Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2173 | 1 Ipa | 1 Empirical Project Monitor - Extended | 2017-05-31 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-8477 | 1 Redmine | 1 Redmine | 2017-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering. | |||||
| CVE-2015-5241 | 1 Apache | 1 Juddi | 2017-05-31 | 5.8 MEDIUM | 6.1 MEDIUM |
| After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'. User session data, credentials, and auth tokens are cleared before the redirect. | |||||
| CVE-2015-5469 | 1 Mdc Youtube Downloader Project | 1 Mdc Youtube Downloader | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php. | |||||
| CVE-2015-4704 | 1 Download Zip Attachments Project | 1 Download Zip Attachments | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php. | |||||
| CVE-2014-3582 | 1 Apache | 1 Ambari | 2017-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | |||||
| CVE-2016-6112 | 1 Ibm | 3 Distributed Marketing, Marketing Operations, Marketing Platform | 2017-05-30 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282. | |||||
| CVE-2015-4045 | 1 Alienvault | 1 Open Source Security Information Management | 2017-05-30 | 7.2 HIGH | 6.7 MEDIUM |
| The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script. | |||||
| CVE-2015-4046 | 1 Alienvault | 1 Open Source Security Information Management | 2017-05-30 | 6.5 MEDIUM | 7.2 HIGH |
| The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php. | |||||
| CVE-2017-9071 | 1 Modx | 1 Modx Revolution | 2017-05-30 | 2.6 LOW | 4.7 MEDIUM |
| In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning. | |||||
| CVE-2017-9068 | 1 Modx | 1 Modx Revolution | 2017-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter. | |||||
| CVE-2017-9069 | 1 Modx | 1 Modx Revolution | 2017-05-30 | 6.5 MEDIUM | 8.8 HIGH |
| In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | |||||
| CVE-2017-9070 | 1 Modx | 1 Modx Revolution | 2017-05-30 | 3.5 LOW | 5.4 MEDIUM |
| In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php. | |||||
| CVE-2017-8833 | 1 Zen-cart | 1 Zen Cart | 2017-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github." | |||||
| CVE-2016-4903 | 1 Wp-olivecart | 2 Olivecart, Olivecartpro | 2017-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4904 | 1 Wp-olivecart | 2 Olivecart, Olivecartpro | 2017-05-30 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to perform unintended operations via unspecified vectors. | |||||
| CVE-2016-4905 | 1 Wp-olivecart | 2 Olivecart, Olivecartpro | 2017-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-9167 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:337:25. | |||||
| CVE-2017-9187 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:486:7. | |||||
| CVE-2017-9197 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55. | |||||