| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| qtparted has insecure library loading which may allow arbitrary code execution |
| IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. |
| IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. |
| syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot. |
| gitolite before 1.4.1 does not filter src/ or hooks/ from path names. |
| Rbot Reaction plugin allows command execution |
| Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. |
| Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. |
| Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. |
| burn allows file names to escape via mishandled quotation marks |
| python-docutils allows insecure usage of temporary files |
| overkill has buffer overflow via long player names that can corrupt data on the server machine |
| pixelpost 1.7.1 has SQL injection |
| ytnef has directory traversal |
| EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker. |
| Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02. |
| Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02. |
| gri before 2.12.18 generates temporary files in an insecure way. |
| clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. |
| Systrace before 1.6.0 has insufficient escape policy enforcement. |
