CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2015-7728 XSS 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898.
52 CVE-2015-7729 Exec Code 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892.
53 CVE-2015-7730 DoS 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
54 CVE-2015-7838 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors.
55 CVE-2015-7839 Exec Code 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality.
56 CVE-2015-9278 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.
57 CVE-2015-9457 Sql 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
58 CVE-2015-9466 Sql 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.
59 CVE-2015-9469 XSS 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.
60 CVE-2015-9470 Dir. Trav. 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.
61 CVE-2015-9474 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.
62 CVE-2015-9475 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.
63 CVE-2015-9479 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.
64 CVE-2015-9481 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
65 CVE-2015-9482 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
66 CVE-2015-9483 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
67 CVE-2015-9484 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
68 CVE-2015-9485 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
69 CVE-2015-9486 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
70 CVE-2015-9487 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
71 CVE-2015-9488 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
72 CVE-2015-9489 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
73 CVE-2015-9490 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
74 CVE-2015-9491 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
75 CVE-2015-9492 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
76 CVE-2016-0260 DoS 2016-06-28 2016-06-28
0.0
None ??? ??? ??? ??? ??? ???
Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors.
77 CVE-2016-10545 Exec Code 2018-07-05 2018-07-05
0.0
None ??? ??? ??? ??? ??? ???
thor ruby gem suffers from a command injection vulnerability due to the use of `open-uri`'s open() as used in Thor::Actions#get, allowing for execution of system commands.
78 CVE-2017-1298 DoS 2017-04-28 2017-04-28
0.0
None ??? ??? ??? ??? ??? ???
A denial of service vulnerability has been discovered in 40-GbE network interface modules for IBM Security Network Protection XGS 7100 appliance. IBM X-Force ID: 125160.
79 CVE-2017-5716 DoS Exec Code Overflow 2017-09-05 2017-09-05
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in ConnMan Project connection manager daemon version 1.34 and earlier allows a remote attacker to conduct a denial of service and remote code execution via malformed DNS packets.
80 CVE-2017-7286 Overflow 2017-04-10 2017-04-12
0.0
None ??? ??? ??? ??? ??? ???
The Linux kernel package 3.16.0-28 on Ubuntu 14.04 LTS mishandles a series of mmap system calls for /dev/zero with different starting addresses, with a stated impact of "allowing for a local user to possibly gain root access," aka an "inode integer overflow."
81 CVE-2017-7319 2017-04-10 2017-04-10
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the Linux kernel package 3.16.0-28 on Ubuntu 14.04 LTS allows any user to send a SIGIO signal to any process. If the process does not catch or ignore the signal, it will exit.
82 CVE-2017-7516 Bypass 2018-01-29 2018-01-29
0.0
None ??? ??? ??? ??? ??? ???
It was found that the cpio --no-absolute-filenames option since version 2.7 did not verify paths during extraction. A specially crafted cpio archive could bypass this option and write to an arbitrary location, outside of the extraction directory.
83 CVE-2017-7874 Exec Code 2017-04-15 2017-04-18
0.0
None ??? ??? ??? ??? ??? ???
udevd in udev 232, when the Linux kernel 4.8.0 is used, does not properly verify the source of a Netlink message, which allows local users to execute arbitrary commands by leveraging access to the NETLINK_KOBJECT_UEVENT family, and the presence of the /lib/udev/rules.d/50-udev-default.rules file, to provide a crafted REMOVE_CMD value.
84 CVE-2017-9021 DoS 2017-05-26 2017-05-26
0.0
None ??? ??? ??? ??? ??? ???
The vrend_clear dispatch function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted value in "buffers."
85 CVE-2017-12880 2017-08-16 2017-08-16
0.0
None ??? ??? ??? ??? ??? ???
In PyJWT 1.5.0 and below the 'invalid_strings' check in 'HMACAlgorithm.prepare_key' does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string '-----BEGIN RSA PUBLIC KEY-----' which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.
86 CVE-2017-13103 2018-08-15 2018-08-15
0.0
None ??? ??? ??? ??? ??? ???
Pinterest, 6.37, 2017-10-24, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
87 CVE-2017-13826 +Priv 2017-11-12 2017-11-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "Postfix" product. Versions before 3.2.2 might allow local users to gain privileges or have unspecified other impact.
88 CVE-2017-14443 +Info 2018-09-17 2018-09-17
0.0
None ??? ??? ??? ??? ??? ???
An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability.
89 CVE-2017-14948 Exec Code Overflow 2019-10-14 2019-10-15
0.0
None ??? ??? ??? ??? ??? ???
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.
90 CVE-2017-15064 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Arris devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Arris.
91 CVE-2017-15065 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on ASUS CM-32 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from ASUS.
92 CVE-2017-15066 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various AVM FRITZ!Box devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from AVM.
93 CVE-2017-15067 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Compal devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Compal.
94 CVE-2017-15068 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Comcast branded devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Comcast.
95 CVE-2017-15069 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Hitron devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Hitron.
96 CVE-2017-15070 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Linksys devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Linksys.
97 CVE-2017-15071 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on NETGEAR C6300, CM400, CM700, and CMD31T devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from NETGEAR.
98 CVE-2017-15072 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Quantenna devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Quantenna.
99 CVE-2017-15073 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on Samsung Home Media Server devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Samsung.
100 CVE-2017-15074 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on SMC D3G2408 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from SMC.
Total number of vulnerabilities : 994   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.