CVE_DATABASE

18,938 records
CVE-2019-20202MEDIUM

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leadin

CVE-2019-20201MEDIUM

An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory

CVE-2019-20200MEDIUM

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling,

CVE-2019-20199MEDIUM

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling,

CVE-2019-20198MEDIUM

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML

CVE-2015-5595MEDIUM

Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin us

CVE-2015-5593MEDIUM

The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scri

CVE-2015-5592MEDIUM

Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks.

CVE-2015-5591HIGH

SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.

CVE-2019-18568HIGH

Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user.

CVE-2013-7071MEDIUM

Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inje

CVE-2013-7070CRITICAL

The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharact

CVE-2011-3585MEDIUM

Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outa

CVE-2004-2776CRITICAL

go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parame

CVE-2019-20197HIGH

In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php,

CVE-2013-4357HIGH

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

CVE-2013-4161HIGH

gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issu

CVE-2019-3984CRITICAL

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input

CVE-2019-14466MEDIUM

The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perf

CVE-2019-10227MEDIUM

openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.

...
Jump_To_Sector:
2026 CVE Archives2025 CVE Archives2024 CVE Archives2023 CVE Archives2022 CVE Archives2021 CVE Archives2020 CVE Archives2019 CVE Archives2018 CVE Archives2017 CVE Archives2016 CVE Archives2015 CVE Archives2014 CVE Archives2013 CVE Archives2012 CVE Archives2011 CVE Archives2010 CVE Archives2009 CVE Archives2008 CVE Archives2007 CVE Archives2006 CVE Archives2005 CVE Archives2004 CVE Archives2003 CVE Archives2002 CVE Archives2001 CVE Archives2000 CVE Archives1999 CVE Archives1998 CVE Archives1997 CVE Archives1996 CVE Archives1995 CVE Archives1994 CVE Archives1993 CVE Archives1992 CVE Archives1991 CVE Archives1990 CVE Archives1989 CVE Archives1988 CVE Archives
CVE Database | 4nuxd - Vulnerability Explorer