Unknown · CVSS Not scored
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter.
Published Jun 18, 2014 · Updated Sep 16, 2024
High · CVSS 8.8
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.
Published Jun 8, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.
Published Jun 20, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001.
Published Jun 19, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.
Published Jun 11, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) host or (2) password parameter to rtl/protected/admin/ddns/.
Published Jun 19, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php.
Published Jun 16, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.
Published Jun 10, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote authenticated users to inject arbitrary web script or HTML via the (2) MaxInstances, (3) PassivePorts, (4) Port, (5) ServerName, (6) TimeoutLogin, (7) TimeoutNoTransfer, or (8) TimeoutStalled parameter to admin/services_ftp.html; the (9) dns1 or (10) dns2 parameter to admin/system.html; the (11) newTgtName parameter to admin/volumes_iscsi_targets.html; the User-Agent HTTP header to (12) language.html, (13) login.html, or (14) password.html in account/; or the User-Agent HTTP header to (15) account_groups.html, (16) account_users.html, (17) services.html, (18) services_ftp.html, (19) services_iscsi_target.html, (20) services_rsync.html, (21) system_clock.html, (22) system_info.html, (23) system_ups.html, (24) volumes_editpartitions.html, or (25) volumes_iscsi_targets.html in admin/.
Published Jun 18, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter.
Published Jun 5, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.
Published Jun 30, 2015 · Updated Sep 16, 2024
High · CVSS 7.8
The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server.
Published Jun 8, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
Published Jun 4, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field.
Published Jun 16, 2014 · Updated Sep 16, 2024
Low · CVSS 3.3
A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument exclusion_list/blc_custom_fields leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.10.2 is able to address this issue. The patch is named 90615fe9b0b6f9e6fb254d503c302e53a202e561. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230659.
Published Jun 5, 2023 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.
Published Jun 27, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.
Published Jun 4, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
Published Jun 12, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call.
Published Jun 27, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.
Published Jun 3, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.
Published Jun 30, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.
Published Jun 13, 2016 · Updated Aug 6, 2024