| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable. |
| Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in the file name. |
| A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. |
| VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained. |
| An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. |
| Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. |
| In Moodle 3.x, glossary search displays entries without checking user permissions to view them. |
| Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename. |
| Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. |
| PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. |
| PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. |
| Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. |
| Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. |
| PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. |
| The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file. |
| ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. |
| PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. |
| The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. |