SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
Max CVSS
9.8
EPSS Score
0.32%
Published
2017-01-30
Updated
2021-01-30
SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter.
Max CVSS
9.8
EPSS Score
0.17%
Published
2017-01-23
Updated
2017-01-26
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.
Max CVSS
9.8
EPSS Score
0.16%
Published
2017-01-23
Updated
2017-01-26
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile().
Max CVSS
9.8
EPSS Score
0.19%
Published
2017-01-23
Updated
2017-01-26
An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive.
Max CVSS
9.3
EPSS Score
0.44%
Published
2017-01-23
Updated
2019-10-03
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.
Max CVSS
9.1
EPSS Score
0.34%
Published
2017-01-21
Updated
2020-04-02
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
Max CVSS
9.8
EPSS Score
0.31%
Published
2017-01-20
Updated
2018-11-08
The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists.
Max CVSS
9.1
EPSS Score
0.13%
Published
2017-01-23
Updated
2019-10-03
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
9.8
EPSS Score
0.39%
Published
2017-01-17
Updated
2017-01-27
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.
Max CVSS
9.8
EPSS Score
0.39%
Published
2017-01-17
Updated
2017-01-27
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
Max CVSS
9.8
EPSS Score
2.13%
Published
2017-01-28
Updated
2018-01-05
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().
Max CVSS
9.8
EPSS Score
2.13%
Published
2017-01-28
Updated
2018-01-05
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().
Max CVSS
9.8
EPSS Score
2.13%
Published
2017-01-28
Updated
2018-01-05
The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().
Max CVSS
9.8
EPSS Score
2.13%
Published
2017-01-28
Updated
2018-01-05
The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575.
Max CVSS
9.8
EPSS Score
2.13%
Published
2017-01-28
Updated
2018-01-05
In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().
Max CVSS
9.8
EPSS Score
2.13%
Published
2017-01-28
Updated
2018-01-05
The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().
Max CVSS
9.8
EPSS Score
2.13%
Published
2017-01-28
Updated
2018-01-05
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
Max CVSS
9.8
EPSS Score
48.73%
Published
2017-01-11
Updated
2022-07-20
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.
Max CVSS
9.8
EPSS Score
1.12%
Published
2017-01-12
Updated
2017-11-04
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
Max CVSS
9.1
EPSS Score
0.28%
Published
2017-01-11
Updated
2020-04-02
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
Max CVSS
9.8
EPSS Score
37.76%
Published
2017-01-28
Updated
2019-03-19
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
Max CVSS
9.8
EPSS Score
37.76%
Published
2017-01-28
Updated
2019-03-19
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
Max CVSS
9.8
EPSS Score
37.76%
Published
2017-01-28
Updated
2019-03-19
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
Max CVSS
9.8
EPSS Score
37.76%
Published
2017-01-28
Updated
2019-03-19
Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation.
Max CVSS
9.8
EPSS Score
5.77%
Published
2017-01-02
Updated
2021-09-13
259 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!