| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges. |
| A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. |
| D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters |
| D-Link DIR-100 4.03B07: cli.cgi CSRF |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273524. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. |
| Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries. |
| SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash). |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been declared as critical. This vulnerability affects the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273526 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. |
| TRENDnet TS-S402 has a backdoor to enable TELNET. |
| PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. |
| QNAP VioCard 300 has hardcoded RSA private keys. |
| SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script |
| OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25.
|
| RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. |
| AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request |
| FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability |
| Wiz 5.0.3 has a user mode write access violation |
| Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file. |
