| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0. |
| A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages. |
| ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. |
| BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. |
| BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin. |
| BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. |
| An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages. |
| An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products. |
| AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user. |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges. |
| A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link. |
| An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services. |
| PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field. |
| PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field. |
| PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. |
| PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote attackers to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the "Current Position" field. |
