| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PotPlayer 1.5.40688: .avi File Memory Corruption |
| Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges. |
| ClamAV before 0.97.7: dbg_printhex possible information leak |
| D-Link DIR-100 4.03B07: cli.cgi CSRF |
| D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries. |
| Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges |
| Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book |
| TRENDnet TS-S402 has a backdoor to enable TELNET. |
| PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. |
| QNAP VioCard 300 has hardcoded RSA private keys. |
| Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload." |
| SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script |
| OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability |
| RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. |
| Wiz 5.0.3 has a user mode write access violation |
| AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request |
| FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability |
| Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file. |
| Evernote prior to 5.5.1 has insecure password change |
