| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| contao prior to 2.11.4 has a sql injection vulnerability |
| MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. |
| Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files. |
| In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization. |
| Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. |
| Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials. |
| Samsung Kies before 2.5.0.12094_27_11 has registry modification. |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification. |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. |
| Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service. |
| mono 2.10.x ASP.NET Web Form Hash collision DoS |
| The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors. |
| A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context. |
| ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation |
| plow has local buffer overflow vulnerability |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282. |
| FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. |
| Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information. |
| Hadoop 1.0.3 contains a symlink vulnerability. |
| PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file. |
