Vulnerability_Archives

CVE_ARCHIVES.DB

ARCHIVE_CHRONOLOGY.INDEXSTATUS: ONLINE

Risk_Filter:

Records: 18,938

Mode: SECURE_QUERY

CVE-2019-20202

MEDIUM

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leadin

Discovered

Dec 31, 2019

CVE-2019-20201

MEDIUM

An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory

Discovered

Dec 31, 2019

CVE-2019-20200

MEDIUM

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling,

Discovered

Dec 31, 2019

CVE-2019-20199

MEDIUM

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling,

Discovered

Dec 31, 2019

CVE-2019-20198

MEDIUM

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML

Discovered

Dec 31, 2019

CVE-2015-5595

MEDIUM

Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin us

Discovered

Dec 31, 2019

CVE-2015-5593

MEDIUM

The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scri

Discovered

Dec 31, 2019

CVE-2015-5592

MEDIUM

Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks.

Discovered

Dec 31, 2019

CVE-2015-5591

HIGH

SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.

Discovered

Dec 31, 2019

CVE-2019-18568

HIGH

Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user.

Discovered

Dec 31, 2019

CVE-2013-7071

MEDIUM

Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inje

Discovered

Dec 31, 2019

CVE-2013-7070

CRITICAL

The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharact

Discovered

Dec 31, 2019

CVE-2011-3585

MEDIUM

Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outa

Discovered

Dec 31, 2019

CVE-2004-2776

CRITICAL

go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parame

Discovered

Dec 31, 2019

CVE-2019-20197

HIGH

In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php,

Discovered

Dec 31, 2019

CVE-2013-4357

HIGH

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

Discovered

Dec 31, 2019

CVE-2013-4161

HIGH

gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issu

Discovered

Dec 31, 2019

CVE-2019-3984

CRITICAL

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input

Discovered

Dec 31, 2019

CVE-2019-14466

MEDIUM

The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perf

Discovered

Dec 31, 2019

CVE-2019-10227

MEDIUM

openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.

Discovered

Dec 31, 2019

...