2023

CVE-2023-3095 4 Jun 2023
Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
CVE-2023-3094 4 Jun 2023
A vulnerability classified as critical has been found in code-projects Agro-School Management System 1.0. Affected is the function doUpdateQuestion of the file btn_functions.php. The manipulation of the argument question_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230670 is the identifier assigned to this vulnerability.
CVE-2023-3091 4 Jun 2023
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. The identifier of this vulnerability is VDB-230668. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-3086 3 Jun 2023
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
CVE-2023-32582 3 Jun 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle Maurer Don8 plugin <= 0.4 versions.
CVE-2023-3085 3 Jun 2023
A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. The name of the patch is 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663.
CVE-2023-3084 3 Jun 2023
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
CVE-2023-3083 3 Jun 2023
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
CVE-2023-2416 3 Jun 2023
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link.
CVE-2023-2415 3 Jun 2023
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler.
CVE-2023-2407 3 Jun 2023
The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-2406 3 Jun 2023
The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-2405 3 Jun 2023
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-2404 3 Jun 2023
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-2303 3 Jun 2023
The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-2302 3 Jun 2023
The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-2301 3 Jun 2023
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-2300 3 Jun 2023
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-2299 3 Jun 2023
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings.
CVE-2023-2298 3 Jun 2023
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-0584 3 Jun 2023
The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an arbitrary value.
CVE-2023-0583 3 Jun 2023
The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons.
CVE-2023-33143 (v3: 7.5) 3 Jun 2023
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-3055 3 Jun 2023
The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-3053 3 Jun 2023
The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status.
CVE-2023-3052 3 Jun 2023
The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post' and 'azh_remove_post' functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-3051 3 Jun 2023
The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-2781 3 Jun 2023
The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This allows unauthenticated attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Allow Automatic Login After Successful Verification setting to be enabled, which it is not by default.
CVE-2023-3044 3 Jun 2023
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.
CVE-2023-2816 3 Jun 2023
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.
CVE-2023-1297 3 Jun 2023
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
CVE-2023-33763 2 Jun 2023
eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php.
CVE-2023-33762 2 Jun 2023
eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter.
CVE-2023-33761 2 Jun 2023
eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php.
CVE-2023-33675 2 Jun 2023
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function.
CVE-2023-33673 2 Jun 2023
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
CVE-2023-33672 2 Jun 2023
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function.
CVE-2023-33671 2 Jun 2023
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.
CVE-2023-33670 2 Jun 2023
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function.
CVE-2023-33669 2 Jun 2023
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function.
CVE-2023-3073 2 Jun 2023
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
CVE-2023-3075 2 Jun 2023
Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8.
CVE-2023-3074 2 Jun 2023
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
CVE-2023-3071 2 Jun 2023
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
CVE-2023-3070 2 Jun 2023
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
CVE-2023-3069 2 Jun 2023
Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.
CVE-2023-32215 2 Jun 2023
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CVE-2023-32213 2 Jun 2023
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CVE-2023-32212 2 Jun 2023
An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CVE-2023-32211 2 Jun 2023
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

2022

CVE-2022-24695 2 Jun 2023
Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.
CVE-2022-47617 (v3: 7.2) 2 Jun 2023
Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption.
CVE-2022-47616 (v3: 7.2) 2 Jun 2023
Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.
CVE-2022-46308 (v3: 8.8) 2 Jun 2023
SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information.
CVE-2022-46307 (v3: 8.8) 2 Jun 2023
SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks.
CVE-2022-45938 2 Jun 2023
An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation..
CVE-2022-43760 1 Jun 2023
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
CVE-2022-4333 (v3: 9.8) 1 Jun 2023
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.
CVE-2022-4332 (v3: 6.8) 1 Jun 2023
In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.
CVE-2022-35742 (v3: 7.5) 1 Jun 2023
Microsoft Outlook Denial of Service Vulnerability
CVE-2022-48502 31 May 2023
An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.
CVE-2022-35744 (v3: 9.8) 31 May 2023
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
CVE-2022-35743 (v3: 7.8) 31 May 2023
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
CVE-2022-35759 (v3: 6.5) 31 May 2023
Windows Local Security Authority (LSA) Denial of Service Vulnerability
CVE-2022-35758 (v3: 5.5) 31 May 2023
Windows Kernel Memory Information Disclosure Vulnerability
CVE-2022-35757 (v3: 7.3) 31 May 2023
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2022-35756 (v3: 7.8) 31 May 2023
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-35755 (v3: 7.3) 31 May 2023
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-35754 (v3: 6.7) 31 May 2023
Unified Write Filter Elevation of Privilege Vulnerability
CVE-2022-35753 (v3: 8.1) 31 May 2023
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35752 (v3: 8.1) 31 May 2023
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35751 (v3: 7.8) 31 May 2023
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2022-35750 (v3: 7.8) 31 May 2023
Win32k Elevation of Privilege Vulnerability
CVE-2022-35749 (v3: 7.8) 31 May 2023
Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVE-2022-35748 (v3: 7.5) 31 May 2023
HTTP.sys Denial of Service Vulnerability
CVE-2022-35747 (v3: 5.9) 31 May 2023
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
CVE-2022-35746 (v3: 7.8) 31 May 2023
Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVE-2022-35745 (v3: 8.1) 31 May 2023
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-47526 31 May 2023
Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. Exploitation of this issue does not require user interaction.
CVE-2022-47525 31 May 2023
Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Zero vulnerability in the packet parser. A remote attacker could leverage this vulnerability to cause a denial-of-service. Exploitation of this issue does not require user interaction.
CVE-2022-39075 31 May 2023
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission.
CVE-2022-39074 31 May 2023
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.
CVE-2022-39071 31 May 2023
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.
CVE-2022-48138 30 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-26829. Reason: This candidate is a reservation duplicate of CVE-2023-26829. Notes: All CVE users should reference CVE-2023-26829 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2022-48137 30 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-26830. Reason: This candidate is a reservation duplicate of CVE-2023-26830. Notes: All CVE users should reference CVE-2023-26830 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2022-47029 30 May 2023
An issue was found in Action Launcher v50.5 allows an attacker to escalate privilege via modification of the intent string to function update.
CVE-2022-47028 30 May 2023
An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert.
CVE-2022-36250 30 May 2023
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery (CSRF).
CVE-2022-36249 30 May 2023
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level.
CVE-2022-36247 30 May 2023
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za.
CVE-2022-36246 30 May 2023
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions.
CVE-2022-36244 30 May 2023
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za.
CVE-2022-36243 30 May 2023
Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm.
CVE-2022-4240 30 May 2023
Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1
CVE-2022-46361 30 May 2023
An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2.
CVE-2022-43485 30 May 2023
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1
CVE-2022-45853 30 May 2023
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-4676 30 May 2023
The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
CVE-2022-41766 29 May 2023
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed).
CVE-2022-24632 29 May 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.

2021

CVE-2021-45039 31 May 2023
Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using this buffer overflow, a remote attacker can start the telnetd service. This service has a hardcoded default username and password (root/123456). Although it has a restrictive shell, this can be easily bypassed via the built-in ECHO shell command.
CVE-2021-31233 31 May 2023
SQL Injection vulnerability found in Fighting Cock Information System v.1.0 allows a remote attacker to obtain sensitive information via the edit_breed.php parameter.
CVE-2021-37845 29 May 2023
An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potentially allows an attacker to cause a victim's e-mail messages to be stored into an attacker's IMAP mailbox, but depends on details of the victim's client behavior.
CVE-2021-27825 29 May 2023
A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL.
CVE-2021-4336 28 May 2023
A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080faec9bca1ca5342386c0421dca0a6c0cc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230084.
CVE-2021-46887 26 May 2023
Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-46886 26 May 2023
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46885 26 May 2023
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46884 26 May 2023
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46883 26 May 2023
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46882 26 May 2023
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46881 26 May 2023
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-25749 24 May 2023
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
CVE-2021-25748 24 May 2023
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
CVE-2021-46888 21 May 2023
An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.
CVE-2021-33070 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-33067 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-33066 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-33065 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-26946 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-23145 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0195 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0192 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0191 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0184 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0181 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0150 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0149 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0142 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0141 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0140 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0139 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0138 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0137 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0136 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0130 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0128 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0123 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0122 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0088 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0087 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0085 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0081 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0080 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0068 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0059 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0050 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0049 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0048 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-0047 16 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.

2020

CVE-2020-29547 29 May 2023
An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure.
CVE-2020-20012 23 May 2023
WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.
CVE-2020-36694 22 May 2023
An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12.
CVE-2020-13377 12 May 2023
The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files.
CVE-2020-6608 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6607 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6606 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6605 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6604 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6603 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6602 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6601 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6600 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6599 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6598 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6597 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6596 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6595 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6594 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6593 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6592 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6591 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-6589 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-29410 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-29408 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-29407 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-29406 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-29405 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-29404 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-29403 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-29402 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-29401 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-29400 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-29399 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-29398 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-29397 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2020-13378 12 May 2023
Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code.
CVE-2020-23363 9 May 2023
Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script.
CVE-2020-23362 9 May 2023
Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter.
CVE-2020-18280 9 May 2023
Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function.
CVE-2020-36065 8 May 2023
Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.
CVE-2020-23966 8 May 2023
SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request.
CVE-2020-22755 8 May 2023
File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.
CVE-2020-22334 8 May 2023
Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.
CVE-2020-21038 8 May 2023
Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.
CVE-2020-19660 8 May 2023
Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values.
CVE-2020-18282 8 May 2023
Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature.
CVE-2020-18132 8 May 2023
Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.
CVE-2020-18131 8 May 2023
Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5.
CVE-2020-4914 5 May 2023
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.

2019

CVE-2019-19791 29 May 2023
In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive.
CVE-2019-25137 18 May 2023
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
CVE-2019-6148 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-6141 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11804 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11803 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11802 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11801 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11800 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11799 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11798 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11797 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11796 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11795 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11794 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11793 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11792 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11791 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11790 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11789 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11788 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-11787 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2019-14944 16 Apr 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.
CVE-2019-14942 16 Apr 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP.
CVE-2019-8963 29 Mar 2023
A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher's lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool.
CVE-2019-8720 6 Mar 2023
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
CVE-2019-14651 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14650 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14649 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14648 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14647 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14646 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14645 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14644 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14643 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14642 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14641 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14640 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14639 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14638 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14637 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14636 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14635 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14634 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14633 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14632 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14631 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14628 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14627 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-14624 28 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.

2018

CVE-2018-25086 1 Jun 2023
A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The name of the patch is c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235.
CVE-2018-8661 30 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-15654 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15653 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15652 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15651 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15650 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15649 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15648 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15647 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15646 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15644 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15643 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15642 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15639 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15637 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15636 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-15630 12 May 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2018-25085 1 May 2023
A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The name of the patch is 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755.
CVE-2018-17883 16 Apr 2023
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.
CVE-2018-17537 16 Apr 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .
CVE-2018-17536 16 Apr 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import.
CVE-2018-17455 16 Apr 2023
An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature.
CVE-2018-17454 16 Apr 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen.
CVE-2018-17453 16 Apr 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.
CVE-2018-17452 16 Apr 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.
CVE-2018-17451 16 Apr 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.
CVE-2018-17450 16 Apr 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token.
CVE-2018-17449 16 Apr 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference.
CVE-2018-15472 16 Apr 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.
CVE-2018-25084 10 Apr 2023
A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The name of the patch is f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability.
CVE-2018-25083 27 Mar 2023
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.
CVE-2018-25048 (v3: 8.8) 23 Mar 2023
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
CVE-2018-25082 21 Mar 2023
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name of the patch is e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.
CVE-2018-25081 9 Mar 2023
** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default.
CVE-2018-3709 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3708 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3707 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3706 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3695 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3694 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3692 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3685 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3681 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3680 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3678 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3677 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3676 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3675 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-3674 3 Mar 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.

2017

CVE-2017-20183 5 May 2023
A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability.
CVE-2017-20184 (v3: 7.5) 4 May 2023
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device.
CVE-2017-11197 3 May 2023
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.
CVE-2017-6894 29 Mar 2023
A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local system.
CVE-2017-20182 10 Mar 2023
A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 329eb1dd1580ca1f9d4f95bc69939833226515c9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222611.
CVE-2017-20181 7 Mar 2023
A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328.
CVE-2017-20180 6 Mar 2023
A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability.
CVE-2017-1021 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1020 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1019 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1018 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1017 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1016 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1015 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1014 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1013 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1012 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1011 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1010 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1009 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1008 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1007 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1006 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1005 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1004 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1003 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1002 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1001 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1000 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0999 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0998 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0997 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0996 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0995 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0994 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0993 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0992 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0991 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0990 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0989 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0988 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0987 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0986 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0985 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0984 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0983 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0982 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-0981 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1069 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-1068 22 Feb 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.

2016

CVE-2016-15032 2 Jun 2023
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR'] leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.1.8 is able to address this issue. The name of the patch is a754bf306a433a8c18b55e25595593e8f19b9463. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2016-15031 6 May 2023
A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability.
CVE-2016-15030 25 Mar 2023
A vulnerability classified as problematic has been found in Arno0x TwoFactorAuth. This affects an unknown part of the file login/login.php. The manipulation of the argument from leads to open redirect. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 8549ad3cf197095f783643e41333586d6a4d0e54. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223803.
CVE-2016-15029 21 Mar 2023
A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and classified as problematic. This vulnerability affects unknown code of the file webroot/stats.php. The manipulation of the argument link/search leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.10.0 is able to address this issue. The name of the patch is 67e87f0f0c1ac238fcd050f4c3db298229bc9679. It is recommended to upgrade the affected component. VDB-223402 is the identifier assigned to this vulnerability.
CVE-2016-15028 12 Mar 2023
A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The attack can be launched remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is 61f6b8758e5c971abff5f901cfa9f231052b775f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222847.
CVE-2016-15027 20 Feb 2023
A vulnerability was found in meta4creations Post Duplicator Plugin 2.18. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. The name of the patch is ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221496.
CVE-2016-15026 20 Feb 2023
A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The name of the patch is 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability.
CVE-2016-15025 20 Feb 2023
A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/_app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is c17092fd4103143a9ddab93c8983ace8bf174396. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221484.
CVE-2016-15024 19 Feb 2023
A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability.
CVE-2016-15023 31 Jan 2023
A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The name of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability.
CVE-2016-15022 29 Jan 2023
A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is able to address this issue. The name of the patch is 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715.
CVE-2016-15021 17 Jan 2023
A vulnerability was found in nickzren alsdb. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version v2 is able to address this issue. The name of the patch is cbc79a68145e845f951113d184b4de207c341599. It is recommended to upgrade the affected component. The identifier VDB-218429 was assigned to this vulnerability.
CVE-2016-15020 16 Jan 2023
A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The name of the patch is 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391.
CVE-2016-15019 15 Jan 2023
A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The name of the patch is 64eb2677671018fc08b96718b81e3dbc83693190. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218375.
CVE-2016-15018 15 Jan 2023
A vulnerability was found in krail-jpa up to 0.9.1. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version 0.9.2 is able to address this issue. The name of the patch is c1e848665492e21ef6cc9be443205e36b9a1f6be. It is recommended to upgrade the affected component. The identifier VDB-218373 was assigned to this vulnerability.
CVE-2016-15017 (v3: 9.8) 10 Jan 2023
A vulnerability has been found in fabarea media_upload and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The name of the patch is b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability.
CVE-2016-15016 8 Jan 2023
A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The name of the patch is 27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb. It is recommended to upgrade the affected component. The identifier VDB-217653 was assigned to this vulnerability.
CVE-2016-15015 8 Jan 2023
A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 3e7d29dc0ca6c054a6d6e211f32dae89078594c1. It is recommended to upgrade the affected component. VDB-217650 is the identifier assigned to this vulnerability.
CVE-2016-15014 7 Jan 2023
A vulnerability has been found in CESNET theme-cesnet up to 1.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability.
CVE-2016-15013 7 Jan 2023
A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the function list_keywords of the file event/listener.php. The manipulation of the argument word leads to sql injection. The name of the patch is dd8a312bb285ad9735a8e1da58e9e955837b7322. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217628.
CVE-2016-15012 7 Jan 2023
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The name of the patch is 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2016-15011 6 Jan 2023
A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.2 is able to address this issue. The name of the patch is ec4238349691ec66dd30b416ec6eaab02d722302. It is recommended to upgrade the affected component. The identifier VDB-217549 was assigned to this vulnerability.
CVE-2016-15010 5 Jan 2023
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. The name of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2016-15009 5 Jan 2023
A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is aee43e5714cd8b697355ec3bf83eefee176d3fc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217440.
CVE-2016-15008 4 Jan 2023
A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir of the file js/channel.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is c1a6c44092585da4236237e0e7da94ee2996a0ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217355.
CVE-2016-15007 2 Jan 2023
A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The name of the patch is db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195.
CVE-2016-15006 2 Jan 2023
A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. Upgrading to version 2.3 is able to address this issue. The name of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability.
CVE-2016-15005 27 Dec 2022
CSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.
CVE-2016-20018 19 Dec 2022
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
CVE-2016-20017 19 Oct 2022
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
CVE-2016-20016 19 Oct 2022
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE" because of the easily identifying HTTP response server field. Other firmware versions, at least from 2014 through 2019, can be affected. This was exploited in the wild in 2017 through 2022.
CVE-2016-2338 29 Sep 2022
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.
CVE-2016-20015 20 Sep 2022
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.
CVE-2016-3098 5 Aug 2022
Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.
CVE-2016-4981 29 Jul 2022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4982. Reason: This candidate is a duplicate of CVE-2016-4982. Notes: All CVE users should reference CVE-2016-4982 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2016-7049 28 Jul 2022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.
CVE-2016-7029 28 Jul 2022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.
CVE-2016-6326 28 Jul 2022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.
CVE-2016-6324 28 Jul 2022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.
CVE-2016-6315 28 Jul 2022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.
CVE-2016-6314 28 Jul 2022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.
CVE-2016-5428 28 Jul 2022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.
CVE-2016-5415 28 Jul 2022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.
CVE-2016-5413 28 Jul 2022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.
CVE-2016-4991 28 Jul 2022
Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3.0.
CVE-2016-4458 28 Jul 2022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.
CVE-2016-4452 28 Jul 2022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.
CVE-2016-4427 28 Jul 2022
In zulip before 1.3.12, deactivated users could access messages if SSO was enabled.
CVE-2016-4426 28 Jul 2022
In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.
CVE-2016-3730 28 Jul 2022
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.

2015

CVE-2015-10111 4 Jun 2023
A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The name of the patch is bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651.
CVE-2015-10110 2 Jun 2023
A vulnerability classified as problematic was found in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress. This vulnerability affects the function wp_show_room_spy of the file room-spy.php. The manipulation of the argument room leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 is able to address this issue. The name of the patch is ab72627a963d61fb3bc31018e3855b08dc94a979. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230392.
CVE-2015-10109 1 Jun 2023
A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264.
CVE-2015-10108 31 May 2023
A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The name of the patch is 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability.
CVE-2015-10107 31 May 2023
A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The name of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability.
CVE-2015-10106 28 May 2023
A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The name of the patch is 429f50f4e4795b20dae06735b41fb94f010722bf. It is recommended to upgrade the affected component. VDB-230086 is the identifier assigned to this vulnerability.
CVE-2015-20108 27 May 2023
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
CVE-2015-10105 1 May 2023
A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability.
CVE-2015-10104 30 Apr 2023
A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756.
CVE-2015-10103 17 Apr 2023
A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the local host. Upgrading to version 1.4 is able to address this issue. The name of the patch is adf0c7fd59b9c935b4fd675c556265620124999c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226119.
CVE-2015-10102 17 Apr 2023
A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The name of the patch is 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability.
CVE-2015-10101 15 Apr 2023
A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The name of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability.
CVE-2015-10100 10 Apr 2023
A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The name of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability.
CVE-2015-10099 10 Apr 2023
A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351.
CVE-2015-10098 8 Apr 2023
A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152.
CVE-2015-10097 25 Mar 2023
A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The name of the patch is 57e4409e19203a94495140ff1b5a697734d17cfb. It is recommended to apply a patch to fix this issue. The identifier VDB-223801 was assigned to this vulnerability.
CVE-2015-10096 20 Mar 2023
A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.1 is able to address this issue. The name of the patch is 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383.
CVE-2015-10087 7 Mar 2023
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2015-10095 6 Mar 2023
A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327.
CVE-2015-10094 6 Mar 2023
A vulnerability was found in Fastly Plugin up to 0.97. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The name of the patch is d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability.
CVE-2015-10093 6 Mar 2023
A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability.
CVE-2015-10092 6 Mar 2023
A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324.
CVE-2015-10091 6 Mar 2023
A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability.
CVE-2015-10090 6 Mar 2023
A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320.
CVE-2015-10089 5 Mar 2023
A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291.
CVE-2015-10088 5 Mar 2023
A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The name of the patch is 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267.
CVE-2015-10086 28 Feb 2023
A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808.
CVE-2015-10085 21 Feb 2023
A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability.
CVE-2015-10084 21 Feb 2023
A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221504.
CVE-2015-10083 21 Feb 2023
A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 04b223813f0e336aab50bff140d0f5889c31dbec. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221503.
CVE-2015-10082 21 Feb 2023
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.
CVE-2015-10081 20 Feb 2023
A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The name of the patch is a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495.
CVE-2015-10080 20 Feb 2023
A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is f53a9fb87e10c457f0f3dd4f2af24d3b2f21b3ca. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221487.
CVE-2015-10079 13 Feb 2023
A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rated as problematic. This issue affects the function parseLinks of the file public/parser.js. The manipulation of the argument text leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.0.3 is able to address this issue. The name of the patch is 45fd885895ae13e8d9b3a71e89d59768914f60af. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220751.
CVE-2015-10078 12 Feb 2023
A vulnerability, which was classified as problematic, has been found in atwellpub Resend Welcome Email Plugin 1.0.1. This issue affects the function send_welcome_email_url of the file resend-welcome-email.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is b14c1f66d307783f0ae74f88088a85999107695c. It is recommended to upgrade the affected component. The identifier VDB-220637 was assigned to this vulnerability.
CVE-2015-10077 10 Feb 2023
A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The name of the patch is 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471.
CVE-2015-10076 9 Feb 2023
A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability.
CVE-2015-10075 7 Feb 2023
A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is e05e0104fc42ad13b57e2b2cb2d1857432624d39. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220219. NOTE: This attack is not very likely.
CVE-2015-10074 7 Feb 2023
A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this issue. The name of the patch is 8649157158f921590d650e2d2f4bdf0df1017e9d. It is recommended to upgrade the affected component. VDB-220218 is the identifier assigned to this vulnerability.
CVE-2015-10073 6 Feb 2023
A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 089a5797be612b18a820f9f1e6593ad9a91b1dba. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220215.
CVE-2015-10072 4 Feb 2023
A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is bcc0e922c61d30367678c8f17a435950969315cd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220060.
CVE-2015-10071 19 Jan 2023
A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. Upgrading to version 1.0 is able to address this issue. The name of the patch is 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951.
CVE-2015-10070 19 Jan 2023
A vulnerability was found in copperwall Twiddit. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation leads to sql injection. The name of the patch is 2203d4ce9810bdaccece5c48ff4888658a01acfc. It is recommended to apply a patch to fix this issue. The identifier VDB-218897 was assigned to this vulnerability.
CVE-2015-10069 19 Jan 2023
A vulnerability was found in viakondratiuk cash-machine. It has been declared as critical. This vulnerability affects the function is_card_pin_at_session/update_failed_attempts of the file machine.py. The manipulation leads to sql injection. The name of the patch is 62a6e24efdfa195b70d7df140d8287fdc38eb66d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218896.
CVE-2015-10068 18 Jan 2023
A vulnerability classified as critical was found in danynab movify-j. This vulnerability affects the function getByMovieId of the file app/business/impl/ReviewServiceImpl.java. The manipulation of the argument movieId/username leads to sql injection. The name of the patch is c3085e01936a4d7eff1eda3093f25d56cc4d2ec5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218476.
CVE-2015-10067 18 Jan 2023
A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulation leads to race condition within a thread. The name of the patch is 0e58073c831093aad75e077962e9fb55cad0dc5f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218463.
CVE-2015-10066 18 Jan 2023
A vulnerability was found in tynx wuersch and classified as critical. Affected by this issue is the function packValue/getByCustomQuery of the file backend/base/Store.class.php. The manipulation leads to sql injection. The name of the patch is 66d4718750a741d1053d327a79e285fd50372519. It is recommended to apply a patch to fix this issue. VDB-218462 is the identifier assigned to this vulnerability.
CVE-2015-10065 17 Jan 2023
A vulnerability classified as critical was found in AenBleidd FiND. This vulnerability affects the function init_result of the file validator/my_validator.cpp. The manipulation leads to buffer overflow. The name of the patch is ee2eef34a83644f286c9adcaf30437f92e9c48f1. It is recommended to apply a patch to fix this issue. VDB-218458 is the identifier assigned to this vulnerability.
CVE-2015-10064 17 Jan 2023
A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218455.
CVE-2015-10063 17 Jan 2023
A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The name of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. It is recommended to apply a patch to fix this issue. The identifier VDB-218453 was assigned to this vulnerability.

2014

CVE-2014-125104 1 Jun 2023
A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The name of the patch is e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263.
CVE-2014-125103 31 May 2023
A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function twttr_settings_page of the file twitter.php. The manipulation of the argument twttr_url_twitter/bws_license_key/bws_license_plugin leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is e04d59ab578316ffeb204cf32dc71c0d0e1ff77c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230155.
CVE-2014-125102 30 May 2023
A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 was assigned to this vulnerability.
CVE-2014-125101 28 May 2023
A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. The name of the patch is 58ed88243e17df766036f4857041edaf358076d3. It is recommended to upgrade the affected component. The identifier VDB-230085 was assigned to this vulnerability.
CVE-2014-125100 2 May 2023
A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is dbb71deee071422ce3e663fbcdce3ad24886f940. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227764.
CVE-2014-125099 20 Apr 2023
A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The name of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability.
CVE-2014-125098 10 Apr 2023
A vulnerability was found in Dart http_server up to 0.9.5 and classified as problematic. Affected by this issue is the function VirtualDirectory of the file lib/src/virtual_directory.dart of the component Directory Listing Handler. The manipulation of the argument request.uri.path leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.9.6 is able to address this issue. The name of the patch is 27c1cbd8125bb0369e675eb72e48218496e48ffb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225356.
CVE-2014-125097 10 Apr 2023
A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. The name of the patch is b766da8fa100779409a953f0e46c2a2448cbe99c. It is recommended to upgrade the affected component. VDB-225354 is the identifier assigned to this vulnerability.
CVE-2014-125096 10 Apr 2023
A vulnerability was found in Fancy Gallery Plugin 1.5.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file class.options.php of the component Options Page. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.13 is able to address this issue. The name of the patch is fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d. It is recommended to upgrade the affected component. The identifier VDB-225349 was assigned to this vulnerability.
CVE-2014-125095 9 Apr 2023
A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is 4d531f74b4a801c805dc80360d4ea1312e9a278f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225320.
CVE-2014-125094 6 Apr 2023
A vulnerability classified as problematic was found in phpMiniAdmin up to 1.8.120510. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.140405 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-225001 was assigned to this vulnerability.
CVE-2014-125093 10 Mar 2023
A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigned to this vulnerability.
CVE-2014-125092 5 Mar 2023
A vulnerability was found in MaxButtons Plugin up to 1.26.0 and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.26.1 is able to address this issue. The name of the patch is e74564c9e3b7429808e317f4916bd1c26ef0b806. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222323.
CVE-2014-125091 4 Mar 2023
A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268.
CVE-2014-125090 4 Mar 2023
A vulnerability was found in Media Downloader Plugin 0.1.992. It has been declared as problematic. This vulnerability affects the function dl_file_resumable of the file getfile.php. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.1.993 is able to address this issue. The name of the patch is 77beb720c682b9300035ab5f96eee225181d8a92. It is recommended to upgrade the affected component. VDB-222262 is the identifier assigned to this vulnerability.
CVE-2014-125089 21 Feb 2023
A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The name of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability.
CVE-2014-125088 20 Feb 2023
A vulnerability was found in qt-users-jp silk 0.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file contents/root/examples/header.qml. The manipulation of the argument model.key/model.value leads to cross site scripting. The attack can be initiated remotely. The name of the patch is bbc5d6eeea800025ef29edda3fd3c57836239eae. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221488.
CVE-2014-125087 19 Feb 2023
A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.
CVE-2014-125086 6 Feb 2023
A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207.
CVE-2014-125085 6 Feb 2023
A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is f11a136e9cbd24997354965178728dc22a2aa2ed. It is recommended to upgrade the affected component. VDB-220206 is the identifier assigned to this vulnerability.
CVE-2014-125084 6 Feb 2023
A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability.
CVE-2014-125083 19 Jan 2023
A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The name of the patch is 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911.
CVE-2014-125082 18 Jan 2023
A vulnerability was found in nivit redports. It has been declared as critical. This vulnerability affects unknown code of the file redports-trac/redports/model.py. The manipulation leads to sql injection. The name of the patch is fc2c1ea1b8d795094abb15ac73cab90830534e04. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218464.
CVE-2014-125081 17 Jan 2023
A vulnerability, which was classified as critical, has been found in risheesh debutsav. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 7a8430df79277c613449262201cc792db894fc76. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218459.
CVE-2014-125080 16 Jan 2023
A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The name of the patch is a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability.
CVE-2014-125079 15 Jan 2023
A vulnerability was found in agy pontifex.http. It has been declared as critical. This vulnerability affects unknown code of the file lib/Http.coffee. The manipulation leads to sql injection. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is e52a758f96861dcef2dabfecb9da191bb2e07761. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218356.
CVE-2014-125078 15 Jan 2023
A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 32a7b713468161282f2ea01d5e2faff980d924cd. It is recommended to apply a patch to fix this issue. VDB-218354 is the identifier assigned to this vulnerability.
CVE-2014-125077 15 Jan 2023
A vulnerability, which was classified as critical, has been found in pointhi searx_stats. This issue affects some unknown processing of the file cgi/cron.php. The manipulation leads to sql injection. The name of the patch is 281bd679a4474ddb222d16c1c380f252839cc18f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218351.
CVE-2014-125076 11 Jan 2023
A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The name of the patch is 0a60b31271d4cbf8babe4be993d2a3a1617f0897. It is recommended to apply a patch to fix this issue. VDB-218022 is the identifier assigned to this vulnerability.
CVE-2014-125075 11 Jan 2023
A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The name of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability.
CVE-2014-125074 11 Jan 2023
A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The name of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability.
CVE-2014-125073 10 Jan 2023
A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The name of the patch is b290c21a0d8bcdbd55db860afd3cadec97388e72. It is recommended to apply a patch to fix this issue. VDB-217790 is the identifier assigned to this vulnerability.
CVE-2014-125072 9 Jan 2023
A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719.
CVE-2014-125071 (v3: 9.8) 9 Jan 2023
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217716.
CVE-2014-125070 8 Jan 2023
A vulnerability has been found in yanheven console and classified as problematic. Affected by this vulnerability is the function get_zone_hosts/AvailabilityZonesTable of the file openstack_dashboard/dashboards/admin/aggregates/tables.py. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is ba908ae88d5925f4f6783eb234cc4ea95017472b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217651.
CVE-2014-125069 8 Jan 2023
A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644.
CVE-2014-125068 8 Jan 2023
A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643.
CVE-2014-125067 8 Jan 2023
A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql injection. The name of the patch is d64fddd74ca72714e73f4efe24259ca05c8190eb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217639.
CVE-2014-125066 8 Jan 2023
A vulnerability was found in emmflo yuko-bot. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument title leads to denial of service. The attack can be initiated remotely. The name of the patch is e580584b877934a4298d4dd0c497c79e579380d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217636.
CVE-2014-125029 7 Jan 2023
A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability.
CVE-2014-125065 7 Jan 2023
A vulnerability, which was classified as critical, was found in john5223 bottle-auth. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is 99cfbcc0c1429096e3479744223ffb4fda276875. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217632.
CVE-2014-125064 7 Jan 2023
A vulnerability, which was classified as critical, has been found in elgs gosqljson. This issue affects the function QueryDbToArray/QueryDbToMap/ExecDb of the file gosqljson.go. The manipulation of the argument sqlStatement leads to sql injection. The name of the patch is 2740b331546cb88eb61771df4c07d389e9f0363a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217631.
CVE-2014-125063 7 Jan 2023
A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability.
CVE-2014-125062 7 Jan 2023
A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The name of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is recommended to apply a patch to fix this issue. The identifier VDB-217621 was assigned to this vulnerability.
CVE-2014-125061 7 Jan 2023
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical. Affected by this issue is the function select_transfer_status_desc of the file lib/common.rb. The manipulation leads to sql injection. The name of the patch is 91097e26a6c84d3208a351afaa52e0f62e5853ef. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217616. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2014-125060 7 Jan 2023
A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The name of the patch is b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability.
CVE-2014-125059 7 Jan 2023
A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers.
CVE-2014-125058 7 Jan 2023
A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function search_first_name of the file search.rb. The manipulation leads to sql injection. The name of the patch is d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217607. NOTE: Maintainer is aware of this issue as remarked in the source code.
CVE-2014-125057 7 Jan 2023
A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The name of the patch is 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599.
CVE-2014-125056 7 Jan 2023
A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The name of the patch is fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability.