| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. |
| WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. |
| PotPlayer 1.5.40688: .avi File Memory Corruption |
| Belkin n750 routers have a buffer overflow. |
| Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges. |
| Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges. |
| OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. |
| ClamAV before 0.97.7: dbg_printhex possible information leak |
| ClamAV before 0.97.7 has buffer overflow in the libclamav component |
| ClamAV before 0.97.7 has WWPack corrupt heap memory |
| Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
| The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. |
| Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method. |
| D-Link DIR-100 4.03B07 has PPTP and poe information disclosure |
| D-Link DIR-100 4.03B07: cli.cgi XSS |
| D-Link DIR-100 4.03B07: cli.cgi CSRF |
| D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script |
| D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters |
| Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account. |
| Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting (XSS) attacks via the HTTP Referer header. |
