| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. |
| suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution |
| views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter. |
| A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The patch is identified as b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability. |
| The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. |
| The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. |
| The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory. |
| The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false. |
| Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory. |
| mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread. |
| qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors |
| CFME: CSRF protection vulnerability via permissive check of the referrer header |
| Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. |
| QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. |
| OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution |
| Chrony before 1.29.1 has traffic amplification in cmdmon protocol |
| perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. |
| Zabbix before 5.0 represents passwords in the users table with unsalted MD5. |
| A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch. |
| An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball. |
