VYPR

CVEs

101,963 total · page 1873 of 2,040

  • CVE-2017-10784HigSep 19, 2017
    risk 0.52cvss 8.8epss 0.16

    The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

  • CVE-2017-14581HigSep 19, 2017
    risk 0.49cvss 7.5epss 0.02

    The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.

  • CVE-2017-14311HigSep 19, 2017
    risk 0.54cvss 7.8epss 0.01

    The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call.

  • CVE-2017-14141HigSep 19, 2017
    risk 0.47cvss 7.2epss 0.03

    The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.

  • CVE-2015-4089HigSep 19, 2017
    risk 0.57cvss 8.8epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1)…

  • CVE-2015-1854HigSep 19, 2017
    risk 0.49cvss 7.5epss 0.02

    389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.

  • CVE-2015-0689HigSep 19, 2017
    risk 0.49cvss 7.5epss 0.01

    Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743.

  • CVE-2014-9619HigSep 19, 2017
    risk 0.50cvss 7.2epss 0.07

    Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code…

  • CVE-2014-9616HigSep 19, 2017
    risk 0.49cvss 7.5epss 0.02

    Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page.

  • CVE-2014-5362HigSep 19, 2017
    risk 0.47cvss 7.2epss 0.03

    The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top…

  • CVE-2017-10931HigSep 19, 2017
    risk 0.49cvss 7.5epss 0.01

    The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.

  • CVE-2017-12616HigSep 19, 2017
    risk 0.54cvss 7.5epss 0.71

    When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

  • CVE-2017-12615HigKEVSep 19, 2017
    risk 0.82cvss 8.1epss 1.00

    When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and…

  • CVE-2017-9803HigSep 18, 2017
    risk 0.49cvss 7.5epss 0.02

    Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g.…

  • CVE-2017-14580HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000870f."

  • CVE-2017-14579HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000005b70."

  • CVE-2017-14578HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.01

    IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4."

  • CVE-2017-14577HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Control Flow starting at Unknown Symbol @ 0x0000000003aa7cef called from Unknown Symbol @ 0x0000000004aa024d."

  • CVE-2017-14576HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000049f0281."

  • CVE-2017-14575HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x0000000002d8024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566c."

  • CVE-2017-14574HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x0000000004940490."

  • CVE-2017-14573HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000030c024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566a."

  • CVE-2017-14572HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x000000000479049b called from Unknown Symbol @ 0x000000000d89645b."

  • CVE-2017-14571HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025706."

  • CVE-2017-14570HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64LdrpInitialize+0x00000000000008e1."

  • CVE-2017-14569HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Read Access Violation starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd5."

  • CVE-2017-14568HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x000000000297024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025630."

  • CVE-2017-14567HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000028c024d called from STDUXPSFile!DllUnregisterServer+0x000000000002e77b."

  • CVE-2017-14566HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x00000000039d76c4 called from Unknown Symbol @ 0x0000000000049d2c."

  • CVE-2017-14565HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000038f2fbf called from image00000000_00400000+0x0000000000240065."

  • CVE-2017-14564HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000028657."

  • CVE-2017-14563HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005311."

  • CVE-2017-14562HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

  • CVE-2017-14561HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000048c024d called from STDUXPSFile!DllUnregisterServer+0x0000000000025638."

  • CVE-2017-14560HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd2."

  • CVE-2017-14559HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005af2."

  • CVE-2017-14558HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x0000000000018cc2."

  • CVE-2017-14557HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000dd3f."

  • CVE-2017-14556HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000da27."

  • CVE-2017-14555HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at…

  • CVE-2017-14554HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d908."

  • CVE-2017-14553HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x00000000000085f5."

  • CVE-2017-14552HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9a9."

  • CVE-2017-14551HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9f2."

  • CVE-2017-14550HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000e8b8."

  • CVE-2017-14549HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

  • CVE-2017-14548HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000854d."

  • CVE-2017-14547HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mobi file, related to a "Read Access Violation starting at STDUMOBIFile!DllUnregisterServer+0x000000000002efc0."

  • CVE-2017-14546HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

  • CVE-2017-14545HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000010332."