| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file. |
| Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/. |
| SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/. |
| Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter. |
| SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/. |
| Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. |
| Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/. |
| SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php. |
| The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. |
| WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. |
| WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4. |
| WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. |
| XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data. |
| App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action. |
| daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme. |
| Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. |
| Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. |
| The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments. |
| Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. |