Total
168 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-0140 | 1 Cisco | 19 Content Security Management Appliance, Content Security Management Appliance Sma M190, Content Security Management Appliance Sma M390 and 16 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295. | |||||
CVE-2018-0105 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269. | |||||
CVE-2017-2486 | 1 Apple | 2 Iphone Os, Safari | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. | |||||
CVE-2017-2161 | 1 Toshiba | 1 Flashair | 2024-11-21 | 2.7 LOW | 3.5 LOW |
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors. | |||||
CVE-2017-2143 | 1 Frogman Office Inc | 2 Cs-cart Japanese Edition, Cs-cart Multivendor Japanese Edition | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php. | |||||
CVE-2017-2139 | 1 Frogman Office Inc | 1 Cs-cart | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php. | |||||
CVE-2017-17736 | 1 Kentico | 1 Kentico Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard. | |||||
CVE-2017-15235 | 1 Horde | 1 Groupware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. | |||||
CVE-2017-14993 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka "forced browsing") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option. | |||||
CVE-2017-14244 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi. | |||||
CVE-2017-10833 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. | |||||
CVE-2016-1000111 | 1 Twistedmatrix | 1 Twisted | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | |||||
CVE-2015-2873 | 1 Trendmicro | 1 Deep Discovery Inspector | 2024-11-21 | 5.5 MEDIUM | N/A |
Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL. | |||||
CVE-2015-1313 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 6.5 MEDIUM |
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. | |||||
CVE-2005-1892 | 1 Flatnuke | 1 Flatnuke | 2024-11-20 | 6.4 MEDIUM | N/A |
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message. | |||||
CVE-2005-1827 | 1 Dlink | 2 Dsl-504t, Dsl-504t Firmware | 2024-11-20 | 7.5 HIGH | N/A |
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. | |||||
CVE-2005-1698 | 1 Postnuke | 1 Postnuke | 2024-11-20 | 5.0 MEDIUM | N/A |
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message. | |||||
CVE-2005-1697 | 1 Postnuke | 1 Postnuke | 2024-11-20 | 5.0 MEDIUM | N/A |
The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message. | |||||
CVE-2005-1688 | 1 Wordpress | 1 Wordpress | 2024-11-20 | 5.0 MEDIUM | N/A |
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message. | |||||
CVE-2005-1685 | 1 Episodex | 1 Episodex Guestbook | 2024-11-20 | 7.5 HIGH | N/A |
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp. |