idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-10137)

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in admincp.php?app=group&do=save in idreamsoft iCMS 7.0.10, which can be exploited by an attacker to add an administrator account...

CVE-2015-6000

creationtimestamp| type| source ---|---|--- 2018-07-30 17:42:41+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vtigerlogouploadexec.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:41+00:00| seen|...

CVE-2011-10012

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/netop.rb 2025-08-13 23:41:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lwcysraiep27 2025-10-23...

Valve Steam Link has an unspecified vulnerability (CNVD-2018-01479)

The Valve Steam Link is a Steam online gaming device from Value Software in the United States. A security vulnerability exists in Valve Steam Link build 643, which stems from the program only detecting the first 8 characters of a password. No details of the vulnerability are available at this tim...

CAJViewer suffers from a memory corruption vulnerability (CNVD-2017-34947)

CAJviewer is a specialized full-text format reader for China Journal Network CJN, which supports TEB, NH, CAJ, KDH and PDF files of CJN. CAJviewer suffers from a memory corruption vulnerability when handling special CAJ files, which can be exploited by attackers to cause a denial of service attac...

CVE-2017-0804

A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487...

Cisco Prime Infrastructure HTML Injection Vulnerability (CNVD-2017-221614)

Cisco Prime Infrastructure PI is a set of Cisco Prime LAN Management Solution LMS and Cisco Prime Network Control System NCS technologies for wireless management. solution. An HTML injection vulnerability exists in the administrative web interface in Cisco PI, which stems from the program failing...

CVE-2017-3563

creationtimestamp| type| source ---|---|--- 2017-04-20 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41908...

UBUNTU-CVE-2017-5436

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox...

CVE-2017-2483

creationtimestamp| type| source ---|---|--- 2017-04-04 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41797...

Apache Camel Remote Code Execution Vulnerability (CNVD-2017-02452)

Apache Camel is an open source project under the Apache Foundation , it is a rule-based routing and mediation engine that provides an enterprise integration model of the implementation of Java objects , through the application program interface or known as declarative Java domain-specific languag...

CVE-2016-1551

CVE-2016-1551 affects ntpd (NTP 4.2.8p3 and NTPsec a5fb34b9…). The flaw arises because reference clocks are stored with regular peers; if a system lacks martian-filtering, a packet with a reference-clock source (e.g., 127.127.1.1) reaching receive() can be treated as a trusted peer, enabling an a...

DEBIAN-CVE-2015-3210

Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^?P=B?P=B?J:?Pc?Pa?P=BWGXCREDITS/, a different vulnerability than CVE-2015-8384...

CVE-2016-8583

creationtimestamp| type| source ---|---|--- 2016-11-02 00:40:30+00:00| published-proof-of-concept| https://t.me/FullDisclosure/221...

CVE-2016-4228

creationtimestamp| type| source ---|---|--- 2016-08-29 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40309 2025-08-31 03:01:29+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...

Android Setup Wizard elevation of privilege vulnerability (CNVD-2016-00872)

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Consortium. A security vulnerability exists in Android Setup Wizard, which allows attackers to exploit the vulnerability to elevate privileges...

Adobe Flash Player Memory Error Referencing Arbitrary Code Execution Vulnerability (CNVD-2015-08217)

Adobe Flash Player is a widely used, proprietary multimedia program player. It was originally written by Macromedia and continued to be developed and distributed by Adobe after Macromedia was acquired by Adobe. A memory misreference vulnerability exists in Adobe Flash Player's handling of special...

Adobe Flash Player Memory Error Reference Memory Corruption Vulnerability (CNVD-2015-06310)

Adobe Flash Player is a Flash file processing program.Adobe AIR is a cross-operating system runtime library produced by Adobe, through which developers can take advantage of existing Web development technology. A memory misreference vulnerability exists in Adobe Flash Player that could allow an...

IBM WebSphere Application Server (WAS) elevation of privilege vulnerability (CNVD-2015-02799)

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. An elevation of privilege vulnerability exists in IBM...

Internet Bug Bounty: Bad Write in TTF font parsing (win32k.sys)

This bug was originally reported through Project Zero at Google. Alex Rice suggested to me that I could potentially receive a bounty through Hacker One so I am also opening a report here. The vulnerability reference numbers are MS15-010 CVE-2015-0059 The original bug report is...