Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9934 | 1 Joomla | 1 Joomla\! | 2017-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. | |||||
| CVE-2006-1037 | 1 Oracle | 2 Diagnostics, E-business Suite | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-1333 | 1 Betaparticle | 1 Betaparticle Blog | 2017-07-20 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp. | |||||
| CVE-2006-1472 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results. | |||||
| CVE-2006-1599 | 1 V-creator.com | 1 V-creator | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3, when the VC_CRYPTO_METHOD option is OPENSSL, allows remote attackers to execute arbitrary commands, possibly due to problems in the (1) encrypt and (2) decrypt functions. | |||||
| CVE-2006-2577 | 1 Docebo | 1 Docebo | 2017-07-20 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-3096 | 1 Ipostmx | 1 Ipostmx 2005 | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) forum parameter in messagepost.cfm and (2) topic parameter in topics.cfm. NOTE: this item was created based on information in a blog entry that was apparently removed after CVE analysis. As of 20060619, CVE is attempting to determine the cause of the removal. | |||||
| CVE-2017-1000049 | 2017-07-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8864. Reason: This candidate is a reservation duplicate of CVE-2015-8864. Notes: All CVE users should reference CVE-2015-8864 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-11354 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. | |||||
| CVE-2017-11444 | 1 Intelliants | 1 Subrion Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. | |||||
| CVE-2017-11445 | 1 Intelliants | 1 Subrion Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. | |||||
| CVE-2017-1000051 | 1 Xwiki | 1 Cryptpad | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content | |||||
| CVE-2017-1000038 | 1 Relevanssi | 1 Relevanssi | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site | |||||
| CVE-2017-1000042 | 1 Mapbox Project | 1 Mapbox | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name. | |||||
| CVE-2017-2266 | 1 Resume-next | 1 Filecapsule Deluxe Portable | 2017-07-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2272 | 1 Hibara | 1 Attachecase | 2017-07-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.3.2.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-1000059 | 1 Livehelperchat | 1 Live Helper Chat | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users. | |||||
| CVE-2017-2253 | 1 Yahoo | 1 Toolbar | 2017-07-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-9933 | 1 Joomla | 1 Joomla\! | 2017-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. | |||||
| CVE-2017-7276 | 1 Topdesk | 1 Topdesk | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before 7.03.019. | |||||