| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. |
| opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities |
| opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities |
| OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability |
| Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php). |
| A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code |
| There is an object injection vulnerability in swfupload plugin for wordpress. |
| Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors. |
| Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input |
| Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness |
| Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass |
| Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow. |
| A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. |
| Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. |
| NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload |
| Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. |
| XnView 2.03 has an integer overflow vulnerability |
| XnView 2.03 has a stack-based buffer overflow vulnerability |
| IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability |
| Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. |