| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. |
| The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort. |
| gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function |
| cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system |
| Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information disclosure vulnerability. |
| Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet. |
| W3 Total Cache before 0.9.2.5 exposes sensitive cached database information which allows remote attackers to download this information via their hash keys. |
| W3 Total Cache before 0.9.2.5 generates hash keys insecurely which allows remote attackers to predict the values of the hashes. |
| W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files. |
| nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. |
| Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks. |
| Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl. |
| HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability |
| BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error |
| Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php. |
| BabyGekko before 1.2.4 allows PHP file inclusion. |
| BabyGekko before 1.2.4 has SQL injection. |
| Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878. |
| ZPanel 10.0.1 has insufficient entropy for its password reset process. |
| The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp). |
