Total
961 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9135 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program like cURL. There is one test accessible via cURL that does not properly sanitize user input, allowing an attacker to execute shell commands as the root user. | |||||
CVE-2016-1155 | 1 Google | 1 Android | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. | |||||
CVE-2016-5013 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.8 MEDIUM | 5.4 MEDIUM |
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. | |||||
CVE-2016-6754 | 1 Google | 1 Android | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937. | |||||
CVE-2017-7239 | 1 Ninka Project | 1 Ninka | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename. | |||||
CVE-2015-8258 | 1 Axis | 1 Axis Communications Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability." | |||||
CVE-2016-5685 | 1 Dell | 4 Idrac7, Idrac7 Firmware, Idrac8 and 1 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | |||||
CVE-2017-7703 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. | |||||
CVE-2015-3253 | 2 Apache, Oracle | 6 Groovy, Health Sciences Clinical Development Center, Retail Order Broker Cloud Service and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. | |||||
CVE-2015-7309 | 1 Boltcms | 1 Bolt | 2024-02-28 | 6.5 MEDIUM | N/A |
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it. | |||||
CVE-2015-5841 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-28 | 5.0 MEDIUM | N/A |
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. | |||||
CVE-2014-8910 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.0 MEDIUM | N/A |
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement. | |||||
CVE-2015-1762 | 1 Microsoft | 1 Sql Server | 2024-02-28 | 7.1 HIGH | N/A |
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability." | |||||
CVE-2016-7125 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. | |||||
CVE-2016-2204 | 1 Symantec | 1 Messaging Gateway | 2024-02-28 | 6.5 MEDIUM | 8.2 HIGH |
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | |||||
CVE-2015-3013 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 6.0 MEDIUM | N/A |
ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file. | |||||
CVE-2015-8800 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2024-02-28 | 4.9 MEDIUM | 7.3 HIGH |
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access. | |||||
CVE-2015-2704 | 1 Realmd Project | 1 Realmd | 2024-02-28 | 5.0 MEDIUM | N/A |
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response. | |||||
CVE-2015-0169 | 1 Ibm | 1 Security Siteprotector System | 2024-02-28 | 4.0 MEDIUM | N/A |
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors. | |||||
CVE-2015-3200 | 3 Hp, Lighttpd, Oracle | 3 Virtual Customer Access System, Lighttpd, Solaris | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. |