Export limit exceeded: 364787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364787 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6799 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | N/A |
| A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter. | ||||
| CVE-2017-6803 | 1 Solarwinds | 1 Ftp Voyager | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml. | ||||
| CVE-2017-6805 | 1 Mobatek | 1 Mobaxterm | 2025-04-20 | N/A |
| Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command. | ||||
| CVE-2017-6807 | 1 Uninett | 1 Mod Auth Mellon | 2025-04-20 | N/A |
| mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. | ||||
| CVE-2017-6808 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2025-04-20 | N/A |
| paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter). | ||||
| CVE-2017-6809 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2025-04-20 | N/A |
| paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter). | ||||
| CVE-2017-6810 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2025-04-20 | N/A |
| paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter). | ||||
| CVE-2017-6811 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2025-04-20 | N/A |
| paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter). | ||||
| CVE-2017-6814 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | N/A |
| In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. | ||||
| CVE-2017-6815 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | N/A |
| In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. | ||||
| CVE-2017-6816 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | N/A |
| In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | ||||
| CVE-2017-6817 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | N/A |
| In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | ||||
| CVE-2017-6818 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names. | ||||
| CVE-2017-6819 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This. | ||||
| CVE-2017-6820 | 1 Roundcube | 1 Webmail | 2025-04-20 | N/A |
| rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element. | ||||
| CVE-2017-6821 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-20 | N/A |
| Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. | ||||
| CVE-2017-6828 | 1 Audiofile | 1 Audiofile | 2025-04-20 | N/A |
| Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file. | ||||
| CVE-2017-6829 | 1 Audiofile | 1 Audiofile | 2025-04-20 | N/A |
| The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||||
| CVE-2017-6830 | 1 Audiofile | 1 Audiofile | 2025-04-20 | N/A |
| Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||||
| CVE-2017-6831 | 2 Audiofile, Debian | 2 Audiofile, Debian Linux | 2025-04-20 | 5.5 Medium |
| Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||||