|Paid content will be excluded from the download.
| Matches : 89891
|KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically.
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
INFOR EAM V11.0 Build 201410 has XSS via comment fields.
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected ne ...
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or res ...
MantisBT before 2.4.1 allows Permalink Injection via CSRF attacks on a permalink_page.php?url= URI. This is caused by a lack of a backslash check in string_api.php.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-8933. Reason: This candidate is a reservation duplicate of CVE-2017-8933. Notes: All CVE users should reference CVE-2017-8933 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   8989
© 2016 SecPod Technologies