| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability |
| BabyGekko before 1.2.4 allows PHP file inclusion. |
| ZPanel 10.0.1 has insufficient entropy for its password reset process. |
| Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens. |
| opendnssec misuses libcurl API |
| Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability |
| Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability |
| A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service |
| A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. |
| cumin: At installation postgresql database user created without password |
| The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier. |
| golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. |
| Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. |
| ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. |
| lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. |
| install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. |
| Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter. |
| Bitlbee does not drop extra group privileges correctly in unix.c |
| SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. |