| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. |
| php-symfony2-Validator has loss of information during serialization |
| Static HTTP Server 1.0 has a Local Overflow |
| Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search. |
| Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. |
| Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution |
| WordPress Xorbin Digital Flash Clock 1.0 has XSS |
| Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS |
| Sencha Labs Connect has XSS with connect.methodOverride() |
| SPBAS Business Automation Software 2012 has CSRF. |
| SPBAS Business Automation Software 2012 has XSS. |
| Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. |
| Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. |
| Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. |
| Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. |
| Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. |
| Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities |
| A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine. |
| RubyGem omniauth-facebook has an access token security vulnerability |
| Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections |
