| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer. |
| SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie. |
| Cryptocat strophe.js before 2.0.22 has information disclosure |
| Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure |
| Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview |
| GLPI 0.83.7 has Local File Inclusion in common.tabs.php. |
| OpenShift cartridge allows remote URL retrieval |
| Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. |
| MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. |
| yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository. |
| mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot. |
| tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. |
| An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". |
| TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. |
| Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames. |
| Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action |
| Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability |
| An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams. |
