact via a crafted .swf file...

CVE-2016-3954

web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...

CVE-2017-12924

CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1p6 allows remote attackers to cause a denial of service divide-by-zero error via a crafted fpx image...

CVE-2017-8388

GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSGUSEREMAILEXIST protection mechanism via a register.php?act=edit&id=1 request...

CVE-2017-5615

cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location...

CVE-2016-9139

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment...

CVE-2016-1925

Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the 1 level0 or 2 level1 header in a lha archive, which triggers a buffer overflow...

Double free

Double free vulnerability in the phpwddxprocessdata function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted XML data that is...

FinderView Multiple Vulnerabilities

FinderView is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:finderview:finderview";...

GLSA-201603-08 : VLC: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201603-08 VLC: Multiple vulnerabilities Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could possibly execute arbitrary code or cause...