| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks. |
| The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin. |
| ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. |
| An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function. |
| Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. |
| bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter. |
| The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. |
| In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php. |
| Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter. |
| CSRF vulnerability in Smoothwall Express 3. |
| A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. |
| FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. In particular, it uses the MD5File() function, which takes a pathname as an argument, and is called with euid 0. A race condition in this process may lead to an arbitrary MD5 comparison regardless of the read permissions. |
| v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences. |
| PHPShop through 0.8.1 has XSS. |
| The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. |
| Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter. |
| A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability. |
