| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username. |
| The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. |
| Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. |
| Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. |
| Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin. |
| Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. |
| Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges. |
| Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable. |
| Joomla! core 1.7.1 allows information disclosure due to weak encryption |
| Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. |
| A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18. |
| A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled. |
| atop: symlink attack possible due to insecure tempfile handling |
| Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases. |
| An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. |
| An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled. |
| Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12. |
| A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12. |
| A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf. |
