Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1748 | 1 Xmb Software | 1 Xmb Forum | 2021-04-29 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript. | |||||
| CVE-2004-1864 | 1 Xmb Forum | 1 Xmb | 2021-04-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. | |||||
| CVE-2005-2575 | 1 Xmb Forum | 1 Xmb | 2021-04-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable. | |||||
| CVE-2003-0375 | 1 Xmb Forum | 1 Xmb | 2021-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter. | |||||
| CVE-2005-3544 | 1 Xmb Forum | 1 Xmb | 2021-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2002-0316 | 1 Xmb Software | 1 Xmb Forum | 2021-04-29 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag. | |||||
| CVE-2005-2574 | 1 Xmb Forum | 1 Xmb | 2021-04-29 | 5.0 MEDIUM | N/A |
| xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR]. | |||||
| CVE-2003-0483 | 1 Xmb Forum | 1 Xmb | 2021-04-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php. | |||||
| CVE-2015-8896 | 3 Imagemagick, Oracle, Redhat | 8 Imagemagick, Linux, Enterprise Linux Desktop and 5 more | 2021-04-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. | |||||
| CVE-2021-0243 | 1 Juniper | 2 Ex4300, Junos | 2021-04-27 | 3.3 LOW | 4.7 MEDIUM |
| Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service (DoS) condition. When the firewall policer discard action fails on a Layer 2 port, it will allow traffic to pass even though it exceeds set policer limits. Traffic will not get discarded, and will be forwarded even though a policer discard action is configured. When the issue occurs, traffic is not discarded as desired, which can be observed by comparing the Input bytes with the Output bytes using the following command: user@junos> monitor interface traffic Interface Link Input bytes (bps) Output bytes (bps) ge-0/0/0 Up 37425422 (82616) 37425354 (82616) <<<< egress ge-0/0/1 Up 37425898 (82616) 37425354 (82616) <<<< ingress The expected output, with input and output counters differing, is shown below: Interface Link Input bytes (bps) Output bytes (bps) ge-0/0/0 Up 342420570 (54600) 342422760 (54600) <<<< egress ge-0/0/1 Up 517672120 (84000) 342420570 (54600) <<<< ingress This issue only affects IPv4 policing. IPv6 traffic and firewall policing actions are not affected by this issue. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2. | |||||
| CVE-2004-0916 | 1 Cabextract Project | 1 Cabextract | 2021-04-26 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename. | |||||
| CVE-2021-25379 | 1 Samsung | 1 Gallery | 2021-04-23 | 2.1 LOW | 3.3 LOW |
| Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. | |||||
| CVE-2008-3661 | 1 Drupal | 1 Drupal | 2021-04-21 | 5.0 MEDIUM | N/A |
| Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | |||||
| CVE-2016-4817 | 1 Dena | 1 H2o | 2021-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet. | |||||
| CVE-2016-1133 | 1 Dena | 1 H2o | 2021-04-19 | 4.3 MEDIUM | 3.7 LOW |
| CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI. | |||||
| CVE-2019-6836 | 1 Schneider-electric | 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more | 2021-04-16 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow the file system to access the wrong file. | |||||
| CVE-2019-6838 | 1 Schneider-electric | 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more | 2021-04-16 | 5.5 MEDIUM | 6.5 MEDIUM |
| A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to delete a critical file. | |||||
| CVE-2004-1812 | 1 Broadcom | 1 Unicenter Tng | 2021-04-14 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in Agent Common Services (1) cam.exe and (2) awservices.exe in Unicenter TNG 2.4 allow remote attackers to execute arbitrary code. | |||||
| CVE-2007-0060 | 2 Broadcom, Ca | 24 Advantage Data Transport, Brightstor Portal, Brightstor San Manager and 21 more | 2021-04-14 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. | |||||
| CVE-2005-2669 | 2 Broadcom, Ca | 28 Advantage Data Transport, Adviseit, Brightstor Portal and 25 more | 2021-04-14 | 10.0 HIGH | N/A |
| Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets. | |||||