Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3103 | 1 Adobe | 1 Connect | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack. | |||||
| CVE-2017-1208 | 1 Ibm | 1 Maximo Asset Management | 2017-07-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778. | |||||
| CVE-2001-1495 | 1 Freshmeat | 2 Network Query Tool, Network Query Tool Phpnuke | 2017-07-18 | 7.5 HIGH | N/A |
| network_query.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter. | |||||
| CVE-2002-0449 | 1 Talentsoft | 1 Web\+ Server | 2017-07-18 | 10.0 HIGH | N/A |
| Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe. | |||||
| CVE-2002-0993 | 1 Hp | 1 Instant Support | 2017-07-18 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files. | |||||
| CVE-2002-1479 | 1 The Cacti Group | 1 Cacti | 2017-07-18 | 4.6 MEDIUM | N/A |
| Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges. | |||||
| CVE-2004-0266 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. | |||||
| CVE-2004-1175 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-18 | 7.5 HIGH | N/A |
| fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. | |||||
| CVE-2004-1583 | 1 Tridcomm | 1 Tridcomm | 2017-07-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT. | |||||
| CVE-2004-1679 | 1 Jigunet | 2 Twinftp Enterprise, Twinftp Standard | 2017-07-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands. | |||||
| CVE-2004-1712 | 1 Typepad | 1 Typepad | 2017-07-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter. | |||||
| CVE-2004-2020 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php. | |||||
| CVE-2004-2056 | 1 Nucleus Group | 1 Nucleus Cms | 2017-07-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter. | |||||
| CVE-2004-2059 | 1 Xlinesoft | 1 Asprunner | 2017-07-18 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp. | |||||
| CVE-2005-0505 | 1 Stackworks Enterprises | 1 Information Resource Manager | 2017-07-18 | 7.5 HIGH | N/A |
| Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have "potentially serious" impact, related to LDAP logins. | |||||
| CVE-2005-3318 | 1 Jed Wing | 1 Chm Lib | 2017-07-18 | 5.1 MEDIUM | N/A |
| Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930. | |||||
| CVE-2017-11195 | 1 Pulsesecure | 1 Pulse Connect Secure | 2017-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this. | |||||
| CVE-2017-11196 | 1 Pulsesecure | 1 Pulse Connect Secure | 2017-07-18 | 6.8 MEDIUM | 8.8 HIGH |
| Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page. | |||||
| CVE-2017-1175 | 1 Ibm | 1 Maximo Asset Management | 2017-07-18 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297. | |||||
| CVE-2017-1176 | 1 Ibm | 1 Maximo Asset Management | 2017-07-18 | 2.1 LOW | 3.3 LOW |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299. | |||||