Export limit exceeded: 363449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363449 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16881 | 1 Symphony Project | 1 Symphony | 2025-04-20 | N/A |
| b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java. | ||||
| CVE-2017-16882 | 1 Icinga | 1 Icinga | 2025-04-20 | N/A |
| Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido. | ||||
| CVE-2017-16883 | 1 Libming | 1 Libming | 2025-04-20 | N/A |
| The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file. | ||||
| CVE-2017-16884 | 1 Mistserver | 1 Mistserver | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts. | ||||
| CVE-2017-1689 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | N/A |
| IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134064. | ||||
| CVE-2017-16892 | 1 Bftpd Project | 1 Bftpd | 2025-04-20 | N/A |
| In Bftpd before 4.7, there is a memory leak in the file rename function. | ||||
| CVE-2017-16893 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. tags.php is affected: values of the edit_list parameters are not sanitized; these are used to construct an SQL query and retrieve a list of registered users into the application. | ||||
| CVE-2017-16894 | 1 Laravel | 1 Laravel | 2025-04-20 | N/A |
| In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework. | ||||
| CVE-2017-16895 | 1 Arqbackup | 1 Arq | 2025-04-20 | 7.8 High |
| The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet. | ||||
| CVE-2017-16896 | 1 Tt-rss | 1 Tiny Tiny Rss | 2025-04-20 | N/A |
| A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. | ||||
| CVE-2017-16897 | 1 Auth0 | 1 Passport-wsfed-saml2 | 2025-04-20 | N/A |
| A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response). | ||||
| CVE-2017-16899 | 2 Debian, Xfig Project | 2 Debian Linux, Xfig | 2025-04-20 | N/A |
| An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c. | ||||
| CVE-2017-16902 | 1 Vonage | 2 Vdv-23, Vdv-23 Firmware | 2025-04-20 | N/A |
| On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot. | ||||
| CVE-2017-16903 | 1 Lvyecms Project | 1 Lvyecms | 2025-04-20 | N/A |
| LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php. | ||||
| CVE-2017-16904 | 1 Lvyecms Project | 1 Lvyecms | 2025-04-20 | N/A |
| The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator. | ||||
| CVE-2017-16906 | 1 Horde | 1 Groupware | 2025-04-20 | N/A |
| In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. | ||||
| CVE-2017-16907 | 1 Horde | 1 Groupware | 2025-04-20 | N/A |
| In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. | ||||
| CVE-2017-16908 | 1 Horde | 1 Groupware | 2025-04-20 | N/A |
| In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. | ||||
| CVE-2017-16919 | 1 Mapos Project | 1 Mapos | 2025-04-20 | N/A |
| MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in /clientes/visualizar, which allows remote attackers to inject arbitrary web script or HTML via a crafted description parameter. | ||||
| CVE-2017-16920 | 1 Finecms | 1 Finecms | 2025-04-20 | N/A |
| v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php. | ||||