Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3109 | 1 Shopware | 1 Shopware | 2018-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code. | |||||
| CVE-2015-7527 | 1 Cool Video Gallery Project | 1 Cool Video Gallery | 2018-10-09 | 7.5 HIGH | N/A |
| lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page. | |||||
| CVE-2015-8562 | 1 Joomla | 1 Joomla\! | 2018-10-09 | 7.5 HIGH | N/A |
| Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. | |||||
| CVE-2015-8360 | 1 Atlassian | 1 Bamboo | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. | |||||
| CVE-2015-5074 | 1 X2engine | 1 X2crm | 2018-10-09 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension. | |||||
| CVE-2015-5696 | 1 Dell | 1 Netvault Backup | 2018-10-09 | 5.0 MEDIUM | N/A |
| Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. | |||||
| CVE-2015-5457 | 1 Pivotx | 1 Pivotx | 2018-10-09 | 7.5 HIGH | N/A |
| PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php. | |||||
| CVE-2015-6357 | 1 Cisco | 1 Firesight System Software | 2018-10-09 | 6.8 MEDIUM | N/A |
| The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444. | |||||
| CVE-2015-5208 | 1 Apache | 1 Cordova | 2018-10-09 | 4.3 MEDIUM | 4.4 MEDIUM |
| Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link. | |||||
| CVE-2015-3994 | 1 Sap | 1 Hana | 2018-10-09 | 4.0 MEDIUM | N/A |
| The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. | |||||
| CVE-2015-1833 | 1 Apache | 1 Jackrabbit | 2018-10-09 | 6.4 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request. | |||||
| CVE-2014-9755 | 1 Viprinet | 2 Multichannel Vpn Router 300, Multichannel Vpn Router 300 Firmware | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. | |||||
| CVE-2014-9757 | 1 Atlassian | 1 Bamboo | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message. | |||||
| CVE-2014-9754 | 1 Viprinet | 2 Multichannel Vpn Router 300, Multichannel Vpn Router 300 Firmware | 2018-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. | |||||
| CVE-2014-8310 | 1 Sap | 1 Businessobjects | 2018-10-09 | 7.1 HIGH | N/A |
| The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | |||||
| CVE-2014-8323 | 1 Aircrack-ng | 1 Aircrack-ng | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter. | |||||
| CVE-2014-8324 | 1 Aircrack-ng | 1 Aircrack-ng | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter. | |||||
| CVE-2014-5375 | 1 Adaptivecomputing | 1 Moab | 2018-10-09 | 4.0 MEDIUM | N/A |
| The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags. | |||||
| CVE-2014-5376 | 1 Adaptivecomputing | 1 Moab | 2018-10-09 | 4.0 MEDIUM | N/A |
| Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message. | |||||
| CVE-2014-5460 | 1 Tribulant | 1 Tibulant Slideshow Gallery | 2018-10-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/. | |||||