Search Results (25419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14320 1 Mirasvit 1 Helpdesk Mx 2025-04-20 N/A
Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.
CVE-2017-14430 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 7.5 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.
CVE-2017-14818 1 Foxitsoftware 1 Foxit Reader 2025-04-20 N/A
This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4982.
CVE-2017-14819 1 Foxitsoftware 1 Foxit Reader 2025-04-20 N/A
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the channel number member of the cdef box. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5011.
CVE-2017-14821 1 Foxitsoftware 1 Foxit Reader 2025-04-20 N/A
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5013.
CVE-2017-14822 1 Foxitsoftware 1 Foxit Reader 2025-04-20 N/A
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xOsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5014.
CVE-2017-14968 1 Ikarussecurity 1 Anti.virus 2025-04-20 N/A
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113.
CVE-2017-10615 1 Juniper 17 Ex3200, Ex3300, Ex3300-vc and 14 more 2025-04-20 N/A
A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Juniper Networks products are affected by this issue.
CVE-2017-6637 1 Cisco 1 Prime Collaboration Provisioning 2025-04-20 N/A
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99618.
CVE-2015-5152 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-20 N/A
Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.
CVE-2015-5187 1 Candlepinproject 1 Candlepin 2025-04-20 N/A
Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic.
CVE-2015-5284 1 Freeipa 1 Freeipa 2025-04-20 N/A
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
CVE-2015-5383 1 Roundcube 2 Roundcube Webmail, Webmail 2025-04-20 N/A
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
CVE-2017-6621 1 Cisco 1 Prime Collaboration Provisioning 2025-04-20 N/A
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626.
CVE-2017-6620 1 Cisco 2 Small Business Rv Series Router, Small Business Rv Series Router Firmware 2025-04-20 N/A
A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457.
CVE-2017-15098 3 Debian, Postgresql, Redhat 3 Debian Linux, Postgresql, Rhel Software Collections 2025-04-20 N/A
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.
CVE-2015-7893 1 Samsung 1 Galaxy S6 2025-04-20 N/A
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.
CVE-2017-6614 1 Cisco 1 Findit Network Probe 2025-04-20 N/A
A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control (RBAC) for file-download requests that are sent to the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to download and view any system file by using the affected software. Cisco Bug IDs: CSCvd11628.
CVE-2017-6613 1 Cisco 1 Prime Network Registrar 2025-04-20 N/A
A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete DNS packet header validation when the packet is received by the application. An attacker could exploit this vulnerability by sending a malformed DNS packet to the application. An exploit could allow the attacker to cause the DNS process to restart, which could lead to a DoS condition. This vulnerability affects Cisco Prime Network Registrar on all software versions prior to 8.3.5. Cisco Bug IDs: CSCvb55412.
CVE-2017-6516 1 Magnicomp 1 Sysinfo 2025-04-20 N/A
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments.