| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account. |
| Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability |
| AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request |
| Varnish HTTP cache before 3.0.4: ACL bug |
| ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution |
| WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution |
| Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to 7.x-1.2 |
| Cisco ACE A2(3.6) allows log retention DoS. |
| A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code |
| The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. |
| systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). |
| IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies. |
| IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences. |
| An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. |
| In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options. |
| clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. |
| In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash. |
| go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12. |
| The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content. |
