Export limit exceeded: 364787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364787 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-6799 1 Mantisbt 1 Mantisbt 2025-04-20 N/A
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.
CVE-2017-6803 1 Solarwinds 1 Ftp Voyager 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml.
CVE-2017-6805 1 Mobatek 1 Mobaxterm 2025-04-20 N/A
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
CVE-2017-6807 1 Uninett 1 Mod Auth Mellon 2025-04-20 N/A
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.
CVE-2017-6808 1 Mangoswebv4 Project 1 Mangoswebv4 2025-04-20 N/A
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter).
CVE-2017-6809 1 Mangoswebv4 Project 1 Mangoswebv4 2025-04-20 N/A
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter).
CVE-2017-6810 1 Mangoswebv4 Project 1 Mangoswebv4 2025-04-20 N/A
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter).
CVE-2017-6811 1 Mangoswebv4 Project 1 Mangoswebv4 2025-04-20 N/A
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter).
CVE-2017-6814 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.
CVE-2017-6815 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
CVE-2017-6816 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
CVE-2017-6817 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
CVE-2017-6818 1 Wordpress 1 Wordpress 2025-04-20 N/A
In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.
CVE-2017-6819 1 Wordpress 1 Wordpress 2025-04-20 N/A
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.
CVE-2017-6820 1 Roundcube 1 Webmail 2025-04-20 N/A
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
CVE-2017-6821 1 Synacor 1 Zimbra Collaboration Suite 2025-04-20 N/A
Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.
CVE-2017-6828 1 Audiofile 1 Audiofile 2025-04-20 N/A
Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file.
CVE-2017-6829 1 Audiofile 1 Audiofile 2025-04-20 N/A
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2017-6830 1 Audiofile 1 Audiofile 2025-04-20 N/A
Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2017-6831 2 Audiofile, Debian 2 Audiofile, Debian Linux 2025-04-20 5.5 Medium
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.