Search

Search Results (364883 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-3133 1 Fortinet 1 Fortios 2025-04-20 N/A
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
CVE-2017-4917 1 Vmware 1 Vsphere Data Protection 2025-04-20 N/A
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.
CVE-2017-7738 1 Fortinet 1 Fortios 2025-04-20 N/A
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.
CVE-2015-4455 1 Aviary Image Editor Add-on For Gravity Forms Project 1 Aviary Image Editor Add-on For Gravity Forms 2025-04-20 N/A
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.
CVE-2016-5012 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 3.x, glossary search displays entries without checking user permissions to view them.
CVE-2017-11323 1 Estsoft 1 Alzip 2025-04-20 7.8 High
Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.
CVE-2010-5327 1 Liferay 1 Liferay Portal 2025-04-20 N/A
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.
CVE-2017-12810 1 Stivasoft 1 Phpjabbers Newsletter Script 2025-04-20 N/A
PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel.
CVE-2017-12812 1 Stivasoft 1 Phpjabbers Night Club Booking Software 2025-04-20 N/A
PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.
CVE-2015-8667 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
CVE-2016-2087 1 Hexchat Project 1 Hexchat 2025-04-20 N/A
Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
CVE-2017-12813 1 Stivasoft 1 Phpjabbers File Sharing Script 2025-04-20 N/A
PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.
CVE-2017-13056 1 Tracker-software 1 Pdf-xchange Viewer 2025-04-20 N/A
The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2017-17901 1 Zyxel 2 P-660hw, P-660hw Firmware 2025-04-20 N/A
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.
CVE-2017-17941 1 Single Theater Booking Script Project 1 Single Theater Booking Script 2025-04-20 N/A
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.
CVE-2017-17951 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.
CVE-2014-9772 1 Nodejs 1 Node.js 2025-04-20 N/A
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
CVE-2017-17953 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.
CVE-2017-5515 1 Metalgenix 1 Genixcms 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.
CVE-2017-17957 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.