CVE Reference Map for Source FULLDISC
| Source | FULLDISC |
| Description | Full-Disclosure mailing list |
| URL | http://lists.grok.org.uk/pipermail/full-disclosure/ |
| Notes |
This reference map lists the various references for FULLDISC and provides the associated CVE entries or candidates. It uses data from CVE version 20061101 and candidates that were active as of 2024-03-26.
Note that the list of references may not be complete.
| FULLDISC:04052021 Re: Three vulnerabilities found in MikroTik's RouterOS | CVE-2020-20265 |
| FULLDISC:20020717 TheServer cleartext password sillyness. | CVE-2002-2389 |
| FULLDISC:20020719 Vulnerability found: Adobe Acrobat eBook Reader and Content Server | CVE-2002-1016 |
| FULLDISC:20020720 Netscape Communicator META Refresh Denial of Service | CVE-2002-2308 |
| FULLDISC:20020720 PHP Resource Exhaustion Denial of Service | CVE-2002-2309 |
| FULLDISC:20020724 REFRESH: EUDORA MAIL 5.1.1 | CVE-2002-2313 |
| FULLDISC:20020808 Cross-Site Scripting Issues in Falcon Web Server | CVE-2002-2318 |
| FULLDISC:20020829 RPM verification | CVE-2002-2204 |
| FULLDISC:20020903 Check Point statement on use of IKE Aggressive Mode | CVE-2002-1623 |
| FULLDISC:20020917 Trillian .74 and below, ident flaw. | CVE-2002-2390 |
| FULLDISC:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification | CVE-2000-1031 CVE-2002-1604 CVE-2002-1605 CVE-2002-1614 CVE-2002-1616 CVE-2002-1617 |
| FULLDISC:20020920 Alsasound local b0f (not an issue if not setuid root) | CVE-2002-1896 |
| FULLDISC:20020927 Buffer Overrun in SmartHTML Interpreter Could Allow Code Executio n (Q324096) | CVE-2002-0692 |
| FULLDISC:20021021 kmMail XSS | CVE-2002-1958 |
| FULLDISC:20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site | CVE-2002-2414 |
| FULLDISC:20021124 BadBlue XSS/Information Disclosure Vulnerabilities | CVE-2002-2289 |
| FULLDISC:20021130 Multiple pServ Remote Buffer Overflow Vulnerabilities | CVE-2002-2295 |
| FULLDISC:20021213 Some vim problems, yet still vim much better than windows | CVE-2002-1377 |
| FULLDISC:20030107 CuteFTP 5.0 XP, Buffer Overflow | CVE-2003-1260 |
| FULLDISC:20030120 Advisory 01/2003: CVS remote vulnerability | CVE-2003-0015 |
| FULLDISC:20030217 [argv] BitchX-353 Vulnerability | CVE-2003-1450 |
| FULLDISC:20030218 Re: CSSA-2003-007.0 Advisory withdrawn. | CVE-2002-0842 |
| FULLDISC:20030223 GOnicus System Administrator php injection | CVE-2003-1412 |
| FULLDISC:20030223 moxftp arbitrary code execution poc/advisory | CVE-2003-0203 |
| FULLDISC:20030302 [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor | CVE-2003-1384 |
| FULLDISC:20030304 SAP R/3, account locking and RFC SDK | CVE-2003-1035 |
| FULLDISC:20030308 Ethereal format string bug, yet still ethereal much better than windows | CVE-2003-0081 |
| FULLDISC:20030324 Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged | CVE-2002-0030 |
| FULLDISC:20030329 Sendmail: -1 gone wild | CVE-2003-0161 |
| FULLDISC:20030406 Seti@home information leakage and remote compromise | CVE-2003-1118 |
| FULLDISC:20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach | CVE-2003-0208 |
| FULLDISC:20030416 [VulnWatch] Apache mod_access_referer denial of service issue | CVE-2003-1054 |
| FULLDISC:20030422 UDP bypassing in Kerio Firewall 2.1.4 | CVE-2003-1491 |
| FULLDISC:20030430 OpenSSH/PAM timing attack allows remote users identification | CVE-2003-0190 |
| FULLDISC:20030506 youbin local root exploit + advisory | CVE-2003-0269 |
| FULLDISC:20030509 ltris-and-slashem-tty possible trouble | CVE-2003-1473 CVE-2003-1474 |
| FULLDISC:20030510 [forward]Apple Safari and Konqueror Embedded Common Name Verification Vulnerability | CVE-2003-0370 |
| FULLDISC:20030519 emacs 21.3 fixes security bugs | CVE-2003-1232 |
| FULLDISC:20030610 mnogosearch 3.1.20 and 3.2.10 buffer overflow | CVE-2003-0436 CVE-2003-0437 |
| FULLDISC:20030612 libmysqlclient 4.x and below mysql_real_connect() buffer overflow. | CVE-2003-1331 |
| FULLDISC:20030613 -10Day CERT Advisory on PDF Files | CVE-2003-0434 |
| FULLDISC:20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE) | CVE-2003-0446 |
| FULLDISC:20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE) | CVE-2003-0447 |
| FULLDISC:20030618 SQL Inject in ProFTPD login against Postgresql using mod_sql | CVE-2003-0500 |
| FULLDISC:20030622 Symantec ActiveX control buffer overflow | CVE-2003-0470 |
| FULLDISC:20030625 Re: Internet Explorer >=5.0 : Buffer overflow | CVE-2003-0469 |
| FULLDISC:20030701 PoC for Internet Explorer >=5.0 buffer overflow (trivial exploit for hard case). | CVE-2003-0469 |
| FULLDISC:20030704 Essentia Web Server 2.12 (Linux) | CVE-2002-0313 |
| FULLDISC:20030705 [Vulnerability] : ProductCart database file can be downloaded remotely | CVE-2003-1304 |
| FULLDISC:20030707 Internet Explorer 6 DoS Bug | CVE-2003-0519 |
| FULLDISC:20030708 Fwd: xbl vulnerabilty | CVE-2003-0535 |
| FULLDISC:20030709 IE Object Type Overflow Exploit | CVE-2003-0344 |
| FULLDISC:20030711 Trend Micro ActiveX Multiple Overflows | CVE-2003-0646 |
| FULLDISC:20030712 DoS - Polycom MGC 25 Control Port | CVE-2003-0556 |
| FULLDISC:20030714 [sec-labs] Remote Denial of Service vulnerability in NeoModus Direct Connect 1.0 build 9 | CVE-2003-0554 |
| FULLDISC:20030718 (no subject) | CVE-2003-0567 |
| FULLDISC:20030720 CGI.pm vulnerable to Cross-site Scripting. | CVE-2003-0615 |
| FULLDISC:20030721 Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability | CVE-2003-0605 |
| FULLDISC:20030726 Re: The French BUGTRAQ (New Win RPC Exploit) | CVE-2003-0352 |
| FULLDISC:20030729 KDE Security Advisory: Konqueror Referrer Authentication Leak | CVE-2003-0459 |
| FULLDISC:20030730 rpcdcom Universal offsets | CVE-2003-0352 |
| FULLDISC:20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning | CVE-2003-0540 |
| FULLDISC:20030902 New Microsoft Internet Explorer mshtml.dll Denial of Service? | CVE-2003-1048 |
| FULLDISC:20030907 BAD NEWS: Microsoft Security Bulletin MS03-032 | CVE-2003-0838 |
| FULLDISC:20030910 Buffer overflow in MySQL | CVE-2003-0780 |
| FULLDISC:20030911 Pine: .procmailrc rule against integer overflow | CVE-2003-0721 |
| FULLDISC:20030915 new ssh exploit? | CVE-2003-0693 |
| FULLDISC:20030915 openssh remote exploit | CVE-2003-0693 |
| FULLDISC:20030916 The lowdown on SSH vulnerability | CVE-2003-0693 |
| FULLDISC:20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694] | CVE-2003-0694 |
| FULLDISC:20030919 lsh patch (was Re: [Full-Disclosure] new ssh exploit?) | CVE-2003-0826 |
| FULLDISC:20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh) | CVE-2003-0786 CVE-2003-0787 |
| FULLDISC:20030929 [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing | CVE-2003-0543 CVE-2003-0544 CVE-2003-0545 |
| FULLDISC:20031008 ltrace bug | CVE-2004-0172 |
| FULLDISC:20031010 Re : [VERY] BAD news on RPC DCOM Exploit | CVE-2003-0813 |
| FULLDISC:20031010 Re: Bad news on RPC DCOM vulnerability | CVE-2003-0813 |
| FULLDISC:20031011 Bad news on RPC DCOM2 vulnerability | CVE-2003-0813 |
| FULLDISC:20031014 Another ProFTPd root EXPLOIT ? | CVE-2003-0831 |
| FULLDISC:20031015 Mod-Throttle [was: client attacks server - XSS] | CVE-2003-1502 |
| FULLDISC:20031016 Microsoft Local Troubleshooter ActiveX control buffer overflow | CVE-2003-0662 |
| FULLDISC:20031019 ByteHoard Directory Traversal Vulnerability | CVE-2003-1499 |
| FULLDISC:20031019 Caucho Resin 2.x - Cross Site Scripting | CVE-2003-1513 |
| FULLDISC:20031022 Fun with /bin/ls, yet still ls better than windows | CVE-2003-0853 CVE-2003-0854 |
| FULLDISC:20031022 Sylpheed-claws format string bug, yet still sylpheed much better than windows | CVE-2003-0852 |
| FULLDISC:20031024 Vulnerability in MERCUR Mail Server v4.2 SP3 and below | CVE-2003-1177 |
| FULLDISC:20031026 Java 1.4.2_02 InsecurityManager JVM crash | CVE-2003-1134 |
| FULLDISC:20031027 Bytehoard File Disclosure VUlnerability Sequel | CVE-2003-1153 |
| FULLDISC:20031028 STG Security Advisory: [SSA-20031025-05] InfronTech WebTide 7.04 Directory and File Disclosure Vulnerability | CVE-2003-1152 |
| FULLDISC:20031031 XSS In mldonkey - But.... | CVE-2003-1164 |
| FULLDISC:20031101 DATEV Nutzungskontrolle Bypassing (REG) | CVE-2003-1169 |
| FULLDISC:20031102 [bWM#017] Cross-Site-Scripting @ PHPKIT | CVE-2003-1187 |
| FULLDISC:20031103 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues | CVE-2003-0626 CVE-2003-0627 |
| FULLDISC:20031103 Liteserve Buffer Overflow in Handling Server's Log | CVE-2003-1144 |
| FULLDISC:20031104 OpenBSD kernel overflow, yet still *BSD much better than windows | CVE-2003-0955 |
| FULLDISC:20031123 Thomnson TCM315 Denial of service | CVE-2003-1085 |
| FULLDISC:20031123 VieNuke VieBoard SQL Injection Vulnerability... again | CVE-2003-1195 |
| FULLDISC:20031124 Thomnson TCM315 Denial of service | CVE-2003-1085 |
| FULLDISC:20040105 firewall security bug? | CVE-2004-1799 |
| FULLDISC:20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow | CVE-2004-0043 |
| FULLDISC:20040109 Directory Traversal in Accipiter Direct Server 6.0 | CVE-2004-0072 |
| FULLDISC:20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM | CVE-2003-0994 |
| FULLDISC:20040118 Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB | CVE-2003-1573 |
| FULLDISC:20040123 Finjan SurfinGate Vulnerability | CVE-2004-2107 |
| FULLDISC:20040126 Advisory 01/2004: 12 x Gaim remote overflows | CVE-2004-0005 CVE-2004-0006 CVE-2004-0007 CVE-2004-0008 |
| FULLDISC:20040128 Dotnetnuke Multiple Vulnerabilities | CVE-2004-2323 CVE-2004-2324 CVE-2004-2325 |
| FULLDISC:20040201 Proofpoint Protection Server remote MySQL root user vulnerability | CVE-2004-2357 |
| FULLDISC:20040202 0verkill - little simple vulnerability. | CVE-2004-0238 |
| FULLDISC:20040204 Remote openbsd crash with ip6, yet still openbsd much better than windows | CVE-2004-0257 |
| FULLDISC:20040206 CactuSoft CactuShop 5.0 Lite shopping cart software backdoor | CVE-2004-0260 |
| FULLDISC:20040206 Open Journal Blog Authenticaion Bypassing Vulnerability | CVE-2004-0261 |
| FULLDISC:20040206 [apache-ssl] Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior | CVE-2004-0009 |
| FULLDISC:20040207 (no subject) | CVE-2004-2090 |
| FULLDISC:20040207 DreamFTP Server 1.02 Buffer Overflow | CVE-2004-0277 |
| FULLDISC:20040208 TrackMania Demo Denial of Service | CVE-2004-2077 |
| FULLDISC:20040209 Red-M Red-Alert Multiple Vulnerabilities | CVE-2004-2078 CVE-2004-2079 CVE-2004-2080 |
| FULLDISC:20040210 Re: HelpCtr - allow open any page or run | CVE-2004-0474 |
| FULLDISC:20040210 XBOX EvolutionX ftp 'cd' command and telnet 'dir' buffer overflow | CVE-2004-0268 |
| FULLDISC:20040213 Re: HelpCtr - allow open any page or run | CVE-2004-0474 |
| FULLDISC:20040215 GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution | CVE-2004-0566 |
| FULLDISC:20040216 EarlyImpact ProductCart shopping cart software multiple security vulnerabilities | CVE-2004-2172 CVE-2004-2173 CVE-2004-2174 |
| FULLDISC:20040216 Symantec FireWall/VPN Appliance model 200 leak of security | CVE-2004-0190 |
| FULLDISC:20040218 Second critical mremap() bug found in all Linux kernels | CVE-2004-0077 |
| FULLDISC:20040222 GateKeeper Pro 4.7 buffer overflow | CVE-2004-0326 |
| FULLDISC:20040223 Re: [Full-Disclosure] Proofpoint Protection Server remote MySQL root user vulnerability | CVE-2004-2357 |
| FULLDISC:20040223 Re: [SECURITY] [DSA 447-1] New hsftp packages fix format string vulnerability | CVE-2004-0159 |
| FULLDISC:20040224 Advisory 02/2004: Trillian remote overflows | CVE-2004-2304 CVE-2004-2370 |
| FULLDISC:20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability | CVE-2004-0173 |
| FULLDISC:20040226 PerfectNav Crashes IE | CVE-2004-2382 |
| FULLDISC:20040301 Nortel Networks Wireless LAN Access Point 2200 DoS + PoC | CVE-2004-2549 |
| FULLDISC:20040301 Smashing "XBoard 4.2.7(All versions)" For Fun & Profit.*Unpublished Local Stack Overflow Vulnerablity! | CVE-2004-2552 |
| FULLDISC:20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance | CVE-2004-0347 |
| FULLDISC:20040303 Adobe Acrobat Reader XML Forms Data Format Buffer Overflow | CVE-2004-0194 |
| FULLDISC:20040303 Spider Sales shopping cart software multiple security vulnerabilities | CVE-2004-0350 CVE-2004-0351 |
| FULLDISC:2004031 CactuSoft CactuShop v5.x shopping cart software multiple security vulnerabilities | CVE-2004-1882 |
| FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue | CVE-2003-0513 CVE-2003-0514 CVE-2003-0592 CVE-2003-0593 CVE-2003-0594 |
| FULLDISC:20040322 AIX 4.3.3 has make sgid 0? | CVE-2004-2312 |
| FULLDISC:20040323 Dark Age of Camelot login client vulnerability to man in the middle attack | CVE-2004-1855 |
| FULLDISC:20040323 Re: AIX 4.3.3 has make sgid 0? | CVE-2004-2312 |
| FULLDISC:20040326 Nessus stores credentials in plain text | CVE-2004-2722 |
| FULLDISC:20040327 NessusWX stores credentials in plain text | CVE-2004-2723 |
| FULLDISC:20040402 Buffer Overflow in HAHTsite Scenario Server 5.1 | CVE-2004-1763 |
| FULLDISC:20040404 Texutil symlink vulnerability. | CVE-2004-1894 |
| FULLDISC:20040405 iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function | CVE-2004-0377 |
| FULLDISC:20040407 Mcafee FreeScan - Remote Buffer Overflow and Private Information Disclosure | CVE-2004-1906 CVE-2004-1908 |
| FULLDISC:20040407 Race conditions in security dialogs | CVE-2004-0762 CVE-2004-2659 CVE-2006-2094 |
| FULLDISC:20040407 Solaris vfs_getvfssw() local kernel exploit | CVE-2004-2686 |
| FULLDISC:20040407 Symantec, McAfee and Panda ActiveX controls | CVE-2004-1906 CVE-2004-1908 CVE-2004-1910 |
| FULLDISC:20040413 EEYE: Windows Expand-Down Data Segment Local Privilege Escalation | CVE-2003-0910 |
| FULLDISC:20040413 EEYE: Windows Local Security Authority Service Remote Buffer Overflow | CVE-2003-0533 |
| FULLDISC:20040413 EEYE: Windows VDM TIB Local Privilege Escalation | CVE-2004-0118 |
| FULLDISC:20040413 Microsoft Help and Support Center argument injection vulnerability | CVE-2003-0907 |
| FULLDISC:20040414 Eudora 6.0.3 nested MIME DoS | CVE-2004-1944 |
| FULLDISC:20040414 [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection | CVE-2004-1949 |
| FULLDISC:20040425 Microsoft's Explorer and Internet Explorer long share name buffer overflow. | CVE-2004-0214 |
| FULLDISC:20040427 Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 ++++> | CVE-2004-2626 |
| FULLDISC:20040427 SMC Routers have remote administration enabled by default | CVE-2004-1976 |
| FULLDISC:20040429 Re: Phenoelit Advisory | CVE-2004-2626 |
| FULLDISC:20040429 Zonet ZSR1104WE Router problem | CVE-2004-2637 |
| FULLDISC:20040430 Critical bug in Web Wiz Forum | CVE-2004-2733 |
| FULLDISC:20040501 LHa buffer overflows and directory traversal problems | CVE-2004-0234 CVE-2004-0235 |
| FULLDISC:20040502 Lha local stack overflow Proof Of Concept Code | CVE-2004-0234 |
| FULLDISC:20040505 Corsaire Security Advisory - Verity Ultraseek path disclosure issue | CVE-2004-0050 |
| FULLDISC:20040506 Advisory: Heimdal kadmind version4 remote heap overflow | CVE-2004-0434 |
| FULLDISC:20040506 Buffer overflows in exim, yet still exim much better than windows | CVE-2004-0399 CVE-2004-0400 |
| FULLDISC:20040507 Eudora file URL buffer overflow | CVE-2004-2005 |
| FULLDISC:20040507 Pound <=1.5 Remote Exploit (Format string bug) | CVE-2004-2026 |
| FULLDISC:20040509 Icecast 2.0.0 preauth overflow | CVE-2004-2027 |
| FULLDISC:20040510 OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : X sessions which are not started by scologin cannot use the X authorization protocol | CVE-2004-0390 |
| FULLDISC:20040511 Linux Kernel sctp_setsockopt() Integer Overflow | CVE-2004-2013 |
| FULLDISC:20040512 EEYE: Symantec Multiple Firewall DNS Response Denial-of-Service | CVE-2004-0445 |
| FULLDISC:20040512 EEYE: Symantec Multiple Firewall NBNS Response Processing Stack Overflow | CVE-2004-0444 |
| FULLDISC:20040512 EEYE: Symantec Multiple Firewall NBNS Response Remote Heap Corruption | CVE-2004-0444 |
| FULLDISC:20040512 EEYE: Symantec Multiple Firewall Remote DNS KERNEL Overflow | CVE-2004-0444 |
| FULLDISC:20040512 MS04-015 - Windows Help Center - Dvdupgrade | CVE-2004-0199 |
| FULLDISC:20040512 Mdaemon 7.0.1 IMAP overflow. | CVE-2004-2292 |
| FULLDISC:20040512 Sweex 802.11g router/accesspoint config disclosure / remote config | CVE-2004-2455 |
| FULLDISC:20040513 802.11b (others) single packet DoS | CVE-2004-0459 |
| FULLDISC:20040514 IE Crash - Anyone Seen This Before? | CVE-2004-0479 |
| FULLDISC:20040516 Vuln. MacOSX/Safari: Remote help-call, execute scripts | CVE-2004-0486 |
| FULLDISC:20040516 WebCT: Cross Site Scripting Vulnerability | CVE-2004-2015 |
| FULLDISC:20040517 Buffer Overflow in ActivePerl ? | CVE-2004-2022 |
| FULLDISC:20040517 OpenBSD procfs | CVE-2004-0482 |
| FULLDISC:20040517 RE: Buffer Overflow in ActivePerl ? | CVE-2004-2022 |
| FULLDISC:20040517 RE: [Full-Disclosure] Buffer Overflow in ActivePerl ? | CVE-2004-2286 |
| FULLDISC:20040517 ROCKET SCIENCE: Outllook 2003 | CVE-2004-0503 |
| FULLDISC:20040517 [waraxe-2004-SA#029 - Possible remote file inclusion in PhpNuke 6.x - 7.3] | CVE-2004-2018 |
| FULLDISC:20040517 mod_ssl ssl_util_uuencode_binary potential problem | CVE-2004-0488 |
| FULLDISC:20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability | CVE-2004-2255 CVE-2004-2256 |
| FULLDISC:20040518 Re: Buffer Overflow in ActivePerl ? | CVE-2004-2022 |
| FULLDISC:20040518 Re[2]: [Full-Disclosure] Buffer Overflow in ActivePerl ? | CVE-2004-2022 |
| FULLDISC:20040519 Advisory 06/2004: libneon date parsing vulnerability | CVE-2004-0398 |
| FULLDISC:20040519 Advisory 07/2004: CVS remote vulnerability | CVE-2004-0396 |
| FULLDISC:20040519 Advisory 08/2004: Subversion remote vulnerability | CVE-2004-0397 |
| FULLDISC:20040519 Ph0rum phorum_uriauth replay attack | CVE-2004-2243 |
| FULLDISC:20040524 SSH URI handler remote arbitrary code execution | CVE-2004-0489 |
| FULLDISC:20040527 DoS in MiniShare 1.3.2 | CVE-2004-2035 |
| FULLDISC:20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615] | CVE-2004-2039 CVE-2004-2040 CVE-2004-2041 CVE-2004-2042 |
| FULLDISC:20040602 180 Solutions Exploits and Toolbars Hacking Patched Users(I.E Exploits) | CVE-2004-0549 |
| FULLDISC:20040602 Firebird [ AND Interbase 7 ] Database Remote Database Name Overflow | CVE-2004-2043 |
| FULLDISC:20040603 Phishing for Opera (GM#007-OP) | CVE-2004-0537 |
| FULLDISC:20040603 Surgemail - Multiple Vulnerabilities | CVE-2004-2547 CVE-2004-2548 |
| FULLDISC:20040604 [CYSA-0329] Password recovery vulnerability in FoolProof Security 3.9.x for Windows 95/9 | CVE-2004-2555 |
| FULLDISC:20040606 Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) | CVE-2004-0549 |
| FULLDISC:20040609 ASPDOTNETSTOREFRONT ASPDOTNETSTOREFRONT Improper Upload Validation | CVE-2004-2700 |
| FULLDISC:20040609 Advisory 09/2004: More CVS remote vulnerabilities | CVE-2004-0414 CVE-2004-0416 CVE-2004-0417 CVE-2004-0418 CVE-2004-1471 |
| FULLDISC:20040609 Advisory: ASPDOTNETSTOREFRONT Improper Session Validation | CVE-2004-2699 |
| FULLDISC:20040609 [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability | CVE-2004-2701 |
| FULLDISC:20040610 Buffer overflow in apache mod_proxy,yet still apache much better than windows | CVE-2004-0492 |
| FULLDISC:20040610 [0xbadc0ded #04] smtp.proxy <= 1.1.3 | CVE-2004-2417 |
| FULLDISC:20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3] | CVE-2004-2295 CVE-2004-2297 |
| FULLDISC:20040613 VP-ASP Shopping Cart Multiple Vulnerabilities | CVE-2004-2411 CVE-2004-2413 |
| FULLDISC:20040614 Internet Explorer Remote Null Pointer Crash(mshtml.dll) | CVE-2004-2434 |
| FULLDISC:20040614 Serendipity Blog vuln | CVE-2006-1910 |
| FULLDISC:20040615 RE: Internet Explorer Remote Null Pointer Crash(mshtml.dll) | CVE-2004-2434 |
| FULLDISC:20040616 "IBM Access Support" (eGatherer) Activex Dangerous Methods Vulnerability | CVE-2004-2663 |
| FULLDISC:20040616 Checkpoint Firewall-1 IKE Vendor ID information leakage | CVE-2004-2679 |
| FULLDISC:20040621 [Full-Disclosure] iDEFENSE Security Advisory 06.21.04 - GNU Radius SNMP Invalid OID Denial of Service Vulnerability | CVE-2004-0576 |
| FULLDISC:20040622 Wireless Modem (BT Voyager 2000 Wireless ADSL Router cleartext password) | CVE-2004-0616 |
| FULLDISC:20040627 ZH2004-14SA (security advisory):Sql Injection in Infinity WEB | CVE-2004-0625 |
| FULLDISC:20040628 DoS in apache httpd 2.0.49, yet still apache much better than windows | CVE-2004-0493 |
| FULLDISC:20040629 DoS in popclient 3.0b6 | CVE-2004-0666 |
| FULLDISC:20040630 DSL router Prestige 650HW-31 | CVE-2004-0670 |
| FULLDISC:20040701 iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure | CVE-2004-0577 CVE-2004-0578 |
| FULLDISC:20040702 Multiple Vulnerabilities in Easy Chat Server 1.2 | CVE-2004-2466 CVE-2004-2467 |
| FULLDISC:20040702 pavuk buffer overflow | CVE-2004-0456 |
| FULLDISC:20040703 Re: SUSE Security Announcement: kernel (SUSE-SA:2004:020) | CVE-2004-0592 |
| FULLDISC:20040705 Multiples vulnerabilities in JAWS | CVE-2004-2444 CVE-2004-2445 |
| FULLDISC:20040706 Multiples vulnerabilities in JAWS | CVE-2004-2443 |
| FULLDISC:20040707 Re: shell:windows command question | CVE-2004-0572 |
| FULLDISC:20040707 shell:windows command question | CVE-2004-0648 |
| FULLDISC:20040708 RE: php-exec-dir vulnerable after latest upgrade | CVE-2004-2692 |
| FULLDISC:20040708 Re: php-exec-dir vulnerable after latest upgrade | CVE-2004-2692 |
| FULLDISC:20040708 php-exec-dir vulnerable after latest upgrade | CVE-2004-2692 |
| FULLDISC:20040712 Brand New Hole: Internet Explorer: HijackClick 3 | CVE-2004-0841 |
| FULLDISC:20040714 Advisory 11/2004: PHP memory_limit remote vulnerability | CVE-2004-0594 |
| FULLDISC:20040714 Advisory 12/2004: PHP strip_tags() bypass vulnerability | CVE-2004-0595 |
| FULLDISC:20040714 HtmlHelp - .CHM File Heap Overflow | CVE-2004-0201 |
| FULLDISC:20040715 XSS in Board Power forum | CVE-2004-1441 |
| FULLDISC:20040717 [FMADV] Format String Bug in OllyDbg 1.10 | CVE-2004-0733 |
| FULLDISC:20040718 Cross-Site Scripting email Outblaze | CVE-2004-2625 |
| FULLDISC:20040719 Buffer overflow in Whisper FTP Surfer 1.0.7 | CVE-2004-0739 |
| FULLDISC:20040723 Crash IE with 11 bytes ;) | CVE-2004-0842 |
| FULLDISC:20040725 Mozilla Firefox Certificate Spoofing | CVE-2004-0763 |
| FULLDISC:20040726 Opera 7.53 (Build 3850) Address Bar Spoofing Issue | CVE-2004-2491 |
| FULLDISC:20040728 Re: Crash IE with 11 bytes ;) | CVE-2004-0842 |
| FULLDISC:20040728 Re: Internet Explorer Remote Null Pointer Crash(mshtml.dll) | CVE-2004-2434 |
| FULLDISC:20040728 SoX buffer overflows when handling .WAV files | CVE-2004-0557 |
| FULLDISC:20040801 Remotely Exploitable DoS Flaw in XP and 2003 | CVE-2004-2527 |
| FULLDISC:20040802 Benchmark Designs' WHM Autopilot backdoor vulnerability to plain-text password. | CVE-2004-2524 |
| FULLDISC:20040802 IBM Directory Server - ldacgi.exe | CVE-2004-2526 |
| FULLDISC:20040804 Bug@thttpd | CVE-2004-2628 |
| FULLDISC:20040804 Multiple Vulnerabilities in Free Web Chat | CVE-2004-2646 CVE-2004-2647 |
| FULLDISC:20040805 Opera: Location, Location, Location | CVE-2004-2570 |
| FULLDISC:20040808 Serv-U 3.x, 4.x, 5.x local privilege escalation vulnerability | CVE-2004-2532 |
| FULLDISC:20040811 ISS BlackIce Server Protect Unprivileged User Attack | CVE-2004-1714 |
| FULLDISC:20040816 SQL Injection in CACTI | CVE-2004-1736 CVE-2004-1737 |
| FULLDISC:20040817 Gallery 1.4.4 save_photos.php PHP Insertion Proof of Concept | CVE-2004-1466 |
| FULLDISC:20040817 Multiple remote vulnerabilities in lukemftpd aka. tnftpd | CVE-2004-0794 |
| FULLDISC:20040818 Re: gnu-less Format String Vulnerability | CVE-2004-2264 |
| FULLDISC:20040818 What A Drag II XP SP2 | CVE-2004-0839 |
| FULLDISC:20040818 gnu-less Format String Vulnerability | CVE-2004-2264 |
| FULLDISC:20040819 PADS Simple Stack Overflow | CVE-2004-2269 |
| FULLDISC:20040819 Unsecure file permission of ZoneAlarm pro. | CVE-2004-2713 |
| FULLDISC:20040820 CAU-2004-0002 - imwheel Predictable PidFile Name Race Condition | CVE-2004-2698 |
| FULLDISC:20040820 Re: Unsecure file permission of ZoneAlarm pro. | CVE-2004-2713 |
| FULLDISC:20040821 Re: Unsecure file permission of ZoneAlarm pro. | CVE-2004-2713 |
| FULLDISC:20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers | CVE-2004-2425 CVE-2004-2426 CVE-2004-2427 |
| FULLDISC:20040824 Re: [Full-Disclosure] XSS in Plesk 7.1 Reloaded | CVE-2004-2702 |
| FULLDISC:20040824 XSS in Plesk 7.1 Reloaded | CVE-2004-2702 |
| FULLDISC:20040824 a2ps executing shell commands from file name | CVE-2004-1170 |
| FULLDISC:20040827 DoS in Chat Anywhere 2.72a | CVE-2004-2724 |
| FULLDISC:20040827 Power Quest Deploy Center 5.5 boot disks | CVE-2004-2609 |
| FULLDISC:20040830 MSInfo Buffer Overflow | CVE-2004-1649 |
| FULLDISC:20040831 Axis Network Camera and Video Server Security Advisory | CVE-2004-2425 CVE-2004-2426 |
| FULLDISC:20040902 AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll | CVE-2003-1048 |
| FULLDISC:20040902 [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server | CVE-2004-1774 |
| FULLDISC:20040903 Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service? | CVE-2003-1048 |
| FULLDISC:20040903 [RLSA_01-2004] QNX PPPoEd local root vulnerabilities | CVE-2004-1390 CVE-2004-1391 |
| FULLDISC:20040905 Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i | CVE-2004-0638 |
| FULLDISC:20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue | CVE-2004-0534 |
| FULLDISC:20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue | CVE-2004-0533 |
| FULLDISC:20040907 mpg123 buffer overflow vulnerability | CVE-2004-0805 |
| FULLDISC:20040914 Crash in Lords of the Realm III 1.01 | CVE-2004-2165 |
| FULLDISC:20040916 FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory. | CVE-2006-1078 |
| FULLDISC:20040916 Freeze in Pigeon Server 3.02.0143 | CVE-2004-1688 |
| FULLDISC:20040918 Re: GoogleToolbar:About -- Allows Script Injection | CVE-2004-2475 |
| FULLDISC:20040921 Pinnacle ShowCenter Skin Denial of Service | CVE-2004-1699 |
| FULLDISC:20040922 Remote buffer overflow in MDaemon IMAP and SMTP server | CVE-2004-1546 |
| FULLDISC:20040923 Motorola Wireless Router WR850G Authentication Circumvention | CVE-2004-1550 |
| FULLDISC:20040923 Multiple vulnerabilities in ActivePost Standard 3.1 | CVE-2004-2616 |
| FULLDISC:20040926 HTTP Response Splitting and SQL injection in megabbs forum | CVE-2004-2145 CVE-2004-2146 |
| FULLDISC:20040928 Serendipity 0.7-beta1 SQL Injection PoC | CVE-2004-2157 CVE-2004-2158 |
| FULLDISC:20040928 directory traversal in ParaChat Server 5.5 | CVE-2004-1568 |
| FULLDISC:20040929 Re: directory traversal in ParaChat Server 5.5 | CVE-2004-1568 |
| FULLDISC:20040930 Multiple vulnerabilities in w-agora forum | CVE-2004-1562 CVE-2004-1563 CVE-2004-1564 CVE-2004-1565 |
| FULLDISC:20041006 Directory traversal in Tridcomm 1.3 | CVE-2004-1583 |
| FULLDISC:20041008 Limited \secure\ buffer-overflow in some old Monolith games | CVE-2004-1587 |
| FULLDISC:20041010 unarj dir-transversal bug (../../../..) | CVE-2004-1027 |
| FULLDISC:20041011 CJOverkill 4.0.3 XSS Proof of Concept | CVE-2004-2193 |
| FULLDISC:20041011 Turbo Traffic Trader Nitro v1.0 SQL Injection & XSS Proofs of Concept | CVE-2004-2191 CVE-2004-2192 |
| FULLDISC:20041012 Microsoft cabarc directory traversal | CVE-2004-2643 |
| FULLDISC:20041012 [HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss | CVE-2004-1597 |
| FULLDISC:20041013 unzoo 4.4 directory travels | CVE-2004-2190 |
| FULLDISC:20041015 Directory traversal in Yak! 2.1.2 | CVE-2004-2184 |
| FULLDISC:20041018 Multiple vulnerabilities in Sage Saleslogix | CVE-2004-1605 CVE-2004-1606 CVE-2004-1607 CVE-2004-1608 CVE-2004-1609 CVE-2004-1611 CVE-2004-1612 |
| FULLDISC:20041018 Web browsers - a mini-farce | CVE-2004-1613 CVE-2004-1614 CVE-2004-1615 CVE-2004-1616 CVE-2004-1617 |
| FULLDISC:20041018: phpMyAdmin: Vulnerability in MIME-based transformation | CVE-2004-2630 |
| FULLDISC:20041022 J2ME security vulnerabilities | CVE-2004-2627 |
| FULLDISC:20041023 python does mangleme (with IE bugs!) | CVE-2004-1050 |
| FULLDISC:20041025 Kaffeine Media Player Conteny Type overflow | CVE-2004-1034 |
| FULLDISC:20041025 python does mangleme (with IE bugs!) | CVE-2004-1050 |
| FULLDISC:20041029 Apache 1.3.33 local buffer overflow in apache 1.3.31 not fixed in .33? | CVE-2006-1078 |
| FULLDISC:20041101 DoS in Apache 2.0.52 ? | CVE-2004-0942 |
| FULLDISC:20041101 XDICT Buffer OverRun Vulnerability,funny :-) | CVE-2004-1494 |
| FULLDISC:20041102 CSS in E-Mails possible E-Mail-Validity Check for Spammers? | CVE-2004-2226 |
| FULLDISC:20041103 [HV-MED] Zip/Linux long path buffer overflow | CVE-2004-1010 |
| FULLDISC:20041107 [New VULNERABILTY + Exploit] MiniShare, Minimal HTTP Server for Windows, Remote Buffer Overflow Exploit | CVE-2004-2271 |
| FULLDISC:20041110 Nortel Networks Contivity VPN Client information leakage vulnerability | CVE-2004-1105 |
| FULLDISC:20041110 [Advisory + Exploit] SlimFTPd <= 3.15 | CVE-2004-2418 |
| FULLDISC:20041111 [waraxe-2004-SA#037 - Sql injection bug in Phorum 5.0.12 and older versions] | CVE-2004-1518 |
| FULLDISC:20041111 ez-ipupdate format string bug | CVE-2004-0980 |
| FULLDISC:20041114 Format string bug in Army Men RTS | CVE-2004-1522 |
| FULLDISC:20041116 Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution | CVE-2004-1037 |
| FULLDISC:20041116 Skype callto:// BoF technical details | CVE-2004-1114 |
| FULLDISC:20041119 Java Vulnerabilities in Opera 7.54 | CVE-2004-1489 |
| FULLDISC:20041122 CoffeeCup FTP Clients Buffer Overflow Vulnerability | CVE-2004-1118 |
| FULLDISC:20041122 WeOnlyDo! COM Ftp DELUXE ActiveX Control Buffer Overflow Vulnerability | CVE-2004-1118 |
| FULLDISC:20041124 Buffer Overflow in Open Dc Hub 0.7.14 | CVE-2004-1127 |
| FULLDISC:20041124 Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows | CVE-2004-0953 |
| FULLDISC:20041124 STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal vulnerability | CVE-2004-1543 |
| FULLDISC:20041125 FIREFOX flaws: nested array sort() loop Stack overflow exception | CVE-2004-1200 |
| FULLDISC:20041125 MSIE & FIREFOX flaws: "detailed" advisory and comments that you probably don't want to read anyway | CVE-2004-1198 CVE-2004-1200 |
| FULLDISC:20041125 More Browser flaws on MACOSX: nested array sort() loop Stack overflow exception | CVE-2004-1199 |
| FULLDISC:20041125 Re: MSIE flaws: nested array sort() loop Stack overflow exception | CVE-2004-1201 |
| FULLDISC:20041125 Re: Opera flaws: nested array sort() loop Stack overflow exception | CVE-2004-1201 |
| FULLDISC:20041126 phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure | CVE-2004-1202 CVE-2004-1203 |
| FULLDISC:20041129 Format string flaw in VMWare Workstation 4.5.2 build-8848. | CVE-2004-2515 |
| FULLDISC:20041129 Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14. | CVE-2004-1135 |
| FULLDISC:20041129 Password Disclosure for SMB Shares in KDE's Konqueror | CVE-2004-1171 |
| FULLDISC:20041129 Privilege escalation flaw in MDaemon 7.2. | CVE-2004-2504 |
| FULLDISC:20041129 ncpfs buffer overflow | CVE-2004-1079 |
| FULLDISC:20041130 Re: Privilege escalation flaw in MDaemon 7.2. | CVE-2004-2504 |
| FULLDISC:20041201 Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003. | CVE-2004-1211 |
| FULLDISC:20041206 Multiple vulnerabilities in w3who ISAPI DLL | CVE-2004-1133 CVE-2004-1134 |
| FULLDISC:20041213 Multiple XSS Vulnerabilities in several UBB.Thread Versions | CVE-2004-2509 CVE-2004-2510 |
| FULLDISC:20041213 Socket unreacheable in the Lithtech engine (new protocol) | CVE-2004-1395 |
| FULLDISC:20041213 Winamp 5.07 (latest version) Remote Crash + other | CVE-2004-1396 |
| FULLDISC:20041214 OpenText FirstClass 8.0 HTTP Daemon /Search Remote DoS Vulnerability | CVE-2004-2496 |
| FULLDISC:20041215 STG Security Advisory: [SSA-20041215-15] Vulnerability of uploading files with multiple extensions in MoniWiki | CVE-2004-1545 |
| FULLDISC:20041215 fun with linux kernel | CVE-2004-1333 CVE-2004-1334 CVE-2004-1335 |
| FULLDISC:20041220 FreezeX file access vulnerability | CVE-2004-2648 |
| FULLDISC:20041223 Cross-Site Scripting - an industry-wide problem | CVE-2004-1059 CVE-2004-1061 CVE-2004-1062 CVE-2004-1146 CVE-2005-0514 |
| FULLDISC:20041223 Plesk 7 Cross-Site Scripting | CVE-2004-2702 |
| FULLDISC:20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard | CVE-2004-1419 CVE-2004-2738 |
| FULLDISC:20041223 [USN-48-1] xpdf, tetex-bin vulnerabilities | CVE-2004-1125 |
| FULLDISC:20041223 [USN-49-1] debmake vulnerability | CVE-2004-1179 |
| FULLDISC:20050101 Two Vulnerabilities in ViewCVS | CVE-2005-4830 CVE-2005-4831 |
| FULLDISC:20050107 Simple PHP Blog directory traversal vulnerability | CVE-2005-0214 |
| FULLDISC:20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories | CVE-2005-0179 CVE-2005-0180 CVE-2005-0504 |
| FULLDISC:20050110 Multi-vendor AV gateway image inspection bypass vulnerability | CVE-2005-0218 |
| FULLDISC:20050111 Apple Airport WDS DoS | CVE-2005-0289 |
| FULLDISC:20050112 Linux kernel i386 SMP page fault handler privilege escalation | CVE-2005-0001 |
| FULLDISC:20050112 TFTPD32 Long FileName Remote Denial of Service | CVE-2005-4882 |
| FULLDISC:20050112 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke | CVE-2005-0375 CVE-2005-0376 CVE-2005-0377 |
| FULLDISC:20050114 Internet Explorer (SP2) - Remote File Download | CVE-2005-0110 |
| FULLDISC:20050114 Re: Multi-vendor AV gateway image inspection bypass vulnerability | CVE-2005-0218 |
| FULLDISC:20050116 Minis directory traversal vulnerability | CVE-2005-0293 CVE-2005-0294 |
| FULLDISC:20050116 phpGiftReq SQL Injection | CVE-2005-0292 |
| FULLDISC:20050117 Multiple Vulnerabilities in Netgear FVS318 Router | CVE-2005-0290 CVE-2005-0291 |
| FULLDISC:20050119 Multiple vulnerabilities in Konversation | CVE-2005-0129 CVE-2005-0130 CVE-2005-0131 |
| FULLDISC:20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report) | CVE-2005-0296 |
| FULLDISC:20050122 several BO's in goldenftpd | CVE-2005-0566 |
| FULLDISC:20050127 DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid' | CVE-2005-0125 |
| FULLDISC:20050130 Broadcast crash in Xpand Rally 1.0.0.0 | CVE-2005-0325 |
| FULLDISC:20050201 Remotely exploitable buffer overflow vulnerability in Savant Web Server 3.1 | CVE-2005-0338 |
| FULLDISC:20050206 Microsoft Outlook Web Access URL Injection Vulnerability | CVE-2005-0420 |
| FULLDISC:20050206 state of homograph attacks | CVE-2005-0234 CVE-2005-0235 CVE-2005-0236 CVE-2005-0238 |
| FULLDISC:20050207 DMA[2005-0131a] - 'Setuid Perl PERLIO_DEBUG root owned file creation' | CVE-2005-0155 |
| FULLDISC:20050207 DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG | CVE-2005-0156 |
| FULLDISC:20050208 XSS VULNERABILITY AT MODULE PostWrap | CVE-2005-0412 |
| FULLDISC:20050209 Administrivia: List Compromised due to Mailman Vulnerability | CVE-2005-0202 |
| FULLDISC:20050209 Internet Explorer zone spoofing with encoded URLs | CVE-2005-0054 |
| FULLDISC:20050212 Credit Card data disclosure in CitrusDB | CVE-2005-0229 |
| FULLDISC:20050214 Advisory: Authentication bypass in CitrusDB | CVE-2005-0408 |
| FULLDISC:20050214 Advisory: Cross Site Scripting Vulnerability in Openconf Conference Management Software | CVE-2005-0407 |
| FULLDISC:20050214 Advisory: Directory traversal in CitrusDB | CVE-2005-0411 |
| FULLDISC:20050214 Advisory: JPEG EXIF information disclosure | CVE-2005-0406 |
| FULLDISC:20050214 Advisory: SQL-Injection in CitrusDB | CVE-2005-0410 |
| FULLDISC:20050214 Advisory: Upload Authorization bypass in CitrusDB | CVE-2005-0409 |
| FULLDISC:20050215 Kayako eSupport v2.3.1 Support Tracker XSS | CVE-2005-0487 |
| FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke | CVE-2005-0532 |
| FULLDISC:20050217 Advisory: Multiple Vulnerabilities in BibORB | CVE-2005-0251 CVE-2005-0252 CVE-2005-0253 CVE-2005-0254 |
| FULLDISC:20050219 Thomson TCW690 Denial Of Service Vulnerability | CVE-2003-1085 |
| FULLDISC:20050219 pMachine Pro / pMachine Free Remote Code Execution | CVE-2005-0513 |
| FULLDISC:20050221 SD Server 4.0.70 Directory Traversal Bug | CVE-2005-0507 |
| FULLDISC:20050221 WindowsXPSP2 script-initiated popup window | CVE-2005-0500 |
| FULLDISC:20050222 unace-1.2b multiple buffer overflows and directory traversal bugs | CVE-2005-0160 CVE-2005-0161 |
| FULLDISC:20050224 Cyclades AlterPath Manager Vulnerabilities | CVE-2005-0540 CVE-2005-0541 CVE-2005-0542 |
| FULLDISC:20050224 GAIM exploit | CVE-2005-0573 |
| FULLDISC:20050226 Badblue HTTP Server, ext.dll buffer overflow | CVE-2005-0595 |
| FULLDISC:20050228 Server termination in Scrapland 1.0 | CVE-2005-0621 |
| FULLDISC:20050228 [USN-86-1] cURL vulnerability | CVE-2005-0490 |
| FULLDISC:20050307 - Argeniss - Oracle Database Server Directory transversal | CVE-2005-0701 |
| FULLDISC:20050308 Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability | CVE-2005-0737 |
| FULLDISC:20050309 overwriting low kernel memory | CVE-2005-0736 |
| FULLDISC:20050310 Multiple Vulnerabilities of PY Software Active Webcam WebServer | CVE-2005-0730 CVE-2005-0731 CVE-2005-0732 CVE-2005-0733 CVE-2005-0734 |
| FULLDISC:20050313 Firefox 1.01 : spoofing status bar without using JavaScript | CVE-2005-4809 |
| FULLDISC:20050313 [HAT-SQUAD] SafeNet Sentinel LM, UDP License Manager Exploit | CVE-2005-0353 |
| FULLDISC:20050318 Java Web Start argument injection vulnerability | CVE-2005-0836 |
| FULLDISC:20050325 Maxthon browser search bar information disclosure | CVE-2005-0905 |
| FULLDISC:20050327 THai's Shoutbox XSS (Spoofing URL) BUG | CVE-2005-0909 |
| FULLDISC:20050328 THai's Shoutbox correction name | CVE-2005-0909 |
| FULLDISC:20050329 Adventia Chat | CVE-2005-0919 |
| FULLDISC:20050329 E-Data | CVE-2005-0924 |
| FULLDISC:20050405 MailEnable Imapd remote BoF + Exploit [x0n3-h4ck] | CVE-2005-1014 |
| FULLDISC:20050406 Re: MailEnable Imapd remote BoF + Exploit [x0n3-h4ck] | CVE-2005-1015 |
| FULLDISC:20050407 Cisco Linksys WET11 Password Resetting Vulnerability | CVE-2005-1059 |
| FULLDISC:20050410 rsnapshot Security Advisory 001 | CVE-2005-1064 |
| FULLDISC:20050412 XAMPP | CVE-2005-1077 CVE-2005-1078 |
| FULLDISC:20050415 Use of function "log" in Perl module Net::Server | CVE-2005-1127 |
| FULLDISC:20050416 TCP/IP Stack Vulnerability | CVE-2005-1184 |
| FULLDISC:20050418 Re: TCP/IP Stack Vulnerability | CVE-2005-1184 |
| FULLDISC:20050418 XSS bug in JAWS gadget Glossary (0.4-latestbeta (beta 2)) | CVE-2005-1231 |
| FULLDISC:20050427 Privilege escalation and password protection bypass in Altiris Client Service for Windows (Version 6.0.88) | CVE-2005-1590 |
| FULLDISC:20050430 DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple local vulnerabilities | CVE-2005-1393 CVE-2005-1394 |
| FULLDISC:20050501 DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite' | CVE-2005-1395 CVE-2005-1396 |
| FULLDISC:20050501 Remote buffer overflow in GlobalScape Secure FTP server 3.0.2 | CVE-2005-1415 |
| FULLDISC:20050504 Gamespy cd-key validation system: "Cd-key in use" DoS versus many games | CVE-2005-1556 |
| FULLDISC:20050506 64 bit qmail fun | CVE-2005-1513 CVE-2005-1514 CVE-2005-1515 |
| FULLDISC:20050506 [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow | CVE-2005-1471 |
| FULLDISC:20050508 Browser Based File Manager Administration Vulnerability | CVE-2005-1602 |
| FULLDISC:20050508 Firefox Remote Compromise Leaked | CVE-2005-1476 CVE-2005-1477 |
| FULLDISC:20050508 Firefox Remote Compromise Technical Details | CVE-2005-1476 CVE-2005-1477 |
| FULLDISC:20050508 Server Remote File Manager DOS Exploit | CVE-2005-1603 |
| FULLDISC:20050508 phpbb 2.0.15 released - patches high critical vuln | CVE-2005-1193 |
| FULLDISC:20050509 SiteStudio | CVE-2005-1605 |
| FULLDISC:20050510 Useless tidbit | CVE-2005-2935 |
| FULLDISC:20050510 Useless tidbit (MS AntiSpyware) | CVE-2005-2935 |
| FULLDISC:20050510 [Full-disclosure] [Scan Associates Advisory] Neteyes Nexusway multiple vulnerability | CVE-2005-1560 |
| FULLDISC:20050510 [Scan Associates Advisory] Neteyes Nexusway multiple vulnerability | CVE-2005-1558 CVE-2005-1559 |
| FULLDISC:20050511 [DR018] Quartz Composer / QuickTime 7 information leakage | CVE-2005-1579 |
| FULLDISC:20050513 PhotoPost Arbitrary Data Exploit | CVE-2005-1629 |
| FULLDISC:20050515 Gurgens Guest Book Password Database Vulnerability | CVE-2005-1647 |
| FULLDISC:20050515 Ultimate Forum Password Database Vulnerability | CVE-2005-1648 |
| FULLDISC:20050516 Advisory: Pico Server (pServ) Remote Command Injection | CVE-2005-1365 |
| FULLDISC:20050516 Pico Server (pServ) Information Disclosure Of CGI Sources | CVE-2005-1366 |
| FULLDISC:20050516 Pico Server (pServ) Local Information Disclosure | CVE-2005-1367 |
| FULLDISC:20050517 MySQL < 4.0.12 && MySQL <= 5.0.4 : Insecure tmp | CVE-2005-1636 |
| FULLDISC:20050528 Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability | CVE-2005-1816 |
| FULLDISC:20050529 XSS Bug in Jaws Glossary Action: ViewTerm ( v 0.4 - 0.5.1 (latest version)) | CVE-2005-1800 |
| FULLDISC:20050601 HP Radia Notify Daemon: Multiple Buffer Overflow Vulnerabilities | CVE-2005-1825 CVE-2005-1826 |
| FULLDISC:20050603 [DRUPAL-SA-2005-001] New Drupal release fixes critical security issue | CVE-2005-1871 |
| FULLDISC:20050604 LSS.hr false positives. | CVE-2005-1870 |
| FULLDISC:20050605 Re: LSS.hr false positives. (correction) | CVE-2005-1870 |
| FULLDISC:20050606 Crob FTP Server remote buffer overflows | CVE-2005-1873 |
| FULLDISC:20050606 GIPTables Firewall <= v1.1 insecure temporary file creation | CVE-2005-1878 |
| FULLDISC:20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to close any support ticket within the system. | CVE-2005-1932 |
| FULLDISC:20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to open any support ticket within the system. | CVE-2005-1932 |
| FULLDISC:20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to reset the DNS information of any domain name managed by the system. | CVE-2005-1932 |
| FULLDISC:20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to respond to any support ticket on the system. | CVE-2005-1932 |
| FULLDISC:20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to plain-text session credential leakage via script injection. | CVE-2005-1877 |
| FULLDISC:20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to the unauthorized viewing of client invoice information. | CVE-2005-1932 |
| FULLDISC:20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to unauthorized domain management access. | CVE-2005-1932 |
| FULLDISC:20050606 LutelWall <= 0.97 insecure temporary file creation | CVE-2005-1879 |
| FULLDISC:20050606 Popper webmail remote code execution vulnerability - advisory fix | CVE-2005-1870 |
| FULLDISC:20050606 everybuddy <= 0.4.3 insecure temporary file creation | CVE-2005-1880 |
| FULLDISC:20050612 [CIRT.DK - Advisory] Novell eDirectory 8.7.3 DOS Device name Denial of Service | CVE-2005-1729 |
| FULLDISC:20050615 DMA[2005-0614a] - 'Global Hauri ViRobot Server cookie overflow' | CVE-2005-2041 |
| FULLDISC:20050616 CoolCafe Chat SQL injection | CVE-2005-2035 CVE-2005-2036 |
| FULLDISC:20050619 Advisory 01/2005: Fileupload/download vulnerability in Trac | CVE-2005-2007 |
| FULLDISC:20050628 Solaris 9/10 ld.so fun | CVE-2005-2072 |
| FULLDISC:20050704 log4sh insecure temporary file creation | CVE-2005-1915 |
| FULLDISC:20050705 Quickblogger | CVE-2005-4785 |
| FULLDISC:20050710 ID Board 1.1.3 SQL Injection Vulnerability | CVE-2005-2197 |
| FULLDISC:20050711 [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities | CVE-2007-2522 CVE-2007-2523 |
| FULLDISC:20050718 Shorewall MACLIST Problem | CVE-2005-2317 |
| FULLDISC:20050725 Help poor children in Uganda | CVE-2005-2368 |
| FULLDISC:20050726 SPIDynamics WebInspect Cross-Application Scripting (XAS) | CVE-2005-2442 |
| FULLDISC:20050729 Cisco IOS Shellcode Presentation | CVE-2005-2451 |
| FULLDISC:20050801 Buffer overflow in BusinessMail email server system 4.60.00 | CVE-2005-2472 |
| FULLDISC:20050808 [AppSecInc Advisory MYSQL05-V0001] Improper Filtering of Directory Traversal Characters in MySQL User Defined Functions | CVE-2005-2573 |
| FULLDISC:20050808 [AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions | CVE-2005-2558 |
| FULLDISC:20050809 (no subject) | CVE-2005-2612 |
| FULLDISC:20050811 Fudforum: incompletely check of user rights in tree view gaining access to all messages | CVE-2005-2600 |
| FULLDISC:20050811 Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) | CVE-2005-2554 |
| FULLDISC:20050811 Windows 2000 universal exploit for MS05-039 | CVE-2005-1983 |
| FULLDISC:20050812 Multiple directory traversal vulnerabilities in Claroline | CVE-2005-2598 |
| FULLDISC:20050814 STG Security Advisory: [SSA-20050812-27] Discuz! arbitrary script upload vulnerability | CVE-2005-2614 |
| FULLDISC:20050817 Unicode Buffer Overflow in WinFtp Server 1.6.8 | CVE-2005-2634 |
| FULLDISC:20050818 Re: mutt buffer overflow | CVE-2005-2642 |
| FULLDISC:20050818 mutt buffer overflow | CVE-2005-2642 |
| FULLDISC:20050818 w-agora 4.2.0 and prior Remote Directory Travel Vulnerability | CVE-2005-2648 |
| FULLDISC:20050819 Re: Erroneous Informations - Multiple directory traversal vulnerabilities in Claroline | CVE-2005-2598 |
| FULLDISC:20050823 Server crash in Ventrilo 2.3.0 | CVE-2005-2719 |
| FULLDISC:20050824 mplayer overflow | CVE-2005-2718 |
| FULLDISC:20050825 NOVL-2005010098073 GroupWise Password Caching | CVE-2005-2620 |
| FULLDISC:20050829 Secunia Research: SqWebMail HTML Emails Script Insertion Vulnerability | CVE-2005-2769 |
| FULLDISC:20050831 Dameware critical hole | CVE-2005-2842 |
| FULLDISC:20050901 Multiple Phorum XSS and Session Hijacking vulnerabilities | CVE-2005-2836 |
| FULLDISC:20050902 Re: Multiple Phorum XSS and Session Hijacking vulnerabilities | CVE-2005-2836 |
| FULLDISC:20050905 thesitewizard.com chfeedback.pl CRLF Injection | CVE-2005-2854 |
| FULLDISC:20050913 LDU Version 801 vulnerable | CVE-2005-4821 |
| FULLDISC:20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References | CVE-2005-2983 |
| FULLDISC:20050915 SimpleCDR-X - Insecure tempfile handling | CVE-2005-3012 |
| FULLDISC:20050916 [CIRT.DK - Advisory 37] TAC Vista Webstation 3.0 Directory Traversal bug in webinterface | CVE-2005-3040 |
| FULLDISC:20050916 ncompress insecure temporary file creation | CVE-2005-2991 |
| FULLDISC:20050918 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability | CVE-2005-3026 |
| FULLDISC:20050920 Re: arc insecure temporary file creation | CVE-2005-2992 |
| FULLDISC:20050920 bacula insecure temporary file creation | CVE-2005-2995 |
| FULLDISC:20050920 perldiver | CVE-2005-3066 CVE-2005-3067 |
| FULLDISC:20050923 SecureW2 TLS security problem | CVE-2005-3087 |
| FULLDISC:20050924 It's time for some warez - Qpopper poppassd local r00t exploit | CVE-2005-3098 |
| FULLDISC:20050924 It's time for some warez - wzdftpd remote exploit | CVE-2005-3081 |
| FULLDISC:20050925 ContentServ features remote file disclosure | CVE-2005-3086 |
| FULLDISC:20050925 Server crash and motd deletion in MultiTheftAuto 0.5 patch 1 | CVE-2005-3064 CVE-2005-3065 |
| FULLDISC:20050926 RealPlayer && HelixPlayer Remote Format String | CVE-2005-2710 |
| FULLDISC:20050927 Re: [ISR] - Novell GroupWise Client Integer Overflow | CVE-2005-2804 |
| FULLDISC:20050927 [ISR] - Novell GroupWise Client Integer Overflow | CVE-2005-2804 |
| FULLDISC:20050929 Serendipity: Account Hijacking / CSRF Vulnerability | CVE-2005-3129 |
| FULLDISC:20050929 [NRVA05-08] - Arbitrary file download by NateOn Messagener's ActiveX and DoS | CVE-2005-3113 CVE-2005-3114 |
| FULLDISC:20051003 Kaspersky Antivirus Library Remote Heap Overflow | CVE-2005-3142 |
| FULLDISC:20051004 iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability | CVE-2005-2933 |
| FULLDISC:20051005 Tellme 1.2 | CVE-2005-4698 CVE-2005-4699 CVE-2005-4700 |
| FULLDISC:20051006 OScommerce: "Additional Images" Module SQL Injection | CVE-2005-4677 |
| FULLDISC:20051006 Secunia Research: Webroot Desktop Firewall Two Vulnerabilities | CVE-2005-3197 CVE-2005-3198 |
| FULLDISC:20051007 Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB | CVE-2005-3202 |
| FULLDISC:20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB | CVE-2005-3204 |
| FULLDISC:20051007 Cross-Site-Scripting Vulnerability in Oracle iSQL*Plus | CVE-2005-3205 |
| FULLDISC:20051007 Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB | CVE-2005-3203 |
| FULLDISC:20051007 Shutdown TNS Listener via Oracle Forms Servlet | CVE-2005-3207 |
| FULLDISC:20051007 Shutdown TNS Listener via Oracle iSQL*Plus | CVE-2005-3206 |
| FULLDISC:20051008 xine/gxine CD Player Remote Format String Bug | CVE-2005-2967 |
| FULLDISC:20051011 Secunia Research: WinRAR Format String and Buffer Overflow Vulnerabilities | CVE-2005-3263 |
| FULLDISC:20051012 Secunia Research: Novell NetMail NMAP Agent "USER" Buffer Overflow Vulnerability | CVE-2005-2469 |
| FULLDISC:20051012 ZDI-05-001: VERITAS NetBackup Remote CodeExecution | CVE-2005-2715 |
| FULLDISC:20051012 [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability | CVE-2005-1987 |
| FULLDISC:20051012 [SEC-1 Advisory] GFI MailSecurity 8.1 Web Module Buffer Overflow | CVE-2005-3182 |
| FULLDISC:20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service | CVE-2005-3286 |
| FULLDISC:20051014 CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability | CVE-2005-3190 |
| FULLDISC:20051017 Lynx Remote Buffer Overflow | CVE-2005-3120 |
| FULLDISC:20051019 RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability | CVE-2005-3190 |
| FULLDISC:20051020 Exploit Oracle DB27 - CPU Octobre | CVE-2005-3438 |
| FULLDISC:20051021 F.E.A.R. 1.01 likes lithsock | CVE-2004-1395 |
| FULLDISC:20051022 Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability | CVE-2005-3300 |
| FULLDISC:20051022 Vulnerability in AL-Caricatier, V.2.5 And Prior Versions | CVE-2005-4653 |
| FULLDISC:20051022 phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. | CVE-2005-3310 |
| FULLDISC:20051024 Fwd: Vulnerability in Ar-blog ver 5.2 and prior versions | CVE-2005-3494 CVE-2005-3495 |
| FULLDISC:20051024 php < 4.4.1 htaccess apache dos | CVE-2005-3319 |
| FULLDISC:20051025 PHP iCalendar CSS | CVE-2005-3366 |
| FULLDISC:20051025 Re: [Full-disclosure] SEC-Consult SA 20051025-1 :: RSA ACE Web Agent | CVE-2005-3329 |
| FULLDISC:20051025 Re: [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. | CVE-2005-3477 |
| FULLDISC:20051025 SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS | CVE-2005-3329 |
| FULLDISC:20051025 Snort's BO pre-processor exploit | CVE-2005-3252 |
| FULLDISC:20051026 chmlib exploitable buffer overflow | CVE-2005-3318 |
| FULLDISC:20051027 Hasbani-WindWeb/2.0 Remote DoS [ with exploit ] | CVE-2005-3475 |
| FULLDISC:20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail | CVE-2005-3428 CVE-2005-3429 CVE-2005-3430 CVE-2005-3431 |
| FULLDISC:20051101 HYSA-2005-009 Elite Forum 1.0.0.0 XSS | CVE-2005-3412 |
| FULLDISC:20051101 Snort Back Orifice Preprocessor Exploit (Win32 targets) | CVE-2005-3252 |
| FULLDISC:20051101 new IE bug (confirmed on ALL windows) | CVE-2005-4717 |
| FULLDISC:20051102 Buffer-overflow and crash in FlatFrag 0.3 | CVE-2005-3491 CVE-2005-3492 |
| FULLDISC:20051102 Buffer-overflow and directory traversal in Asus | CVE-2005-3489 CVE-2005-3490 |
| FULLDISC:20051102 Buffer-overflow in GO-Global for Windows | CVE-2005-3483 |
| FULLDISC:20051102 Buffer-overflow in Glider collect'n kill 1.0.0.0 | CVE-2005-3485 |
| FULLDISC:20051102 H4CREW-000002 Sambars 6.3 BETA 2 Proxy.asp XSS | CVE-2005-3506 |
| FULLDISC:20051102 Limited directory traversal in NeroNET 1.2.0.2 | CVE-2005-3484 |
| FULLDISC:20051102 Multiple vulnerabilities in Scorched 3D 39.1 | CVE-2005-3486 CVE-2005-3487 CVE-2005-3488 |
| FULLDISC:20051102 Socket termination in Battle Carry .005 | CVE-2005-3493 |
| FULLDISC:20051102 [ TZO-012005 ] F-Prot/Frisk Anti Virus bypass - ZIP Version Header | CVE-2005-3499 |
| FULLDISC:20051103 Advisory: Apple QuickTime Player Remote Denial Of Service | CVE-2005-2755 |
| FULLDISC:20051103 Buggy blogging | CVE-2005-3101 CVE-2005-3102 CVE-2005-3103 CVE-2005-3104 CVE-2005-4689 CVE-2005-4690 |
| FULLDISC:20051104 Browser cookie handling: possible cross-domain cookie sharing | CVE-2005-4684 CVE-2005-4685 |
| FULLDISC:20051104 Cerberus helpdesk | CVE-2005-3502 |
| FULLDISC:20051104 DMA[2005-1104a] - 'GpsDrive friendsd2 format string vulnerability' | CVE-2005-3523 |
| FULLDISC:20051104 RE: new IE bug (confirmed on ALL windows) | CVE-2005-4717 |
| FULLDISC:20051104 Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability | CVE-2005-3505 |
| FULLDISC:20051105 linux-ftpd-ssl 0.17 warez | CVE-2005-3524 |
| FULLDISC:20051106 http://prdelka.blackart.org.uk/exploitz/prdelka-vs-BSD-ptrace.tar.gz | CVE-2005-4741 |
| FULLDISC:20051115 Authentication vulnerability in Belkin wireless devices | CVE-2005-3802 |
| FULLDISC:20051115 Critical SQL Injection PHPNuke <= 7.8 | CVE-2005-3792 |
| FULLDISC:20051116 Hitachi IP5000 VoIP Wifi phone multiple | CVE-2005-3719 CVE-2005-3720 CVE-2005-3721 CVE-2005-3722 CVE-2005-3723 |
| FULLDISC:20051116 Senao SI-680H VoIP Wifi phone undocumented open port | CVE-2005-3715 |
| FULLDISC:20051116 Zyxel P2000W (Version1) VoIP Wifi phone multiple | CVE-2005-3724 CVE-2005-3725 |
| FULLDISC:20051116 freeftpd USER bufferoverflow | CVE-2005-3683 |
| FULLDISC:20051116 mambo remote code sexecution | CVE-2005-3738 |
| FULLDISC:20051116 re: freeftpd USER bufferoverflow | CVE-2005-3683 |
| FULLDISC:20051117 UTstarcom F1000 VoIP Wifi phone multiple vulnerabilities | CVE-2005-3716 CVE-2005-3717 CVE-2005-3718 |
| FULLDISC:20051117 freeftpd MKD buffer overflow etc... | CVE-2005-3684 |
| FULLDISC:20051118 Secunia Research: MailEnable Buffer Overflow and Directory Traversal Vulnerabilities | CVE-2005-3690 |
| FULLDISC:20051118 Secunia Research: Winmail Server Multiple Vulnerabilities | CVE-2005-3692 CVE-2005-3811 |
| FULLDISC:20051121 Gadu-Gadu several vulnerabilities (version <= 7.20) | CVE-2005-3887 CVE-2005-3888 CVE-2005-3889 CVE-2005-3890 CVE-2005-3891 CVE-2005-3892 |
| FULLDISC:20051122 Cisco PIX TCP Connection Prevention | CVE-2005-3774 |
| FULLDISC:20051122 Google Talk Denial of Service - BenjiBug | CVE-2005-3899 |
| FULLDISC:20051122 OTRS 1.x/2.x Multiple Security Issues | CVE-2005-3893 CVE-2005-3894 CVE-2005-3895 |
| FULLDISC:20051122 Re: Torrential 1.2 getdox.php Directory Traversal | CVE-2005-4253 |
| FULLDISC:20051122 Secunia Research: Opera Command Line URL Shell Command Injection | CVE-2005-3750 |
| FULLDISC:20051122 VHCS 2.x HTTP Error Cross Site Scripting | CVE-2005-3902 |
| FULLDISC:20051124 MailEnable IMAP DOS | CVE-2005-3813 |
| FULLDISC:20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM | CVE-2005-3820 CVE-2005-3821 CVE-2005-3822 CVE-2005-3823 CVE-2005-3824 |
| FULLDISC:20051130 ZRCSA-200504 - dotclear SQL Injection | CVE-2005-3963 |
| FULLDISC:20051201 WinEggDropShell Multiple Remote Stack Overflow | CVE-2005-3992 |
| FULLDISC:20051207 Appfluent Batabase IDS Local Root | CVE-2005-4076 |
| FULLDISC:20051207 Checkpoint SecureClient NGX Security Policy can easily be disabled | CVE-2005-4093 |
| FULLDISC:20051208 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer | CVE-2005-4142 CVE-2005-4143 CVE-2005-4144 CVE-2005-4145 CVE-2005-4146 CVE-2005-4147 CVE-2005-4148 CVE-2005-4149 CVE-2005-4151 |
| FULLDISC:20051208 Perl cal XSS Vulnerability | CVE-2005-4162 |
| FULLDISC:20051208 Re: re: Firefox 1.5 buffer overflow (poc) | CVE-2005-4134 |
| FULLDISC:20051208 re: Firefox 1.5 buffer overflow (poc) | CVE-2005-4134 |
| FULLDISC:20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB | CVE-2005-4199 |
| FULLDISC:20051211 SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook | CVE-2005-4189 |
| FULLDISC:20051213 Secunia Research: Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability | CVE-2005-2829 |
| FULLDISC:20051214 Re: iDefense Security Advisory 12.14.05: Trend Micro ServerProtect relay.dll Chunked Overflow Vulnerability | CVE-2005-1929 |
| FULLDISC:20051215 [scip_Advisory 1910] Alkacon OpenCms 6.0.2 login Cross Site Scripting | CVE-2005-4294 |
| FULLDISC:20051217 XSS Vuln in PlaySmS | CVE-2005-4432 |
| FULLDISC:20051217 phpBB 2.0.18 XSS and Full Path Disclosure | CVE-2005-4357 CVE-2005-4358 |
| FULLDISC:20051219 Authenticated EIGRP DoS / Information leak | CVE-2005-4437 |
| FULLDISC:20051219 Cerberus Helpdesk vulnerabilities | CVE-2005-4427 CVE-2005-4428 |
| FULLDISC:20051219 LiveJournal CSS/JS injection vulnerability | CVE-2005-4454 |
| FULLDISC:20051219 Making unidirectional VLAN and PVLAN jumping bidirectional | CVE-2005-4440 CVE-2005-4441 |
| FULLDISC:20051219 Remote Buffer Overflow in Mailenable Enterprise | CVE-2005-4402 |
| FULLDISC:20051219 Unauthenticated EIGRP DoS | CVE-2002-2208 CVE-2005-4436 |
| FULLDISC:20051219 Unzip *ALL* verisons ;)) | CVE-2005-4667 |
| FULLDISC:20051219 elogd 2.6.0 overflow | CVE-2005-4439 |
| FULLDISC:20051220 Enterprise Connector v.1.02 Multiple SQL | CVE-2005-4563 |
| FULLDISC:20051220 LiveJournal CSS/JS injection vulnerability | CVE-2005-4454 |
| FULLDISC:20051220 RE: Authenticated EIGRP DoS / Information leak | CVE-2002-2208 CVE-2005-4436 CVE-2005-4437 |
| FULLDISC:20051220 Vulnerability in Metadot portal server allows users to gain administrative privileges | CVE-2005-4458 |
| FULLDISC:20051220 [ACSSEC-2005-11-25-0x3] FTGate 4.4 [Build 4.4.000 Oct 26 2005] Cr oss Site Scripting Vulnerability | CVE-2005-4567 |
| FULLDISC:20051220 [ACSSEC-2005-11-25-0x4] FTGate 4.4 [Build 4.4.000 Oct 26 2005] St ack Buffer Overflow | CVE-2005-4569 |
| FULLDISC:20051220 [ACSSEC-2005-11-25-0x5] FTGate 4.4 [Build 4.4.000 Oct 26 2005] Fo rmat String Overflow | CVE-2005-4568 |
| FULLDISC:20051220 [ACSSEC-2005-11-25-0x6] FTGate 4.4 [Build 4.4.000 Oct 26 2005] Fo rmat String Overflow | CVE-2005-4568 |
| FULLDISC:20051220 [ACSSEC-2005-11-27-0x1] Eudora Qualcomm WorldMail 3.0 IMAP4 Servi ce 6.1.19.0 | CVE-2005-4267 |
| FULLDISC:20051220 [ACSSEC-2005-11-27-0x2] Remote Overflows in Mailenable Enterprise 1.1 / Professional 1.7 | CVE-2005-4456 CVE-2005-4457 |
| FULLDISC:20051221 [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others | CVE-2005-4459 |
| FULLDISC:20051222 CYBSEC - Security Advisory: httprint Multiple Vulnerabilities | CVE-2005-4502 CVE-2005-4503 |
| FULLDISC:20051223 SEC Consult SA-20051223-0 :: Multiple Cross Site Scripting Vulnerabilities in OracleAS Discussion Forum Portlet | CVE-2005-4549 |
| FULLDISC:20051223 SEC Consult SA-20051223-1 :: File Disclosure using df_next_page parameter in OracleAS Discussion Forum Portlet | CVE-2005-4550 |
| FULLDISC:20051223 html in simpbook | CVE-2005-4551 |
| FULLDISC:20051225 Advanced Guestbook remote XSS exploit | CVE-2005-4649 |
| FULLDISC:20051227 Juniper NSM remote Denial Of Service | CVE-2005-4587 |
| FULLDISC:20051227 Secunia Research: IceWarp Web Mail Multiple File | CVE-2005-4556 CVE-2005-4557 CVE-2005-4558 CVE-2005-4559 |
| FULLDISC:20051230 PTnet IRCD heap exhaustion and integer overflow | CVE-2005-4624 |
| FULLDISC:20060102 Buffer Overflow vulnerability in Windows Display Manager [Suspected] | CVE-2006-0081 |
| FULLDISC:20060103 Open Xchange XSS | CVE-2006-0091 |
| FULLDISC:20060103 Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] | CVE-2006-0081 |
| FULLDISC:20060104 Rockliffe Directory Transversal Vulnerability | CVE-2006-0127 CVE-2006-0128 |
| FULLDISC:20060104 Rockliffe Mailsite User Enumeration Flaw | CVE-2006-0129 CVE-2006-0130 |
| FULLDISC:20060105 Re: Rockliffe Directory Transversal Vulnerability | CVE-2006-0127 |
| FULLDISC:20060105 Windows PHP 4.x "0-day" buffer overflow | CVE-2006-0097 |
| FULLDISC:20060106 SimpBook "message" Remote Cross-Site Scripting Vulnerability | CVE-2006-0149 |
| FULLDISC:20060108 RE: Windows PHP 4.x "0-day" buffer overflow | CVE-2006-0097 |
| FULLDISC:20060109 Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp) | CVE-2006-0175 |
| FULLDISC:20060109 BSD Securelevels: Circumventing protection of files flagged immutable | CVE-2005-4351 |
| FULLDISC:20060109 Time modification flaw in BSD securelevels on NetBSD and Linux | CVE-2005-4352 |
| FULLDISC:20060110 AspTopSites SQL injection | CVE-2006-0184 |
| FULLDISC:20060110 SUID root overflows in UNICOS and partial shellcode | CVE-2006-0177 CVE-2006-0178 |
| FULLDISC:20060110 [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability | CVE-2006-0010 |
| FULLDISC:20060110 mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation. | CVE-2006-0176 |
| FULLDISC:20060111 Updated Advisories - Incorrect CVE Information | CVE-2005-2340 CVE-2005-3713 |
| FULLDISC:20060111 [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow | CVE-2005-2340 |
| FULLDISC:20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow | CVE-2005-3713 |
| FULLDISC:20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow | CVE-2005-2340 |
| FULLDISC:20060112 Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password change exploit | CVE-2006-0203 |
| FULLDISC:20060112 Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability | CVE-2006-0199 CVE-2006-0203 |
| FULLDISC:20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability | CVE-2005-3710 |
| FULLDISC:20060112 Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability | CVE-2005-3711 |
| FULLDISC:20060112 Fortinet Advisory: Apple QuickTime Player Color Map Entry Size Buffer Overflow | CVE-2005-3709 |
| FULLDISC:20060112 Fortinet Security Advisory: "Apple QuickTime Player Improper Memory Access Vulnerability" | CVE-2005-3707 |
| FULLDISC:20060112 ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability | CVE-2006-0162 |
| FULLDISC:20060113 DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal' | CVE-2006-0212 |
| FULLDISC:20060113 Farmers wife 4.4 sp1 remote SYSTEM access | CVE-2006-0319 |
| FULLDISC:20060115 EZDatabase Directory Transversal, XSS and Path Disclosure Vulnerability | CVE-2006-0315 |
| FULLDISC:20060115 Ultimate Auction <=3.67 | CVE-2006-0217 |
| FULLDISC:20060116 ACT P202S VoIP wireless phone multiple undocumented ports/services | CVE-1999-0635 CVE-2006-0374 CVE-2006-0375 |
| FULLDISC:20060116 Clipcomm CP-100E VoIP wireless desktop phone open debug service TCP/60023 | CVE-2006-0305 |
| FULLDISC:20060116 Clipcomm CPW-100E VoIP wireless handset phone open debug service TCP/60023 | CVE-2006-0305 |
| FULLDISC:20060116 MPM HP-180W VoIP wireless desktop phone undocumented port UDP/9090 | CVE-2006-0360 |
| FULLDISC:20060116 ZyXel P2000W (Version 2) VoIP wireless phone undocumented port UDP/9090 | CVE-2006-0302 |
| FULLDISC:20060117 Oracle DBMS - Access Control Bypass in Login | CVE-2006-0547 |
| FULLDISC:20060118 Fortinet Advisory: BitComet URI Buffer Overflow Vulnerability | CVE-2006-0339 |
| FULLDISC:20060118 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT | CVE-2006-0586 |
| FULLDISC:20060118 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT | CVE-2006-0586 |
| FULLDISC:20060120 RockLiffe MailSite wconsole.dll Denial of Service/Script Injection Vulnerability | CVE-2006-0341 CVE-2006-0342 |
| FULLDISC:20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability | CVE-2005-3653 |
| FULLDISC:20060125 Workaround for unpatched Oracle PLSQL Gateway flaw | CVE-2006-0435 |
| FULLDISC:20060126 Shareaza Remote Vulnerability | CVE-2006-0474 |
| FULLDISC:20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT} | CVE-2006-0272 |
| FULLDISC:20060128 -moz-binding CSS property: more XSS fun | CVE-2006-0496 |
| FULLDISC:20060128 PmWiki Multiple Vulnerabilities | CVE-2006-0479 |
| FULLDISC:20060128 gnome evolution mail client inline text file DoS issue | CVE-2006-0528 |
| FULLDISC:20060129 AOL Instant Messenger 5.9.3861 Local Buffer Overrun Vulnerability | CVE-2006-0629 |
| FULLDISC:20060130 Re: ashnews Cross-Site Scripting Vulnerability | CVE-2003-1292 CVE-2006-0524 |
| FULLDISC:20060130 ashnews Cross-Site Scripting Vulnerability | CVE-2006-0524 |
| FULLDISC:20060131 Re: ashnews Cross-Site Scripting Vulnerability | CVE-2003-1292 CVE-2006-0524 |
| FULLDISC:20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities | CVE-2006-0517 |
| FULLDISC:20060201 Fcrontab - memory corruption on heap. | CVE-2006-0539 |
| FULLDISC:20060202 More on the workaround for the unpatched Oracle PLSQL Gateway flaw | CVE-2006-0435 |
| FULLDISC:20060202 Outblaze Cross Site Scripting Vulnerability | CVE-2006-0568 |
| FULLDISC:20060202 Re: Fcrontab - memory corruption on heap. | CVE-2006-0575 |
| FULLDISC:20060202 The History of the Oracle PLSQL Gateway Flaw | CVE-2006-0435 |
| FULLDISC:20060202 cPanel Multiple Cross Site Scripting Vulnerability | CVE-2006-0573 |
| FULLDISC:20060203 Re: cPanel Multiple Cross Site Scripting | CVE-2006-0533 |
| FULLDISC:20060203 VSR Advisory: IBM Tivoli Access Manager - Web Server Plug-in File Retrieval Vulnerability | CVE-2006-0513 |
| FULLDISC:20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin | CVE-2006-0437 CVE-2006-0438 |
| FULLDISC:20060204 cPanel 10 mime/handle.html XSS Vulnerability | CVE-2006-0574 |
| FULLDISC:20060206 SECURITY.NNOV: The Bat! 2.x message headers spoofing | CVE-2006-0630 |
| FULLDISC:20060206 [ Secuobs - Advisory ] Bluetooth : DoS on hcidump | CVE-2006-0670 |
| FULLDISC:20060206 [Full-disclosure] [ Secuobs - Advisory ] Bluetooth : DoS on | CVE-2006-0671 |
| FULLDISC:20060207 Re: cPanel Multiple Cross Site Scripting Vulnerability | CVE-2006-0763 |
| FULLDISC:20060210 [thunkers.net] D-Link Fragmented UDP DoS Vulnerability | CVE-2005-4723 |
| FULLDISC:20060211 XSS in PlaySMS | CVE-2005-4432 |
| FULLDISC:20060213 Bypass Fortinet anti-virus using FTP | CVE-2005-3057 |
| FULLDISC:20060213 URL filter bypass in Fortinet | CVE-2005-3058 |
| FULLDISC:20060214 XSS and SQL injection in sNews | CVE-2006-0715 CVE-2006-0716 |
| FULLDISC:20060215 HostAdmin - Remote Command Execution Vulnerability | CVE-2006-0791 |
| FULLDISC:20060215 Kadu Remote Denial Of Service Fun | CVE-2006-0768 |
| FULLDISC:20060215 Kyocera Network Printers | CVE-2006-0788 CVE-2006-0789 |
| FULLDISC:20060215 Web Calendar Pro - Denial of Service SQL Injection Vulnerability | CVE-2006-0835 |
| FULLDISC:20060215 [ Secuobs - Advisory ] Another kind of DoS on Nokia cell phones | CVE-2006-0797 |
| FULLDISC:20060215 iUser Ecommerce - Remote Command Execution Vulnerability | CVE-2006-0854 |
| FULLDISC:20060216 Critical SQL Injection PHPNuke <= 7.8 - Your_Account module | CVE-2006-0679 |
| FULLDISC:20060216 Password disclosure and remote access in Netcool/NeuSecure Security information management platform | CVE-2006-0837 CVE-2006-0838 |
| FULLDISC:20060216 Soldier of Fortune II format string through PunkBuster 1.180 | CVE-2006-0771 |
| FULLDISC:20060217 Mozila Thunderbird 1.5 Address Book DoS | CVE-2006-0836 |
| FULLDISC:20060219 Multiple vulnerabilities in PostNuke <= 0.761 | CVE-2006-0800 CVE-2006-0801 CVE-2006-0802 |
| FULLDISC:20060224 Advisory: CilemNews System <= 1.1 Remote SQL | CVE-2006-0961 |
| FULLDISC:20060224 Advisory: Woltlab Burning Board 2.x (JGS-Gallery MOD <= 4.0) multiple XSS vulnerabilities | CVE-2006-0927 |
| FULLDISC:20060225 Advisory: Pentacle In-Out Board <= 6.03 (login.asp) Authencation ByPass Vulnerability | CVE-2006-1000 |
| FULLDISC:20060225 Advisory: Pentacle In-Out Board <= 6.03 (newsdetailsview.asp newsid) Remote SQL Injection Vulnerability | CVE-2006-1000 |
| FULLDISC:20060225 ArGoSoft FTP server remote heap overflow | CVE-2005-0696 |
| FULLDISC:20060227 directory traversal in DirectContact 0.3b | CVE-2006-0971 |
| FULLDISC:20060228 Limbo CMS code execution | CVE-2006-1662 |
| FULLDISC:20060301 NCP VPN/PKI Client - various Bugs | CVE-2006-0964 CVE-2006-0965 CVE-2006-0966 CVE-2006-0967 CVE-2006-0968 |
| FULLDISC:20060301 Woltlab Burning Board 2.x (Datenbank MOD fileid) MultipleVulnerabilities | CVE-2006-1097 |
| FULLDISC:20060307 Multiple vulnerabilities in Alien Arena 2006 GE 5.00 | CVE-2006-1145 CVE-2006-1146 CVE-2006-1147 |
| FULLDISC:20060307 RevilloC mail server USER command heap overflow | CVE-2006-1124 |
| FULLDISC:20060307 capi4hylafax insecure manipulation with tmp files | CVE-2006-1231 |
| FULLDISC:20060307 phpBannerExchange 2.0 Directory Traversal Vulnerability | CVE-2006-1201 |
| FULLDISC:20060308 Noah's Classifieds Multiple Cross-Site Scripting Vulnerabilities | CVE-2006-1331 |
| FULLDISC:20060309 Advisory: Jiros Banner Experience Pro Remote Privilege Escalation. | CVE-2006-1213 |
| FULLDISC:20060310 WinSCP - URI Handler Command Switch Parsing | CVE-2006-3015 |
| FULLDISC:20060311 AntiVir PersonalEdition Classic: Local Privilige Escalation | CVE-2006-1274 |
| FULLDISC:20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3 | CVE-2006-1240 CVE-2006-1241 |
| FULLDISC:20060312 Multiple vulnerabilities in ENet library (Jul 2005) | CVE-2006-1194 CVE-2006-1195 |
| FULLDISC:20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability | CVE-2006-1222 |
| FULLDISC:20060313 Secunia Research: unalz Filename Handling | CVE-2006-0950 |
| FULLDISC:20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net | CVE-2006-1261 CVE-2006-1262 |
| FULLDISC:20060314 [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability | CVE-2006-0031 |
| FULLDISC:20060315 CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior | CVE-2006-1260 |
| FULLDISC:20060316 Mercur IMAPD 5.0 SP3 DoS Exploit or more? | CVE-2006-1255 |
| FULLDISC:20060316 Re: Mercur IMAPD 5.0 SP3 DoS Exploit or more? | CVE-2006-1255 |
| FULLDISC:20060320 [MU-200603-01] MailEnable POP3 Pre-Authentication Buffer Overflow | CVE-2006-1337 CVE-2006-6997 |
| FULLDISC:20060320 [SSAG#001] :: cURL tftp:// URL Buffer Overflow | CVE-2006-1061 |
| FULLDISC:20060321 ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities | CVE-2006-1353 |
| FULLDISC:20060321 DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack' | CVE-2006-1366 CVE-2006-1367 |
| FULLDISC:20060321 IE .hta vulnerability reported | CVE-2006-1388 |
| FULLDISC:20060322 FW: [Full-disclosure] IE crash | CVE-2006-1359 |
| FULLDISC:20060322 IE crash | CVE-2006-1359 |
| FULLDISC:20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution | CVE-2006-1359 |
| FULLDISC:20060322 Re: [SPAM:] - ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses | CVE-2006-1353 |
| FULLDISC:20060322 w3wp remote DoS | CVE-2006-1364 |
| FULLDISC:20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET | CVE-2006-1364 |
| FULLDISC:20060323 Advisory 03/2006: KisMAC Cisco Vendor Tag Encapsulated SSID Overflow | CVE-2006-1385 |
| FULLDISC:20060323 Secunia Research: Orion Application Server JSP Source Disclosure Vulnerability | CVE-2006-0816 |
| FULLDISC:20060323 XOR Crew :: vBulletin ImpEx <= 1.74 - Remote Command Execution Vulnerability | CVE-2006-1382 |
| FULLDISC:20060327 Buffer OverFlow in ILASM and ILDASM | CVE-2006-1510 CVE-2006-1511 |
| FULLDISC:20060327 Determina Fix for the IE createTextRange() bug | CVE-2006-1359 |
| FULLDISC:20060327 HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS | CVE-2006-1425 |
| FULLDISC:20060329 ExplorerXP : Directory Traversal and Cross Site Scripting | CVE-2006-1492 CVE-2006-1493 |
| FULLDISC:20060329 EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability. | CVE-2006-1541 |
| FULLDISC:20060329 [xfocus-SD-060329]MPlayer: Multiple integer overflows | CVE-2006-1502 |
| FULLDISC:20060331 Buffer-overflow and in-game crash in Zdaemon 1.08.01 | CVE-2006-1592 CVE-2006-1593 |
| FULLDISC:20060331 Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit by rgod | CVE-2006-1596 |
| FULLDISC:20060331 Re: [Full-disclosure] Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit by rgod | CVE-2006-1595 |
| FULLDISC:20060331 Windows Help Heap Overflow | CVE-2006-1591 |
| FULLDISC:20060403 Format string in Doomsday 1.8.6 | CVE-2006-1618 |
| FULLDISC:20060404 Buffer-overflow in Ultr@VNC 1.0.1 viewer and server | CVE-2006-1652 |
| FULLDISC:20060404 [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability | CVE-2006-1654 |
| FULLDISC:20060410 Oracle read-only user can insert/update/delete data via specially crafted views | CVE-2006-1705 |
| FULLDISC:20060410 [MU-200604-01] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service | CVE-2006-1721 |
| FULLDISC:20060411 Autogallery Multiple Cross-Site Scripting Vulnerabilitie | CVE-2006-1750 |
| FULLDISC:20060411 JetPhoto Multiple Cross-Site Scripting Vulnerabilitie | CVE-2006-1760 |
| FULLDISC:20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability | CVE-2006-0014 |
| FULLDISC:20060413 PAJAX Remote Code Injection and File Inclusion Vulnerability | CVE-2006-1789 |
| FULLDISC:20060413 PAJAX Remote file inclusion and File Inclusion Vulnerability | CVE-2006-1551 |
| FULLDISC:20060413 SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow | CVE-2006-1834 |
| FULLDISC:20060416 BetaBoard Cross Site Scripting vulnerability | CVE-2006-1891 |
| FULLDISC:20060418 Re: Fortinet28 box does not resist has small synflood! | CVE-2006-1966 |
| FULLDISC:20060418 SQL Injection in package SYS.DBMS_LOGMNR_SESSION | CVE-2006-1871 |
| FULLDISC:20060420 Dr.Web 4.33 antivirus LHA long directory name heap overflow | CVE-2006-4438 |
| FULLDISC:20060420 Sql Injection in BookMark4u | CVE-2006-7025 |
| FULLDISC:20060421 Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities. | CVE-2006-2032 CVE-2006-2033 |
| FULLDISC:20060421 dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities. | CVE-2006-1994 |
| FULLDISC:20060422 Re: MSIE (mshtml.dll) OBJECT tag vulnerability | CVE-2006-1992 |
| FULLDISC:20060423 MSIE (mshtml.dll) OBJECT tag vulnerability | CVE-2006-1992 |
| FULLDISC:20060423 RE: Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities. | CVE-2006-2028 CVE-2006-2029 |
| FULLDISC:20060424 Apple Mac OS X Safari 2.0.3 Vulnerability | CVE-2006-2019 |
| FULLDISC:20060426 Internet Explorer User Interface Races, Redeux | CVE-2006-2094 |
| FULLDISC:20060427 PoC for Internet Explorer Modal Dialog Issue | CVE-2006-2094 |
| FULLDISC:20060503 BankTown's ActiveX Buffer Overflow Vulnerability | CVE-2006-2233 |
| FULLDISC:20060504 bigwebmaster guestbook multiply XSS | CVE-2006-2231 |
| FULLDISC:20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors | CVE-2006-2219 CVE-2006-2220 |
| FULLDISC:20060507 Multiple Vulnerabilities In IdealBB ASP Bulletin Board | CVE-2006-2317 |
| FULLDISC:20060507 [XPA] - ISPConfig <= 2.2.2 - Remote Command Execution Vulnerability | CVE-2006-2315 |
| FULLDISC:20060508 Claroline file inclusion vulnerabilities | CVE-2006-7048 |
| FULLDISC:20060508 Multiple Vulnerabilities In IdealBB ASP Bulletin Board | CVE-2006-2318 CVE-2006-2319 |
| FULLDISC:20060508 Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games | CVE-2006-2082 |
| FULLDISC:20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices | CVE-2006-0515 |
| FULLDISC:20060508 ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability | CVE-2006-0994 |
| FULLDISC:20060508 [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16 | CVE-2006-2271 CVE-2006-2272 |
| FULLDISC:20060509 ICQ Client Cross-Application Scripting (XAS) | CVE-2006-2303 |
| FULLDISC:20060509 [EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow | CVE-2006-0034 |
| FULLDISC:20060510 Microsoft MSDTC NdrAllocate Validation Vulnerability | CVE-2006-0034 |
| FULLDISC:20060511 Several flaws in e-business designer (eBD) | CVE-2006-2347 CVE-2006-2348 CVE-2006-2349 |
| FULLDISC:20060512 Apple QuickTime udta ATOM Heap Overflow | CVE-2006-1460 |
| FULLDISC:20060512 Buffer-overflow and NULL pointer crash in Genecys 0.2 | CVE-2006-2554 CVE-2006-2555 |
| FULLDISC:20060514 POC exploit for freeSSHd version 1.0.9 | CVE-2006-2407 |
| FULLDISC:20060515 Novell NDPS Remote Vulnerability (Server & Client) | CVE-2006-2304 CVE-2006-2327 |
| FULLDISC:20060515 Secunia Research: Abakt ZIP File Handling Buffer | CVE-2006-2161 |
| FULLDISC:20060516 Advisory: Quezza BB <= 1.0 File Inclusion Vulnerability. | CVE-2006-2485 |
| FULLDISC:20060516 ScanAlert Security Advisory | CVE-2006-2437 CVE-2006-2438 |
| FULLDISC:20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection | CVE-2006-3903 CVE-2006-3905 |
| FULLDISC:20060518 CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command | CVE-2006-2547 |
| FULLDISC:20060518 Multiple Vulns in Bitrix CMS | CVE-2006-2476 CVE-2006-2478 |
| FULLDISC:20060519 Apple Safari 2.0.3 (417.9.3) JavaScript - Denial of Service | CVE-2006-3224 |
| FULLDISC:20060521 Skype - URI Handler Command Switch Parsing | CVE-2006-2312 |
| FULLDISC:20060521 [TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostarthttp | CVE-2006-4994 |
| FULLDISC:20060522 Perlpodder Remote Arbitrary Command Execution | CVE-2006-2550 |
| FULLDISC:20060522 Prodder Remote Arbitrary Command Execution | CVE-2006-2548 |
| FULLDISC:20060523 Buffer-overflow in the WebTool service of PunkBuster for servers (minor than v1.229) | CVE-2006-2587 |
| FULLDISC:20060523 VSR Advisory: PDF Tools AG - PDF Form Filling and Flattening Tool Overflow | CVE-2006-2549 |
| FULLDISC:20060526 ZH2006-20 SA: CosmicShoppingCart Multiple Vulnerabilities | CVE-2006-2649 CVE-2006-2650 |
| FULLDISC:20060526 new symantec vuln | CVE-2006-2630 |
| FULLDISC:20060528 *zeroday warez* MDAEMON LATEST VERSION PREAUTH | CVE-2006-2646 |
| FULLDISC:20060528 Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability. | CVE-2006-2735 |
| FULLDISC:20060529 Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions. | CVE-2006-2718 CVE-2006-2719 |
| FULLDISC:20060531 GnuPG fun | CVE-2006-3082 |
| FULLDISC:20060531 RE: GnuPG fun | CVE-2006-3082 |
| FULLDISC:20060601 Joomla/Mambo CMS Component SimpleBoard 1.1 XSS-Vulnerabilities | CVE-2006-2815 |
| FULLDISC:20060601 Re: GnuPG fun | CVE-2006-3082 |
| FULLDISC:20060605 Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker | CVE-2006-2878 |
| FULLDISC:20060605 file upload widgets in IE and Firefox have issues | CVE-2006-2894 CVE-2006-2900 |
| FULLDISC:20060607 MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable | CVE-2006-2926 |
| FULLDISC:20060607 [HV-LOW] Microsoft NetMeeting memory corruption (Brief) | CVE-2006-2919 |
| FULLDISC:20060608 SSL VPNs and security | CVE-2009-2631 |
| FULLDISC:20060609 Re: SSL VPNs and security | CVE-2009-2631 |
| FULLDISC:20060611 WinSCP - URI Handler Command Switch Parsing | CVE-2006-3015 |
| FULLDISC:20060611 tempnam() Bypass unique file name PHP 5.1.4 | CVE-2006-2660 |
| FULLDISC:20060614 SEC Consult SA-20060613-0 :: Outlook Web Access Cross Site Scripting Vulnerability | CVE-2006-1193 |
| FULLDISC:20060614 Sun iPlanet Messaging Server 5.2 root password compromise | CVE-2006-3159 |
| FULLDISC:20060615 Advisory: Authentication bypass in phpBannerExchange | CVE-2006-3012 |
| FULLDISC:20060615 Advisory: Unauthorized password recovery in phpBannerExchange | CVE-2006-3013 |
| FULLDISC:20060615 MySQL DoS | CVE-2006-3081 |
| FULLDISC:20060616 Zeroboard File Upload & extension bypass Vulnerability | CVE-2006-3070 |
| FULLDISC:20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow | CVE-2006-3086 |
| FULLDISC:20060619 Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks | CVE-2006-3109 |
| FULLDISC:20060620 Microsoft Excel File Embedded Shockwave Flash Object Exploit | CVE-2006-3014 |
| FULLDISC:20060620 Re: Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks | CVE-2006-3109 |
| FULLDISC:20060622 [MU-200606-01] Real Helix RTSP Server Heap Corruption Vulnerabilities | CVE-2006-3276 |
| FULLDISC:20060623 NDSD-06-001 | CVE-2006-3275 |
| FULLDISC:20060625 Is Windows TCP/IP source routing PoC code available? | CVE-2006-2379 |
| FULLDISC:20060627 CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability | CVE-2006-3223 |
| FULLDISC:20060627 IE_ONE_MINOR_ONE_MAJOR | CVE-2006-3280 CVE-2006-3281 |
| FULLDISC:20060627 ZDI-06-019: GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability | CVE-2006-3134 |
| FULLDISC:20060629 Multiple Vulnerabilities in PatchLink Update Server 6 | CVE-2006-3425 CVE-2006-3426 CVE-2006-3430 |
| FULLDISC:20060629 Secunia Research: phpRaid SQL Injection and File Inclusion Vulnerabilities | CVE-2006-3116 CVE-2006-3317 |
| FULLDISC:20060630 NCP VPN/PKI Client: UDP Bypassing | CVE-2006-3551 |
| FULLDISC:20060704 [scip_Advisory 2351] Kyberna AG ky2help various form fields SQL Injection | CVE-2006-3541 |
| FULLDISC:20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting | CVE-2006-3550 |
| FULLDISC:20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues | CVE-2006-3548 |
| FULLDISC:20060705 Re: phpSysInfo arbitrary file identification | CVE-2006-3360 |
| FULLDISC:20060705 phpSysInfo arbitrary file identification | CVE-2006-3360 |
| FULLDISC:20060706 Mico crashes when contected with wrong IOR / DoS | CVE-2006-3492 |
| FULLDISC:20060706 Possible code execution in Kaillera 0.86 | CVE-2006-3491 |
| FULLDISC:20060707 MS Word Unchecked Boundary Condition | CVE-2006-3493 |
| FULLDISC:20060707 MS Word Unchecked Boundary Condition Vulnerability - POC | CVE-2006-3493 |
| FULLDISC:20060708 Unauthenticated access to BT Voyager config file | CVE-2006-3561 |
| FULLDISC:20060710 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton) | CVE-2006-3524 |
| FULLDISC:20060710 MIMESweeper For Web 5.X Cross Site Scripting | CVE-2006-3522 |
| FULLDISC:20060710 RE: MIMESweeper For Web 5.X Cross Site Scripting | CVE-2006-3522 |
| FULLDISC:20060710 Re: MIMESweeper For Web 5.X Cross Site Scripting | CVE-2006-3522 |
| FULLDISC:20060711 CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow | CVE-2006-2372 |
| FULLDISC:20060711 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton) | CVE-2006-3524 |
| FULLDISC:20060711 Fuzzing Microsoft Office | CVE-2006-3493 |
| FULLDISC:20060711 [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file | CVE-2006-3663 |
| FULLDISC:20060712 Microsoft Excel Could Allow Remote Code Execution by Malformed FNGROUPCOUNT value Vulnerability | CVE-2006-1308 |
| FULLDISC:20060712 S21Sec-032-en: Vulnerability in Fatwire Content Server | CVE-2006-3679 |
| FULLDISC:20060714 Linux kernel 0day - dynamite inside, don't burn your fingers | CVE-2006-3626 |
| FULLDISC:20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow | CVE-2006-3687 |
| FULLDISC:20060718 Advisory : DeluxeBB mutiple vulnerabilities | CVE-2006-3795 CVE-2006-3796 CVE-2006-3797 CVE-2006-3798 CVE-2006-3799 |
| FULLDISC:20060718 Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21] | CVE-2006-3705 |
| FULLDISC:20060718 Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22] | CVE-2006-3705 |
| FULLDISC:20060718 Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03] | CVE-2006-3698 |
| FULLDISC:20060718 WebScarab <= 20060621-0003 cross site scripting | CVE-2006-3841 |
| FULLDISC:20060719 Multiple Vulnerabilities RPS | CVE-2006-7082 CVE-2006-7083 CVE-2006-7085 |
| FULLDISC:20060720 Advisory: Remote command execution in planetGallery | CVE-2006-3676 |
| FULLDISC:20060720 Cisco MARS < 4.2.1 remote compromise | CVE-2005-2006 CVE-2006-3733 |
| FULLDISC:20060721 Directory Listing in Apache Tomcat 5.x.x | CVE-2006-3835 |
| FULLDISC:20060722 Low security hole affecting IPCalc's CGI wrapper | CVE-2006-3848 |
| FULLDISC:20060724 Hustle -- Tumbleweed Email Firewall Remote | CVE-2006-3901 |
| FULLDISC:20060725 Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities | CVE-2006-7078 |
| FULLDISC:20060725 TP-Book <= 1.00 Cross Site Scripting | CVE-2006-3900 |
| FULLDISC:20060725 [vuln.sg] AGEphone "sipd.dll" SIP Packet Handling Buffer Overflow | CVE-2006-4029 |
| FULLDISC:20060727 Oracle 10g R2 and, probably, all previous versions | CVE-2006-7067 |
| FULLDISC:20060728 Oracle 10g R2 and, probably, all previous versions | CVE-2006-7067 |
| FULLDISC:20060729 Ajax Chat Multiple Vulnerabilities | CVE-2006-3971 CVE-2006-3972 |
| FULLDISC:20060729 X-Poll SQL Injection Vulnerability | CVE-2006-3960 |
| FULLDISC:20060729 X-Statics 1.20 SQL Injection Vulnerability | CVE-2006-3950 |
| FULLDISC:20060730 Banex Multiple Vulnerabilities | CVE-2006-3963 CVE-2006-3964 CVE-2006-3965 |
| FULLDISC:20060802 Content Management Framework "G3" - XSS Vulnerability in Search Function | CVE-2006-4017 |
| FULLDISC:20060803 GaesteChaos <= 0.2 Multiple Vulnerabilities | CVE-2006-4038 CVE-2006-4039 |
| FULLDISC:20060803 GeheimChaos <= 0.5 Multiple SQL Injection | CVE-2006-4118 |
| FULLDISC:20060804 Barracuda Spam Firewall: Administrator Level Remote Command Execution [ID-20060804-01] | CVE-2006-4081 CVE-2006-4082 |
| FULLDISC:20060804 PHPCodeCabinet Vulnerability | CVE-2006-4044 |
| FULLDISC:20060804 linksys WRT54g authentication bypass | CVE-2006-5202 |
| FULLDISC:20060806 0-day XP SP2 wmf exploit | CVE-2006-4071 |
| FULLDISC:20060806 PHP: Zend_Hash_Del_Key_Or_Index Vulnerability | CVE-2006-3017 |
| FULLDISC:20060806 bugs | CVE-2006-7065 |
| FULLDISC:20060807 0-day XP SP2 wmf exploit (some details) | CVE-2006-4071 |
| FULLDISC:20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting) | CVE-2006-3817 |
| FULLDISC:20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76 | CVE-2006-4089 |
| FULLDISC:20060809 PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service | CVE-2006-4131 CVE-2006-4132 |
| FULLDISC:20060809 SmartSiteCMS v1.0 authentication bypass | CVE-2006-7074 |
| FULLDISC:20060810 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) | CVE-2006-4134 |
| FULLDISC:20060811 rPSA-2006-0152-1 squirrelmail | CVE-2006-4019 |
| FULLDISC:20060816 ASSP “get?file” Traversal Vulnerability | CVE-2006-4258 |
| FULLDISC:20060821 TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities | CVE-2006-4370 CVE-2006-4371 |
| FULLDISC:20060822 Major updates in PowerPoint FAQ document - not a 0-day issue | CVE-2006-0009 CVE-2006-4274 |
| FULLDISC:20060822 [vuln.sg] Cool Messenger Server SQL Injection Vulnerability | CVE-2006-4347 |
| FULLDISC:20060824 Advisory 05/2006: Zend Platform Multiple Remote | CVE-2006-4431 |
| FULLDISC:20060824 Integramod Portal <= 2.x File Inclusion | CVE-2006-4368 CVE-2006-4369 |
| FULLDISC:20060824 VistaBB <= 2.x Multiple File Inclusion | CVE-2006-4365 |
| FULLDISC:20060825 ftpd chdir() while root | CVE-2006-5778 |
| FULLDISC:20060829 XSS in HLStats 1.34 | CVE-2006-4454 |
| FULLDISC:20060831 Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list | CVE-2006-4546 CVE-2006-4547 |
| FULLDISC:20060905 Buffer overflow vulnerability in dsocks | CVE-2006-4611 |
| FULLDISC:20060911 KorviBlog - XSS permanent | CVE-2006-4718 |
| FULLDISC:20060911 PHProg : Local File Inclusion + XSS + Full path | CVE-2006-4753 CVE-2006-4754 |
| FULLDISC:20060911 vCAP calendar server Multiple vulnerabilities | CVE-2006-5033 CVE-2006-5034 |
| FULLDISC:20060912 Session Token Remains Valid After Logout in IBM Lotus Domino Web Access | CVE-2006-4763 |
| FULLDISC:20060913 NetPerformer FRAD ACT Multiple Vulnerabilities | CVE-2006-4832 CVE-2006-4833 |
| FULLDISC:20060913 [NETRAGARD-20060822 SECURITY ADVISORY] [ APPLE COMPUTER CORPORATION KEXTLOAD VULNERABILITY + ROXIO TOAST TITANUM 7 HELPER APP - LOCAL ROOT COMROMISE] | CVE-2004-1398 CVE-2006-4866 |
| FULLDISC:20060919 New PowerPoint 0-day Trojan in the wild | CVE-2006-0009 CVE-2006-4854 |
| FULLDISC:20060920 A.I-Pifou (Cookie) Local File Inclusion | CVE-2006-4914 |
| FULLDISC:20060921 FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access | CVE-2006-5038 |
| FULLDISC:20060921 RSA Keyon Log verification bypass vulnerability | CVE-2006-4991 |
| FULLDISC:20060924 Remote File Include in syntaxCMS | CVE-2006-5055 |
| FULLDISC:20060925 Typo3 v4.x: XSS in extension "Indexed Search" | CVE-2006-5069 |
| FULLDISC:20061001 IBM Informix Dynamic Server V10.0 File Clobbering during Install | CVE-2006-5163 |
| FULLDISC:20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) | CVE-2006-5152 |
| FULLDISC:20061002 McAfee EPO Buffer Overflow | CVE-2006-5156 |
| FULLDISC:20061002 Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) | CVE-2006-5152 |
| FULLDISC:20061003 Advisory 08/2006: PHP open_basedir Race Condition Vulnerability | CVE-2006-5178 |
| FULLDISC:20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability | CVE-2004-2478 |
| FULLDISC:20061004 (0-Day) PolyCom IP-301 VoIP Desktop Phone HTTP server DoS and undocumented TCP port 42 | CVE-2006-5233 |
| FULLDISC:20061004 (0-day) Linksys SPA-921 VoIP Desktop Phone HTTP Server DoS | CVE-2006-7121 |
| FULLDISC:20061005 (0-Day) GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP ports and DoS | CVE-2006-5231 |
| FULLDISC:20061006 Secunia Research: HAURI Anti-Virus ALZ Archive Handling Buffer Overflow | CVE-2005-4786 |
| FULLDISC:20061008 SQL injection - moodle | CVE-2006-5219 |
| FULLDISC:20061009 eXpBlog <= 0.3.5 Cross Site Scripting | CVE-2006-5239 |
| FULLDISC:20061011 MHL-2006-002 Public Advisory: "Call-Center-Software" Multiple Security Issues | CVE-2006-7143 CVE-2006-7144 CVE-2006-7145 |
| FULLDISC:20061011 MS06-060 Microsoft Word Memmove Code Execution | CVE-2006-3647 |
| FULLDISC:20061012 Google Earth (kml & kmz files) buffer overflow | CVE-2006-7157 |
| FULLDISC:20061012 XeoPort <= 0.81 SQL Injection Vulnerability | CVE-2006-5285 |
| FULLDISC:20061012 Xeobook <= 0.93 Multiple SQL Injection | CVE-2006-5287 |
| FULLDISC:20061014 Kmail <= 1.9.1 (table/frameset) DOS | CVE-2006-7139 |
| FULLDISC:20061014 Re: Vuln | CVE-2006-7105 |
| FULLDISC:20061014 Vuln | CVE-2006-7105 |
| FULLDISC:20061015 ISS BlackICE PC Protection Filelock protection bypass Vulnerability | CVE-2006-7129 |
| FULLDISC:20061016 Asbru HardCore Web Content Editor - Command Injection | CVE-2006-5258 |
| FULLDISC:20061018 Asterisk remote heap overflow | CVE-2006-5444 |
| FULLDISC:20061018 [MU-200610-01] Denial of Service in XORP OSPFv2 | CVE-2006-5425 |
| FULLDISC:20061018 shttpd long get request vuln ( retro ) | CVE-2006-5216 |
| FULLDISC:20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities | CVE-2006-5499 |
| FULLDISC:20061022 AROUNDMe 0.6.9 remonte file inclusion | CVE-2006-5533 |
| FULLDISC:20061023 SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES | CVE-2006-7138 |
| FULLDISC:20061024 Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability | CVE-2006-5563 |
| FULLDISC:20061024 [vuln.sg] CruiseWorks Directory Traversal and Buffer Overflow Vulnerabilities | CVE-2006-5570 CVE-2006-5571 |
| FULLDISC:20061025 FTPXQ Denial of service exploit. | CVE-2006-5568 |
| FULLDISC:20061026 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability | CVE-2006-5563 |
| FULLDISC:20061027 MHL-2006-003 Public Advisory: "ezOnlineGallery" Multiple Security Issues | CVE-2006-7103 |
| FULLDISC:20061027 parallels Desktop file permission notice | CVE-2006-5817 |
| FULLDISC:20061028 ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability | CVE-2006-5478 |
| FULLDISC:20061030 Firefox <= 2.0 crash | CVE-2006-5633 |
| FULLDISC:20061031 Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech" | CVE-2006-5661 |
| FULLDISC:20061031 Cross Site Scripting (XSS) Vulnerability in Web Mail platform by "Mirapoint" | CVE-2006-5712 |
| FULLDISC:20061031 Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun" | CVE-2006-5652 |
| FULLDISC:20061031 Directory listing on B-FOCuS Wireless 802.11b/g ADSL2+ Router by "ECI Telecom LTD" | CVE-2006-5711 |
| FULLDISC:20061031 Local Heap OverFlow Vulnerability in "Answering Service" of Icq | CVE-2006-5724 |
| FULLDISC:20061104 [x0n3-h4ck.org] Essentia Web Server 2.15 Buffer Overflow | CVE-2006-5850 |
| FULLDISC:20061107 DigiOz Guestbook version 1.7 Path Disclosure | CVE-2006-5651 |
| FULLDISC:20061107 WFTPD Pro Server 3.23 Buffer Overflow | CVE-2006-5826 |
| FULLDISC:20061108 DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit' | CVE-2006-5916 |
| FULLDISC:20061108 WFTPD Pro Server 3.23 Buffer Overflow | CVE-2006-5826 |
| FULLDISC:20061112 ELOG Web Logbook Remote Denial of Service Vulnerability | CVE-2006-6318 |
| FULLDISC:20061113 AVG Anti-Virus - Arbitrary Code Execution (remote) | CVE-2006-5937 CVE-2006-5938 CVE-2006-5939 CVE-2006-5940 |
| FULLDISC:20061114 Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability | CVE-2006-7087 |
| FULLDISC:20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure | CVE-2006-6013 |
| FULLDISC:20061121 GNU tar directory traversal | CVE-2006-6097 |
| FULLDISC:20061121 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability | CVE-2006-6076 |
| FULLDISC:20061122 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability | CVE-2006-6076 |
| FULLDISC:20061127 REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability | CVE-2006-5896 |
| FULLDISC:20061128 Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities | CVE-2006-6113 |
| FULLDISC:20061128 ProFTPD mod_tls pre-authentication buffer overflow | CVE-2006-6170 |
| FULLDISC:20061201 Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability | CVE-2006-6306 |
| FULLDISC:20061201 NetBSD FTPD and ports ***REMOTE ROOOOOT HOLE*** | CVE-2006-6652 |
| FULLDISC:20061201 deV!L`z Clanportal - Arbitrary File Upload [061124b] | CVE-2006-6338 |
| FULLDISC:20061204 F-Prot Antivirus for Unix: heap overflow and Denial of Service | CVE-2006-6293 CVE-2006-6352 |
| FULLDISC:20061206 EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability | CVE-2006-5856 |
| FULLDISC:20061206 Linksys WIP 330 VoIP wireless phone crash from Nmap scan | CVE-2006-6411 |
| FULLDISC:20061209 (no subject) | CVE-2006-6587 |
| FULLDISC:20061210 Another, different MS Word 0-day vulnerability reported | CVE-2006-6456 |
| FULLDISC:20061210 Multiple vulnerabilities in Winamp Web Interface 7.5.13 | CVE-2006-6512 CVE-2006-6513 CVE-2006-6514 CVE-2006-6539 |
| FULLDISC:20061211 Secunia Research: AOL CDDBControl ActiveX Control "SetClientInfo()" Buffer Overflow | CVE-2006-6442 |
| FULLDISC:20061211 The newest Word flaw is due to malformed data structure handling | CVE-2006-6456 |
| FULLDISC:20061213 Coolplayer buffer overflow vulnerabilities | CVE-2006-6288 |
| FULLDISC:20061214 Project Server 2003 - Credential Disclosure | CVE-2006-6617 |
| FULLDISC:20061215 BitDefender AV Packed PE File Parsing Engine Heap Overflow | CVE-2006-6627 |
| FULLDISC:20061219 HP Printers FTP Server Denial Of Service | CVE-2006-6742 |
| FULLDISC:20061220 Oracle Portal 10g HTTP Response Splitting | CVE-2006-6697 |
| FULLDISC:20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting | CVE-2006-6697 |
| FULLDISC:20061221 Microsoft Windows XP/2003/Vista memory corruption 0day | CVE-2006-6696 |
| FULLDISC:20061225 w3m format string bug | CVE-2006-6772 |
| FULLDISC:20061227 WordPress Persistent XSS | CVE-2006-6808 |
| FULLDISC:20061231 edbrowse buffer overflow | CVE-2006-6909 |
| FULLDISC:20070102 Apache 1.3.37 htpasswd buffer overflow vulnerability | CVE-2006-1078 |
| FULLDISC:20070102 Inforamtion Discloser Vulnerabilities in phpMyAdmin | CVE-2007-0095 |
| FULLDISC:20070102 Inforamtion Discloser Vulnerabilities in "phpMyAdmin" | CVE-2007-0095 |
| FULLDISC:20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws) | CVE-2007-0099 |
| FULLDISC:20070104 DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability' | CVE-2007-0051 |
| FULLDISC:20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) | CVE-2007-0099 |
| FULLDISC:20070104 [vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow | CVE-2007-0097 |
| FULLDISC:20070105 NNL-Labs & MNIN - F5 FirePass Security Advisory | CVE-2007-0187 |
| FULLDISC:20070105 [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes | CVE-2007-0136 |
| FULLDISC:20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory | CVE-2007-0186 CVE-2007-0187 CVE-2007-0188 CVE-2007-0195 |
| FULLDISC:20070109 Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite | CVE-2006-5857 |
| FULLDISC:20070109 Sina UC ActiveX Multiple Remote Stack Overflow | CVE-2007-0174 |
| FULLDISC:20070110 EIQ Networks Network Security Analyzer DoS Vulnerability | CVE-2007-0228 |
| FULLDISC:20070115 Rixstep aren't as leet as they thought they were | CVE-2007-0336 |
| FULLDISC:20070117 Flaw in AVM UPNP service for windows | CVE-2007-0357 |
| FULLDISC:20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit | CVE-2007-0353 |
| FULLDISC:20070118 The Quidway Router local DOS | CVE-2007-0488 |
| FULLDISC:20070118 The vulnerabilities festival ! | CVE-2006-6945 CVE-2007-0372 CVE-2007-0373 CVE-2007-0374 CVE-2007-0375 CVE-2007-0376 CVE-2007-0377 CVE-2007-0378 CVE-2007-0379 CVE-2007-0380 CVE-2007-0381 CVE-2007-0382 CVE-2007-0383 CVE-2007-0384 CVE-2007-0385 CVE-2007-0386 CVE-2007-0387 |
| FULLDISC:20070118 [x0n3-h4ck] sabros.us 1.7 XSS Exploit | CVE-2007-0390 |
| FULLDISC:20070118 mbsebbs 0.70.0 & below local root exploit | CVE-2007-0368 |
| FULLDISC:20070119 DoS against AVM Fritz!Box 7050 (and others) | CVE-2007-0431 |
| FULLDISC:20070119 Layered Defense Research Advisory: BitDefender Client 8.02 Format String Vulnerability | CVE-2007-0391 |
| FULLDISC:20070119 WzdFTPD < 8.1 Denial of service | CVE-2007-0428 |
| FULLDISC:20070121 RubyGems 0.9.0 and earlier installation exploit | CVE-2007-0469 |
| FULLDISC:20070122 Check Point Connectra End Point security bypass | CVE-2007-0471 |
| FULLDISC:20070125 Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability | CVE-2007-0617 |
| FULLDISC:20070125 [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery] | CVE-2006-6701 |
| FULLDISC:20070128 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS) | CVE-2007-0612 |
| FULLDISC:20070129 CVSTrac 2.0.0 Denial of Service (DoS) vulnerability | CVE-2007-0347 |
| FULLDISC:20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS) | CVE-2007-0612 |
| FULLDISC:20070201 Omegaboard v1.0b4 (phpbb_root_path) Remote File Include Exploit | CVE-2007-0683 |
| FULLDISC:20070201 Remote Sql Injection in EasyMoblog 0.5.1 | CVE-2007-0759 |
| FULLDISC:20070201 Remote Sql Injection in EasyMoblog 0.5.1 # 2 | CVE-2007-0759 |
| FULLDISC:20070201 umount crash and xterm (kind of) information leak! | CVE-2007-0822 CVE-2007-0823 |
| FULLDISC:20070203 Web 2.0 backdoors made easy with MSIE & XMLHttpRequest | CVE-2005-4827 |
| FULLDISC:20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops | CVE-2007-0800 |
| FULLDISC:20070205 Re: Firefox + popup blocker + XMLHttpRequest + srand() = oops | CVE-2007-0800 |
| FULLDISC:20070206 Medium level security hole in FreeProxy | CVE-2007-0838 |
| FULLDISC:20070206 PS Information Leak on HP True64 Alpha OSF1 v5.1 1885 | CVE-2007-0805 |
| FULLDISC:20070207 Alibaba Alipay Remote Code Execute Vulnerability-0DAY | CVE-2007-0827 |
| FULLDISC:20070208 Axigen <2.0.0b1 DoS | CVE-2007-0886 CVE-2007-0887 |
| FULLDISC:20070208 SecurityVulns.com: HP Network Node Manager remote console weak files permissions | CVE-2007-0819 |
| FULLDISC:20070209 Denial Of Service in Internet Explorer for MS Windows Mobile 5.0 | CVE-2007-0878 |
| FULLDISC:20070209 Re: [WEB SECURITY] Plain Old Webserver - The coolest firefox extension | CVE-2007-0872 |
| FULLDISC:20070211 "0day was the case that they gave me" | CVE-2007-0882 |
| FULLDISC:20070211 Arbitrary file disclosure vulnerability in IP3 NetAccess < 4.1.9.6 | CVE-2007-0883 |
| FULLDISC:20070211 Firefox focus stealing vulnerability (possibly other browsers) | CVE-2006-2894 |
| FULLDISC:20070211 Multiple vulnerabilities in phpMyVisites | CVE-2007-0891 CVE-2007-0892 CVE-2007-0893 |
| FULLDISC:20070213 Aruba Mobility Controller Management Buffer Overflow | CVE-2007-0931 |
| FULLDISC:20070213 Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account | CVE-2007-0932 |
| FULLDISC:20070214 MailEnable DoS POC | CVE-2007-0955 |
| FULLDISC:20070214 MailEnable DoS POC-2 | CVE-2007-0955 |
| FULLDISC:20070215 Comodo DLL injection via weak hash function exploitation Vulnerability | CVE-2007-1051 |
| FULLDISC:20070215 Word flaw CVE-2007-0870 confirmed as code execution type issue | CVE-2007-0870 |
| FULLDISC:20070220 Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final | CVE-2007-1061 |
| FULLDISC:20070221 Firefox bookmark cross-domain surfing vulnerability | CVE-2007-1084 |
| FULLDISC:20070222 Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) | CVE-2007-1092 |
| FULLDISC:20070222 Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak | CVE-2007-0843 |
| FULLDISC:20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too) | CVE-2007-1091 CVE-2007-1095 |
| FULLDISC:20070226 Local user to root escalation in apache 1.3.34 (Debian only) | CVE-2006-7098 |
| FULLDISC:20070226 SEC Consult SA-20070226-0 :: File Disclosure in | CVE-2007-1158 |
| FULLDISC:20070226 WordPress AdminPanel CSRF/XSS - 0day | CVE-2007-1244 |
| FULLDISC:20070227 Nullsoft ShoutcastServer Persistant XSS - 0day | CVE-2007-1229 |
| FULLDISC:20070227 RE: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) | CVE-2007-1256 |
| FULLDISC:20070227 Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) | CVE-2007-1256 |
| FULLDISC:20070227 Re:SEC Consult SA-20070226-0 :: File Disclosure | CVE-2007-1158 |
| FULLDISC:20070228 Quicksilver Social Bookmark plugin v.8F: password in clear text | CVE-2007-1191 |
| FULLDISC:20070301 MPlayer DMO buffer overflow | CVE-2007-1246 |
| FULLDISC:20070301 tcpdump: off-by-one heap overflow in 802.11 printer | CVE-2007-1218 |
| FULLDISC:20070304 Konqueror DoS Via JavaScript Read Of FTP Iframe | CVE-2007-1308 |
| FULLDISC:20070306 Apple QuickTime udta ATOM Integer Overflow | CVE-2007-0714 |
| FULLDISC:20070306 Mercury/32 4.01b | CVE-2007-1373 |
| FULLDISC:20070306 silc-server 1.0.2 denial-of-service vulnerability | CVE-2007-1327 |
| FULLDISC:20070313 Unrarlib 0.4.0 (urarlib_get) Local buffer overflow | CVE-2007-1457 |
| FULLDISC:20070314 [Advisory]McAfee ePolicy Orchestrator Multiple Remote Buffer Overflow Vulnerabilities | CVE-2007-1498 |
| FULLDISC:20070315 Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues | CVE-2007-1515 |
| FULLDISC:20070315 Norton Insufficient validation of 'SymTDI' driver | CVE-2007-1476 |
| FULLDISC:20070319 Asterisk SDP DOS vulnerability | CVE-2007-1561 |
| FULLDISC:20070319 w-agora version 4.2.1 Information Disclosure Vulnerability | CVE-2007-0607 |
| FULLDISC:20070320 Mercur SP4 IMAPD | CVE-2007-1578 |
| FULLDISC:20070321 Grandstream Budge Tone-200 denial of service vulnerability | CVE-2007-1590 |
| FULLDISC:20070323 Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability | CVE-2007-1658 |
| FULLDISC:20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability | CVE-2007-1658 |
| FULLDISC:20070323 dproxy - arbitrary code execution through stack buffer overflow vulnerability | CVE-2007-1465 |
| FULLDISC:20070327 Remote DOS HP JetDirect Print Servers | CVE-2007-1772 |
| FULLDISC:20070327 SignKorea's ActiveX Buffer Overflow Vulnerability | CVE-2007-1722 |
| FULLDISC:20070329 CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability | CVE-2007-1785 |
| FULLDISC:20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) | CVE-2007-0038 |
| FULLDISC:20070331 Re: dproxy-nexgen remote | CVE-2007-1866 |
| FULLDISC:20070331 dproxy-nexgen remote | CVE-2007-1866 |
| FULLDISC:20070403 HP Mercury Quality Center Any SQL execution | CVE-2007-1882 |
| FULLDISC:20070412 Dotclear 1.* Cross Site Scripting Vulnerability | CVE-2007-1989 |
| FULLDISC:20070418 Firefox 2.0.0.3 Phishing Protection Bypass Vulnerability | CVE-2007-0802 |
| FULLDISC:20070419 XSS in freePBX 2.2.x portal's Asterisk Log tool | CVE-2007-2191 |
| FULLDISC:20070420 eXtremail-v9 | CVE-2007-2187 CVE-2007-2188 |
| FULLDISC:20070421 OpenSSH - System Account Enumeration if S/Key is used | CVE-2007-2243 |
| FULLDISC:20070421 freePBX 2.2.x's Music-on-hold Remote Code Execution Injection | CVE-2007-2350 |
| FULLDISC:20070424 Linksys SPA941 remote DOS with \377 character | CVE-2007-2270 |
| FULLDISC:20070424 OpenSSH - System Account Enumeration if S/Key is used | CVE-2007-2243 |
| FULLDISC:20070424 Re: OpenSSH - System Account Enumeration if S/Key is used | CVE-2007-2768 |
| FULLDISC:20070424 Security Advisory: CA CleverPath SQL Injection | CVE-2007-2230 |
| FULLDISC:20070427 mydns-1.1.0 remote heap overflow | CVE-2007-2362 |
| FULLDISC:20070430 Aventail Connect SSL VPN Client Buffer Overflow | CVE-2007-2434 |
| FULLDISC:20070501 Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file | CVE-2007-2671 |
| FULLDISC:20070509 Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039) | CVE-2007-0039 |
| FULLDISC:20070511 Teamspeak Server 2.0.20.1 Vulnerabilities | CVE-2007-4529 CVE-2007-4530 |
| FULLDISC:20070512 CommuniGate Pro web mail persistent cross-site scripting vulnerability | CVE-2007-2718 |
| FULLDISC:20070512 Cross-site Scripting in EQDKP 1.3.2c and prior | CVE-2007-2716 |
| FULLDISC:20070512 Re: Cross-site Scripting in EQDKP 1.3.2c and prior | CVE-2007-2716 |
| FULLDISC:20070513 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities | CVE-2007-0689 |
| FULLDISC:20070514 SonicBB version 1.0 Multiple Path Disclosure Vulnerabilities | CVE-2007-1901 |
| FULLDISC:20070514 SonicBB version 1.0 Multiple SQL Injection Vulnerabilities | CVE-2007-1902 |
| FULLDISC:20070514 SonicBB version 1.0 XSS Attack Vulnerabilities | CVE-2007-1903 |
| FULLDISC:20070514 WordPress 2.1.3 Akismet Vulnerability | CVE-2007-2714 |
| FULLDISC:20070518 PsychoStats 3.0.6b and prior | CVE-2007-2780 |
| FULLDISC:20070518 Re: PsychoStats 3.0.6b and prior | CVE-2007-2780 |
| FULLDISC:20070521 Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities | CVE-2007-2684 |
| FULLDISC:20070521 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities | CVE-2007-2685 |
| FULLDISC:20070522 GMTT Music Distro 1.2 Vulnerable to XSS | CVE-2007-2916 |
| FULLDISC:20070522 Jetbox CMS version 2.1 XSS Attack Vulnerability | CVE-2007-2686 |
| FULLDISC:20070522 KSign KSignSWAT ActiveX Control Multiple Buffer Overflows Vulnerability | CVE-2007-2820 |
| FULLDISC:20070522 Question Regarding IIS 6.0 / Is this a DoS??? | CVE-2007-2897 |
| FULLDISC:20070522 phpPgAdmin XSS Vulnerability | CVE-2007-2865 |
| FULLDISC:20070523 Cisco CallManager 4.1 Input Validation Vulnerability | CVE-2007-2832 |
| FULLDISC:20070523 Re: Question Regarding IIS 6.0 / Is this a DoS??? | CVE-2007-2897 |
| FULLDISC:20070524 n.runs-SA-2007.008 - Avast! Antivirus CAB parsing | CVE-2007-2845 |
| FULLDISC:20070525 n.runs-SA-2007.009 - Avast! Antivirus SIS parsing Arbitrary Code Execution Advisory | CVE-2007-2846 |
| FULLDISC:20070527 phpPgAdmin Multiple XSS Vulnerabilities | CVE-2007-5728 |
| FULLDISC:20070528 Uebimiau Webmail Multiple Vulnerabilities | CVE-2007-3170 CVE-2007-3171 CVE-2007-3172 |
| FULLDISC:20070528 n.runs-SA-2007.010 - Avira Antivir Antivirus LZH parsing Arbitrary Code Execution Advisory | CVE-2007-2974 |
| FULLDISC:20070529 n.runs-SA-2007.011 - Avira Antivir Antivirus UPX | CVE-2007-2972 |
| FULLDISC:20070601 PHPLive ALL VERSION: RFI + XSS | CVE-2007-3060 |
| FULLDISC:20070601 static XSS / SQL-Injection in Omegasoft Insel | CVE-2007-2992 CVE-2007-2993 |
| FULLDISC:20070604 Assorted browser vulnerabilities | CVE-2007-3089 CVE-2007-3091 CVE-2007-3092 CVE-2008-0591 |
| FULLDISC:20070604 Full Path Disclosure eqDKP 1.3.2c and prior | CVE-2007-3079 |
| FULLDISC:20070604 Kevin Johnson BASE <= 1.3.6 authentication bypass | CVE-2007-5578 |
| FULLDISC:20070604 n.runs-SA-2007.014 - F-Secure Antivirus ARJ parsing Infinite Loop Advisory | CVE-2007-2967 |
| FULLDISC:20070604 n.runs-SA-2007.015 - F-Secure Antivirus FSG packed files parsing Infinite Loop Advisory | CVE-2007-2967 |
| FULLDISC:20070604 screen 4.0.3 local Authentication Bypass | CVE-2007-3048 |
| FULLDISC:20070605 Cacti Denial of Service | CVE-2007-3112 |
| FULLDISC:20070606 Kevin Johnson BASE <= 1.3.6 authentication bypass | CVE-2007-5578 |
| FULLDISC:20070606 Yahoo 0day ActiveX Webcam Exploit | CVE-2007-3147 |
| FULLDISC:20070607 2nd Yahoo 0day ActiveX Exploit | CVE-2007-3148 |
| FULLDISC:20070608 CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow | CVE-2007-1685 |
| FULLDISC:20070608 Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow | CVE-2007-1685 CVE-2007-1783 |
| FULLDISC:20070608 SafeNET High Assurance Remote/SoftRemote (IPSecDrv.sys) remote DoS | CVE-2007-3157 |
| FULLDISC:20070610 Serious holes affecting JFFNMS | CVE-2007-3189 CVE-2007-3190 CVE-2007-3191 CVE-2007-3192 |
| FULLDISC:20070611 TippingPoint detection bypass | CVE-2007-3711 |
| FULLDISC:20070612 Safari for Windows, 0day URL protocol handler command injection | CVE-2007-3186 |
| FULLDISC:20070612 using matasano's blackbag/deezee to find 0day and stuff | CVE-2007-3232 |
| FULLDISC:20070614 Letterman subscriber module XSS vulnerability | CVE-2007-3249 |
| FULLDISC:20070614 Re: Apple Safari: urlbar/window title spoofing | CVE-2007-2398 |
| FULLDISC:20070617 H4CREW-000005 EasyNews Pro 4.0 XSS & CSRF | CVE-2007-3330 CVE-2007-3331 |
| FULLDISC:20070617 Utopia News Pro version 1.4.0 XSS Attack Vulnerability | CVE-2007-3129 |
| FULLDISC:20070617 WSPortal version 1.0 Path Disclosure Vulnerability | CVE-2007-3127 |
| FULLDISC:20070617 WSPortal version 1.0 SQL Injection Vulnerability | CVE-2007-3128 |
| FULLDISC:20070624 Papoo CMS 3.6 - Access Restriction Bypass | CVE-2007-3494 |
| FULLDISC:20070625 Calendarix version 0.7. 20070307 Multiple Path Disclosure | CVE-2007-3258 |
| FULLDISC:20070625 Safari Bookmarks Buffer Overflow Vulnerability | CVE-2007-3376 |
| FULLDISC:20070627 eTicket version 1.5.5 Path Disclosure | CVE-2007-2800 |
| FULLDISC:20070627 eTicket version 1.5.5 XSS Attack Vulnerability | CVE-2007-2801 |
| FULLDISC:20070628 Re: Intel Core 2 CPUs are buggy. Patch your cpus :D | CVE-2006-7215 |
| FULLDISC:20070630 New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities | CVE-2007-3511 |
| FULLDISC:20070630 Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities | CVE-2007-3511 |
| FULLDISC:20070701 Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing. | CVE-2007-3550 |
| FULLDISC:20070702 Yoggie Pico Pro Remote Code Execution | CVE-2007-3572 |
| FULLDISC:20070703 Cross Site Scripting in Oliver Library Management System | CVE-2007-3569 |
| FULLDISC:20070705 Internet Communication Manager Denial Of Service Attack | CVE-2007-3615 |
| FULLDISC:20070705 Re: Yoggie Pico Pro Remote Code Execution | CVE-2007-3572 |
| FULLDISC:20070709 Anti-DNS Pinning and Java Applets | CVE-2007-5273 |
| FULLDISC:20070709 CodeIgniter 1.5.3 vulnerabilities | CVE-2007-3706 CVE-2007-3707 CVE-2007-3708 CVE-2007-3709 |
| FULLDISC:20070710 Internet Explorer 0day exploit | CVE-2007-3670 |
| FULLDISC:20070710 Portcullis Computer Security Ltd - Advisories | CVE-2007-3768 CVE-2007-3769 CVE-2007-3784 |
| FULLDISC:20070710 TippingPoint IPS Signature Evasion | CVE-2007-3701 |
| FULLDISC:20070710 [GOODFELLAS - VULN] sasatl.dll 1.5.0.531 Program Checker - Javascript Heap Spraying Exploit | CVE-2007-3703 |
| FULLDISC:20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. | CVE-2007-3725 |
| FULLDISC:20070711 SUN Java JNLP Overflow | CVE-2007-3655 |
| FULLDISC:20070711 durito: enVivo!CMS SQL injection | CVE-2005-1413 CVE-2007-3783 |
| FULLDISC:20070713 Element CMS script insertion vulnerability | CVE-2007-3886 |
| FULLDISC:20070713 PIRS2007 local buffer overflow vulnerability | CVE-2007-3815 |
| FULLDISC:20070714 paFileDB 3.6 (search.php) Remote SQL Injection | CVE-2007-3808 |
| FULLDISC:20070716 ExLibris Aleph and Metalib Cross Site Scripting Attack | CVE-2007-3835 |
| FULLDISC:20070716 Yahoo Messenger 8.1 Buffer Overflow | CVE-2007-3928 |
| FULLDISC:20070717 [Sec-1 Ltd] Advisory: MailMarshal Spam Quarantine Password Retrieval Vulnerability | CVE-2007-3796 |
| FULLDISC:20070718 Can CERT VU#786920 be right? | CVE-2007-3832 |
| FULLDISC:20070721 CVE-2007-3383: XSS in Tomcat send mail example | CVE-2007-3383 |
| FULLDISC:20070721 [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos | CVE-2007-3816 |
| FULLDISC:20070722 Re: [CVE 2007-3816] [Advisory] Vulnerability Facts Related JWIG Advisory | CVE-2007-3816 |
| FULLDISC:20070723 [CVE 2007-3816] [Advisory] Vulnerability Facts Related JWIG Advisory | CVE-2007-3816 |
| FULLDISC:20070725 Mozilla protocol abuse | CVE-2007-4038 CVE-2007-4039 CVE-2007-4040 |
| FULLDISC:20070726 WordPress wp-feedstats persistent XSS | CVE-2007-4104 |
| FULLDISC:20070726 [CVE 2007-3816] [Advisory] Vulnerability Facts Related JWIG Advisory | CVE-2007-3816 |
| FULLDISC:20070730 Security Testing Enterprise Messaging Systems | CVE-2007-4158 CVE-2007-4159 CVE-2007-4160 CVE-2007-4161 CVE-2007-4162 |
| FULLDISC:20070731 CAL-20070730-1 BlueSkyCat ActiveX Remote Heap Overflow vulnerability | CVE-2007-4145 |
| FULLDISC:20070802 DVD Rental System multiple XSS and CSRF vulnerabilities | CVE-2007-4192 CVE-2007-4193 |
| FULLDISC:20070806 Konqueror: URL address bar spoofing vulnerabilities | CVE-2007-4224 CVE-2007-4225 |
| FULLDISC:20070808 XSS vulnerability in Cisco MeetingPlace | CVE-2007-4284 |
| FULLDISC:20070812 Vulnerability in multiple "now playing" scripts for various IRC clients | CVE-2007-4396 CVE-2007-4397 CVE-2007-4398 CVE-2007-4399 CVE-2007-4400 CVE-2007-4401 CVE-2007-4402 CVE-2007-4403 |
| FULLDISC:20070814 Multiple vulnerabilities in Live for Speed 0.5X10 | CVE-2007-4425 CVE-2007-4426 |
| FULLDISC:20070814 Remote Memory Read in Diskeeper 9 - 2007 | CVE-2007-4375 |
| FULLDISC:20070814 Stop WabiSabiLabi Hacker Oppression NOW | CVE-2007-4377 |
| FULLDISC:20070818 Mercury SMTPD Remote Preauth Stack Based Overrun | CVE-2007-4440 |
| FULLDISC:20070820 10 messages SIP Remote DOS on Cisco 7940 SIP Phone | CVE-2007-4459 |
| FULLDISC:20070820 3 messsages attack remote DOS on Cisco 7940 | CVE-2007-4459 |
| FULLDISC:20070821 AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver | CVE-2007-4455 |
| FULLDISC:20070822 Remote eavesdropping with SIP Phone GXV-3000 | CVE-2007-4498 |
| FULLDISC:20070823 DOS vulnerability on Thomson SIP phone ST 2030 using the VIA Header | CVE-2007-4553 |
| FULLDISC:20070823 Ipswitch FTP XSS leads to FTP server compromise | CVE-2007-4555 |
| FULLDISC:20070824 [MU-200708-01] Helix DNA Server Heap Corruption | CVE-2007-4561 |
| FULLDISC:20070826 SIDVault LDAP Server Remote Buffer Overflow | CVE-2007-4566 |
| FULLDISC:20070827 DOS vulnerability on Thomson SIP phone ST 2030 using the TO Header | CVE-2007-4753 |
| FULLDISC:20070827 Stampit Web - DoS (CVE-2007-3871) | CVE-2007-3871 |
| FULLDISC:20070828 DOS vulnerability on Thomson SIP phone ST 2030 using an empty packet | CVE-2007-4753 |
| FULLDISC:20070829 Multiple eScan products insecure file permissions | CVE-2007-4649 |
| FULLDISC:20070904 212cafeBoard Sql injection | CVE-2007-4719 |
| FULLDISC:20070905 Format string and clients disconnection in Alien Arena 2007 6.10 | CVE-2007-4754 CVE-2007-4755 |
| FULLDISC:20070911 RealPlayer/HelixPlayer .au Divide-By-Zero Denial of Service Vulnerability | CVE-2007-4884 CVE-2007-4885 CVE-2007-4904 |
| FULLDISC:20070912 S21SEC-036-EN Ekiga <= 2.0.5 Denial of service | CVE-2007-4897 |
| FULLDISC:20070915 Drupal Link to Us Module Contains XSS Vulnerability | CVE-2008-4149 |
| FULLDISC:20070916 python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module | CVE-2007-4965 |
| FULLDISC:20070917 Alcatel-Lucent OmniPCX Remote Command Execution | CVE-2007-3010 |
| FULLDISC:20070918 [MU-200709-02] Dibbler Remote Denial of Service Vulnerability | CVE-2007-5029 CVE-2007-5030 CVE-2007-5031 |
| FULLDISC:20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player | CVE-2004-0813 CVE-2006-1174 CVE-2006-3619 CVE-2006-4146 CVE-2006-4600 CVE-2007-0061 CVE-2007-0062 CVE-2007-0063 CVE-2007-0494 CVE-2007-1716 CVE-2007-1856 CVE-2007-2442 CVE-2007-2443 CVE-2007-2446 CVE-2007-2447 CVE-2007-2798 CVE-2007-4059 CVE-2007-4155 CVE-2007-4496 CVE-2007-4497 CVE-2007-5617 CVE-2007-5618 |
| FULLDISC:20070924 JSPWiki Multiple Input Validation Vulnerabilities | CVE-2007-5119 CVE-2007-5120 CVE-2007-5121 |
| FULLDISC:20070925 SimpNews version 2.41.03 File Content Disclosure Vulnerability | CVE-2007-4873 |
| FULLDISC:20070925 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities | CVE-2007-4872 |
| FULLDISC:20070927 Re: CAT6500 accessible via 127.0.0.x loopback addresses | CVE-2007-5134 |
| FULLDISC:20070930 Re: [Full-disclosure] feedreader3 has XSS vulnerability | CVE-2007-5161 |
| FULLDISC:20071003 Hijacking Feeds with Feedburner | CVE-2007-5229 |
| FULLDISC:20071004 Vba32 AntiVirus v3.12.2 insecure file permissions | CVE-2007-5254 |
| FULLDISC:20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype | CVE-2007-3896 |
| FULLDISC:20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype | CVE-2007-3896 |
| FULLDISC:20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype | CVE-2007-3896 |
| FULLDISC:20071009 Owning the internal network with SIP (part 1) and a Linksys Phone | CVE-2007-5411 |
| FULLDISC:20071012 CallManager and OpeSer toll fraud and authentication forward attack | CVE-2007-5468 CVE-2007-5469 |
| FULLDISC:20071013 Netgear SSL312 XSS vulnerability | CVE-2007-5562 |
| FULLDISC:20071013 PHP File Sharing System 1.5.1 | CVE-2007-5454 |
| FULLDISC:20071014 Apache Tomcat Rem0Te FiLe DiscloSure ZeroDay | CVE-2007-5461 |
| FULLDISC:20071015 CallManager and OpeSer toll fraud and authentication forward attack | CVE-2007-5468 CVE-2007-5469 |
| FULLDISC:20071017 AST-2007-023: SQL Injection POC and details | CVE-2007-5488 |
| FULLDISC:20071022 Re: [Full-disclosure] ifnet.it WEBIF XSS Vulnerability | CVE-2007-5673 |
| FULLDISC:20071022 ifnet.it WEBIF XSS Vulnerability | CVE-2007-5673 |
| FULLDISC:20071023 3proxy double free vulnerability | CVE-2007-5622 |
| FULLDISC:20071023 Miranda IM Multiple Buffer Overflow Vulnerabilities | CVE-2007-5542 CVE-2007-5543 |
| FULLDISC:20071031 SEC Consult SA-20071031-0 :: Perdition IMAP Proxy Format String Vulnerability | CVE-2007-5740 |
| FULLDISC:20071102 Firefox 2.0.0.9 remote DoS vulnerability | CVE-2007-5896 |
| FULLDISC:20071106 MySQL 5.x DoS (unknown) | CVE-2007-5925 |
| FULLDISC:20071113 WebEx GPCContainer Memory Access Violation | CVE-2007-6005 |
| FULLDISC:20071115 ComponentOne FlexGrid 7.1 Light Multiple Stack Overflows | CVE-2007-6028 |
| FULLDISC:20071116 Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability | CVE-2007-6026 |
| FULLDISC:20071116 [RISE-2007004] Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability | CVE-2007-4684 |
| FULLDISC:20071119 Wordpress Cookie Authentication Vulnerability | CVE-2007-6013 |
| FULLDISC:20071127 CORE-2007-0821: Lotus Notes buffer overflow in the Lotus WorkSheet file processor | CVE-2007-6593 |
| FULLDISC:20071130 Yahoo Toolbar Helper c() Method Stack Overflow DoS | CVE-2007-6228 |
| FULLDISC:20071205 Cisco Phone 7940 remote DOS | CVE-2007-5583 |
| FULLDISC:20071205 Nokia N95 cellphone remote DoS using the SIP Stack | CVE-2007-6371 |
| FULLDISC:20071206 HackerSafe Labs - Security Advisory - Xigla Absolute Banner Manager v4.0 | CVE-2007-6291 |
| FULLDISC:20071207 Heimdal ftpd uninitialized vulnerability | CVE-2007-5939 |
| FULLDISC:20071207 netkit-ftpd/ftp uninitialized vulnerability | CVE-2007-5769 CVE-2007-6263 |
| FULLDISC:20071208 Cisco Phone 7940 remote DOS | CVE-2007-5583 |
| FULLDISC:20071208 MIT Kerberos 5: Multiple vulnerabilities | CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972 |
| FULLDISC:20071208 Re: Cisco Phone 7940 remote DOS | CVE-2007-5583 |
| FULLDISC:20071208 Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972] | CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972 |
| FULLDISC:20071210 WordPress Charset SQL injection vulnerability (re-resend) | CVE-2007-6318 |
| FULLDISC:20071212 Fwd: Websense 6.3.1 Filtering Bypass | CVE-2007-6511 |
| FULLDISC:20071214 MailEnable DoS POC | CVE-2007-0955 |
| FULLDISC:20071217 ZDI-07-078: St. Bernard Open File Manager Heap | CVE-2007-6281 |
| FULLDISC:20071218 Appian Enterprise Business Suite 5.6 SP1 is | CVE-2007-6509 |
| FULLDISC:20071219 HP eSupportDiagnostics hpediags.dll Information Disclosure | CVE-2007-6513 |
| FULLDISC:20071219 Yahoo Toolbar YShortcut.dll IsTaggedBM() Buffer Overflow | CVE-2007-6535 |
| FULLDISC:20071220 IBM Domino Web Access Upload Control dwa7w.dll Memory Corruption | CVE-2007-4474 |
| FULLDISC:20071224 Installshield Update Service isusweb.dll Buffer Overflow | CVE-2007-6654 |
| FULLDISC:20071225 AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows | CVE-2007-6699 |
| FULLDISC:20071225 Ho Ho H0-Day - ZyXEL P-330W multiple XSS and XSRF vulnerabilities | CVE-2007-6729 CVE-2007-6730 |
| FULLDISC:20071225 Persits Software XUpload.ocx Buffer Overflow | CVE-2007-6530 |
| FULLDISC:20071227 Re: AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows | CVE-2007-6699 |
| FULLDISC:20071228 FAQMasterFlexPlus multiple vulnerabilities | CVE-2007-6633 CVE-2007-6634 CVE-2007-6635 |
| FULLDISC:20080103 securityvulns.com russian vulnerabilities digest | CVE-2008-0190 CVE-2008-0191 CVE-2008-0192 CVE-2008-0193 CVE-2008-0194 CVE-2008-0195 CVE-2008-0196 CVE-2008-0197 CVE-2008-0198 CVE-2008-0199 CVE-2008-0200 CVE-2008-0201 CVE-2008-0202 CVE-2008-0203 CVE-2008-0204 CVE-2008-0205 CVE-2008-0206 CVE-2008-0207 |
| FULLDISC:20080109 Gateway WebLaunch ActiveX Control Insecure Method | CVE-2008-0220 CVE-2008-0221 |
| FULLDISC:20080110 (( PoC)) ID-Commerce Security Advisory - SLR-2007-001 (( PoC)) | CVE-2008-0281 |
| FULLDISC:20080110 ID-Commerce Security Advisory - SLR-2007-001 | CVE-2008-0281 |
| FULLDISC:20080111 Cross site scripting (XSS) in Moodle 1.8.3 | CVE-2008-0123 |
| FULLDISC:20080111 StreamAudio ChainCast ProxyManager ccpm_0237.dll Buffer Overflow | CVE-2008-0248 |
| FULLDISC:20080113 Hacking The Interwebs | CVE-2008-1654 |
| FULLDISC:20080115 Re: scada/plc gear | CVE-2008-7199 |
| FULLDISC:20080117 Re: Skype videomood XSS | CVE-2008-0454 |
| FULLDISC:20080117 Skype videomood XSS | CVE-2008-0454 |
| FULLDISC:20080120 AXIGEN 5.0.x AXIMilter Format String Exploit | CVE-2008-0434 |
| FULLDISC:20080122 HP Virtual Rooms WebHPVCInstall Control Multiple Buffer Overflows | CVE-2008-0437 |
| FULLDISC:20080122 PHP 5.2.5 cURL safe_mode bypass | CVE-2007-4850 |
| FULLDISC:20080124 Directory Traversal Vulnerability in Aconon Mail | CVE-2008-0464 |
| FULLDISC:20080124 Re: scada/plc gear | CVE-2008-7201 |
| FULLDISC:20080127 phpIP 4.3.2 - Numerous SQL Injection Vulnerablities | CVE-2008-0538 |
| FULLDISC:20080131 Livelink UTF-7 XSS Vulnerability | CVE-2008-0769 |
| FULLDISC:20080131 MySpace Uploader ActiveX Control Buffer Overflow | CVE-2008-0659 |
| FULLDISC:20080203 FaceBook/Aurigma Image/PhotoUploader Buffer Overflow | CVE-2008-0660 |
| FULLDISC:20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability | CVE-2008-0486 |
| FULLDISC:20080204 CORE-2008-0122: MPlayer arbitrary pointer dereference | CVE-2008-0485 |
| FULLDISC:20080206 MyNews 1.6.X HTML/JS Injection Vulnerability | CVE-2008-0723 |
| FULLDISC:20080207 Re: MyNews 1.6.X HTML/JS Injection Vulnerability | CVE-2008-0723 |
| FULLDISC:20080208 Serendipity Freetag-plugin XSS vulnerability | CVE-2008-0751 |
| FULLDISC:20080211 ZDI-08-005: Novell Client NWSPOOL.DLL EnumPrinters Stack Overflow Vulnerability | CVE-2008-0639 |
| FULLDISC:20080213 OpenCA XSRF (CVE-2008-0556) | CVE-2008-0556 |
| FULLDISC:20080214 DOINGSOFT-2008-02-11 - IPDiva VPN SSL Brute force attack | CVE-2008-0915 |
| FULLDISC:20080214 DOINGSOFT-2008-02-11-002 IP Diva VPN SSL many XSS attacks | CVE-2008-0914 |
| FULLDISC:20080221 Cisco and Vocera wireless LAN VoIP devices don't check certificates | CVE-2008-1113 CVE-2008-1114 |
| FULLDISC:20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone | CVE-2008-1113 |
| FULLDISC:20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation | CVE-2008-0923 |
| FULLDISC:20080226 Move Networks Quantum Streaming Player UploadLogs() Buffer Overflow | CVE-2008-1044 |
| FULLDISC:20080226 XSS Vulnerability in AuthentiX | CVE-2008-1174 |
| FULLDISC:20080227 CORE-2008-0130: VLC media player chunk context validation error | CVE-2008-0984 |
| FULLDISC:20080303 Heap overflow in Borland VisiBroker Smart Agent 08.00.00.C1.03 | CVE-2008-7126 CVE-2008-7127 |
| FULLDISC:20080305 Vulnerability in Linux Kiss Server v1.2 | CVE-2008-1206 |
| FULLDISC:20080305 WebCT 4.x Javascript Session Stealer Exploits | CVE-2008-1225 |
| FULLDISC:20080310 Real Networks RealPlayer ActiveX Control Heap Corruption | CVE-2008-1309 |
| FULLDISC:20080311 Advisory: SQL-Injections in Mapbender | CVE-2008-0301 |
| FULLDISC:20080324 ircu/snircd remote crash vulnerability | CVE-2008-1501 |
| FULLDISC:20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities | CVE-2008-6544 |
| FULLDISC:20080328 Smf 1.1.4 Remote File Inclusion Vulnerabilities | CVE-2008-6544 |
| FULLDISC:20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability | CVE-2008-1716 CVE-2008-1717 |
| FULLDISC:20080408 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability | CVE-2008-1716 CVE-2008-1717 |
| FULLDISC:20080408 ZDI-08-020: Microsoft GDI WMF Parsing Heap Overflow Vulnerability | CVE-2008-1083 |
| FULLDISC:20080413 DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2 | CVE-2008-1894 |
| FULLDISC:20080415 gallarific backdoored , vulnerable to xss | CVE-2008-6567 |
| FULLDISC:20080421 Adobe Unchecked Overflow | CVE-2008-1765 |
| FULLDISC:20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387)) | CVE-2008-1385 CVE-2008-1386 |
| FULLDISC:20080424 Lotus expeditor rcplauncher uri handler vulnerability | CVE-2008-1965 |
| FULLDISC:20080430 Akamai Technologies Security Advisory 2008-0001 (Download Manager) | CVE-2007-6339 |
| FULLDISC:20080502 Microsoft Work ActiveX Insecure Method Exploit | CVE-2008-1898 |
| FULLDISC:20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability | CVE-2008-2107 CVE-2008-2108 |
| FULLDISC:20080508 SonicWall e-mail security Host Header XSS Vulnerability | CVE-2008-2162 |
| FULLDISC:20080508 ZYWALL Referer Header XSS Vulnerability | CVE-2008-2167 |
| FULLDISC:20080509 XSS and CSRF vulnerability on cPanel 11 | CVE-2008-2070 CVE-2008-2071 |
| FULLDISC:20080512 [SkyOut/Wired Security] SQL Injection in IDB Micro CMS 3.5 (Login Bypass) | CVE-2008-6614 |
| FULLDISC:20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv. | CVE-2008-2357 |
| FULLDISC:20080604 Akamai Technologies Security Advisory 2008-0001 (Download Manager) | CVE-2008-1770 |
| FULLDISC:20080618 Coming soon : Firefox 3 Release overflow | CVE-2008-2786 |
| FULLDISC:20080618 NULL pointer in the HTTP/XML-RPC service of Crysis 1.21 | CVE-2008-6712 |
| FULLDISC:20080626 Commtouch Anti-Spam Enterprise Gateway Cross Site Scripting (allowing domain credential theft) | CVE-2008-3082 |
| FULLDISC:20080703 DDIVRT-2008-12-ServerView SnmpGetMibValues.exe Buffer Overflow | CVE-2008-3126 |
| FULLDISC:20080704 Panda ActiveScan 2.0 remote code execution | CVE-2008-3155 CVE-2008-3156 |
| FULLDISC:20080705 Panda ActiveScan 2.0 remote code execution | CVE-2008-3155 CVE-2008-3156 |
| FULLDISC:20080709 Trixbox 2.6.1 and below, remote root shell through local file inclusion | CVE-2008-6825 |
| FULLDISC:20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution | CVE-2008-3294 |
| FULLDISC:20080723 Vulnerability Report: EMC Centera Universal Access | CVE-2008-3370 |
| FULLDISC:20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations | CVE-2008-3433 CVE-2008-3434 CVE-2008-3435 CVE-2008-3436 CVE-2008-3437 CVE-2008-3438 CVE-2008-3439 CVE-2008-3440 CVE-2008-3441 CVE-2008-3442 |
| FULLDISC:20080731 Assurent VR - CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow | CVE-2008-3175 |
| FULLDISC:20080731 F-PROT antivirus 6.2.1.4252 infinite loop denial of service via malformed archive | CVE-2008-3447 |
| FULLDISC:20080806 Webex atucfobj Module ActiveX Control Buffer Overflow Vulnerability | CVE-2008-3558 |
| FULLDISC:20080814 SECOBJADV-2008-03: PartyGaming PartyPoker Malicious Update Vulnerability | CVE-2008-3324 |
| FULLDISC:20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory | CVE-2008-5825 CVE-2008-5826 |
| FULLDISC:20080821 DXShopCart V4.30mc search.php XSS | CVE-2008-5119 |
| FULLDISC:20080821 Fujitsu Web-Based Admin View Directory Traversal Vulnerability | CVE-2008-3776 |
| FULLDISC:20080822 ACG-PTP 1.0.6 index.php persistent XSS | CVE-2008-3782 |
| FULLDISC:20080822 Photo Cart 3.9 index.php "search" XSS | CVE-2008-3786 |
| FULLDISC:20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service | CVE-2008-3936 |
| FULLDISC:20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. | CVE-2007-5269 CVE-2007-5438 CVE-2008-1447 CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 CVE-2008-2101 CVE-2008-3691 CVE-2008-3692 CVE-2008-3693 CVE-2008-3694 CVE-2008-3695 CVE-2008-3696 CVE-2008-3697 CVE-2008-3698 CVE-2008-3892 |
| FULLDISC:20080902 DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal | CVE-2008-3939 |
| FULLDISC:20080902 DDIVRT-2008-14 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point Malformed HTTP POST DoS | CVE-2008-6395 |
| FULLDISC:20080905 [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities | CVE-2008-4866 CVE-2008-4867 CVE-2008-4868 CVE-2008-4869 |
| FULLDISC:20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion | CVE-2008-4133 |
| FULLDISC:20080911 Clients format strings in the Unreal engine | CVE-2008-6441 |
| FULLDISC:20080911 Server termination in the Unreal engine 3 | CVE-2008-7015 |
| FULLDISC:20080912 Drupal Answers Module Contains XSS Vulnerability | CVE-2008-6413 |
| FULLDISC:20080916 Failed assertion in the Unreal engine | CVE-2008-7011 |
| FULLDISC:20080918 [IVIZ-08-010] McAfee SafeBoot Device Encryption Plain Text Password Disclosure (v4, Build 4750 and below) | CVE-2008-7020 |
| FULLDISC:20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662 | CVE-2008-3662 |
| FULLDISC:20080924 Drupal Brilliant Gallery module SQL injection vulnerability | CVE-2008-4338 |
| FULLDISC:20080929 WordPress MU < 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability | CVE-2008-4671 |
| FULLDISC:20081001 XSS in Celoxis project management software | CVE-2008-6094 |
| FULLDISC:20081003 IRM Security Advisory: VeriSign Kontiki Delivery Management System (DMS) Cross-Site Scripting Vulnerability | CVE-2008-4393 |
| FULLDISC:20081004 Blue Coat K9 Web Protection V4.0.230 Beta Vulnerability | CVE-2008-4515 |
| FULLDISC:20081004 VMware Emulation Flaw x64 Guest Privilege Escalation (1/2) | CVE-2008-4279 |
| FULLDISC:20081027 MyBB 1.4.2: Multiple Vulnerabilties | CVE-2008-4928 CVE-2008-4929 CVE-2008-4930 |
| FULLDISC:20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow | CVE-2008-5005 |
| FULLDISC:20081106 DDIVRT-2008-17 Orb Directory Traversal | CVE-2008-5645 |
| FULLDISC:20081108 Metrica Service Assurance Multiple Cross Site Scripting | CVE-2008-5043 |
| FULLDISC:20081108 OpenBase SQL multiple vulnerabilities Part Deux | CVE-2006-5851 |
| FULLDISC:20081108 [Full-disclosure] OpenBase SQL multiple vulnerabilities Part Deux | CVE-2006-5852 |
| FULLDISC:20081109 ClamAV get_unicode_name() off-by-one buffer overflow | CVE-2008-5050 |
| FULLDISC:20081113 Netgear WGR614v9 DoS to Admin Interface (internal and external) | CVE-2008-6122 |
| FULLDISC:20081120 NatterChat 1.12 txtUsername and txtRoomName XSS | CVE-2008-7048 |
| FULLDISC:20081121 DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal | CVE-2008-5315 |
| FULLDISC:20081122 [SVRT-04-08] Vulnerability in WireShark 1.0.4 for DoS Attack | CVE-2008-5285 |
| FULLDISC:20081201 [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0 | CVE-2008-7078 |
| FULLDISC:20081203 [SVRT-06-08] MULTI SECURITY VULNERABILITIES IN MVNFORUM | CVE-2008-5400 |
| FULLDISC:20081207 Multiple vulnerabilities in 3CX 6.0.806.0 | CVE-2008-6894 CVE-2008-6895 CVE-2008-6896 |
| FULLDISC:20081208 Breaking Google Gears' Cross-Origin Communication Model | CVE-2008-6512 |
| FULLDISC:20081210 Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite (update to SEC Consult SA-20081209) | CVE-2008-5416 |
| FULLDISC:20081211 Checkpoint Sources plus SPLAT Remote Root Exploit | CVE-2008-5850 |
| FULLDISC:20081221 CVE-2008-5557 - PHP mbstring buffer overflow | CVE-2008-5557 |
| FULLDISC:20090107 Firefox 3.0.5 remote vulnerability via queryCommandState | CVE-2009-0071 |
| FULLDISC:20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState | CVE-2009-0071 |
| FULLDISC:20090115 [TZO-2009-2] Avira Antivir - Priviledge escalation | CVE-2009-2761 |
| FULLDISC:20090126 Solaris Devs Are Smoking Pot | CVE-2009-0304 |
| FULLDISC:20090205 Drupal Link Module XSS Vulnerability | CVE-2009-0603 |
| FULLDISC:20090208 Netgear SSL312 Router - remote DoS | CVE-2009-0680 |
| FULLDISC:20090210 Craft Silicon Banking at Home SQL Injection | CVE-2009-0741 |
| FULLDISC:20090214 FreeBSD zeroday | CVE-2009-0641 |
| FULLDISC:20090222 Libero Cross-Site Scripting Vulnerability - Security Advisory - SOS-09-001 | CVE-2009-0540 |
| FULLDISC:20090223 Magento Multiple Cross-Site Scripting Vulnerabilities - Security Advisory - SOS-09-002 | CVE-2009-0541 |
| FULLDISC:20090227 HTC Touch vCard over IP Denial of Service PoC Code | CVE-2008-6775 |
| FULLDISC:20090310 Assurent VR - IBM Tivoli Storage Manager Express Backup Server Heap Corruption | CVE-2008-4563 |
| FULLDISC:20090312 Apple iTunes DAAP Messages Handling Denial of Service Vulnerability | CVE-2009-0016 |
| FULLDISC:20090319 Pixie CMS Multiple Vulnerabilities | CVE-2009-1066 CVE-2009-1067 |
| FULLDISC:20090319 Secure Computing (McAfee) Smart Filter possible issue | CVE-2009-2312 CVE-2009-2429 |
| FULLDISC:20090330 Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow | CVE-2009-1227 |
| FULLDISC:20090331 Cisco ASA5520 Web VPN Host Header XSS | CVE-2009-1220 |
| FULLDISC:20090402 Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3 | CVE-2009-1262 |
| FULLDISC:20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues | CVE-2008-3761 CVE-2008-4916 CVE-2009-0177 CVE-2009-0518 CVE-2009-0908 CVE-2009-0909 CVE-2009-0910 CVE-2009-1146 CVE-2009-1147 |
| FULLDISC:20090411 [BMSA 2009-04] Remote DoS in Internet Explorer | CVE-2009-1335 |
| FULLDISC:20090416 [follow-up] razorCMS - Multiple Vulnerabilities | CVE-2009-1458 CVE-2009-1459 CVE-2009-1460 CVE-2009-1461 CVE-2009-1462 CVE-2009-1463 |
| FULLDISC:20090416 razorCMS - Multiple Vulnerabilities | CVE-2009-1458 CVE-2009-1459 CVE-2009-1460 CVE-2009-1462 CVE-2009-1463 |
| FULLDISC:20090417 ERNW Security Advisory 01-2009: XSS in Blackberries Mobile Data Service Connection Service | CVE-2009-0307 |
| FULLDISC:20090422 DirectAdmin < 1.33.4 Local file overwrite & Local root escalation | CVE-2009-1525 CVE-2009-1526 |
| FULLDISC:20090424 SumatraPDF <= 0.9.3 Heap Overflow PoC | CVE-2009-1605 |
| FULLDISC:20090428 Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness | CVE-2009-1255 |
| FULLDISC:20090514 eggdrop/windrop remote crash vulnerability | CVE-2009-1789 |
| FULLDISC:20090515 IIS6 + webdav and unicode rides again in 2009 | CVE-2009-1535 |
| FULLDISC:20090515 Re: IIS6 + webdav and unicode rides again in 2009 | CVE-2009-1535 |
| FULLDISC:20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express | CVE-2009-1729 |
| FULLDISC:20090525 Soulseek * P2P Remote Distributed Search Code Execution | CVE-2009-1830 |
| FULLDISC:20090527 [TZO-27-2009] Firefox Denial of Service (Keygen) | CVE-2009-1828 |
| FULLDISC:20090528 Re: [TZO-27-2009] Firefox Denial of Service (Keygen) | CVE-2009-1828 |
| FULLDISC:20090618 Edraw PDF Viewer Component ActiveX Remote code execution vulnerability | CVE-2009-2169 |
| FULLDISC:20090628 Baofeng Media Player playlist stack overflow | CVE-2009-2617 |
| FULLDISC:20090629 Re: Baofeng Media Player playlist stack overflow | CVE-2009-2617 |
| FULLDISC:20090708 MySQL <= 5.0.45 post auth format string vulnerability | CVE-2009-2446 |
| FULLDISC:20090710 'Secure' Wyse thin clients vulnerable to remote exploit bugs | CVE-2009-0693 CVE-2009-0695 |
| FULLDISC:20090721 Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... | CVE-2009-2575 |
| FULLDISC:20090722 Akamai Technologies Security Advisory 2009-0001 (Download Manager) | CVE-2009-2582 |
| FULLDISC:20090727 [DZC-2009-001] The Movie Player and VLC Media Player Real Data Transport parsing integer underflow. | CVE-2010-2062 |
| FULLDISC:20090810 WordPress <= 2.8.3 Remote admin reset password | CVE-2009-2762 |
| FULLDISC:20090811 Sql injection in OCS Inventory NG Server 1.2.1 | CVE-2009-3042 |
| FULLDISC:20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations | CVE-2009-2692 |
| FULLDISC:20090818 Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service | CVE-2009-2966 |
| FULLDISC:20090903 Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE ("Stack Exhaustion") | CVE-2009-2521 |
| FULLDISC:20090907 Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. | CVE-2009-3103 |
| FULLDISC:20090923 nginx - low risk webdav destination bug | CVE-2009-3898 |
| FULLDISC:20090924 Cisco ACE XML Gateway <= 6.0 Internal IP disclosure | CVE-2009-3457 |
| FULLDISC:20090925 Drupal Bibliography 6.x-1.6 XSS Vuln | CVE-2009-3488 |
| FULLDISC:20091022 Everfocus EDR1600 remote authentication bypass | CVE-2009-3828 |
| FULLDISC:20091111 Windows 7 , Server 2008R2 Remote Kernel Crash | CVE-2009-3676 |
| FULLDISC:20091111 WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution | CVE-2009-3890 |
| FULLDISC:20091112 Re: WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution | CVE-2009-3890 |
| FULLDISC:20091117 CORE-2009-0814: HP Openview NNM 7.53 Invalid DB Error Code vulnerability | CVE-2009-3840 CVE-2009-3977 |
| FULLDISC:20091123 Quick.Cart and Quick.CMS CSRF Vulnerabilities | CVE-2009-4120 CVE-2009-4121 |
| FULLDISC:20091125 Cacti 0.8.7e: Multiple security issues | CVE-2009-4112 |
| FULLDISC:20091128 MuPDF pdf_shade4.c multiple stack-based buffer overflows | CVE-2009-4117 |
| FULLDISC:20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System | CVE-2009-4237 CVE-2009-4238 |
| FULLDISC:20091216 VideoCache 1.9.2 vccleaner root vulnerability | CVE-2009-4454 |
| FULLDISC:20091217 [ISecAuditors Security Advisories] Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability | CVE-2009-3701 |
| FULLDISC:20091218 [ISecAuditors Security Advisories] Simple PHP Blog <= 0.5.1 Local File Include vulnerability | CVE-2009-4421 |
| FULLDISC:20091223 XSS in WebMathematica | CVE-2009-4812 CVE-2009-4814 |
| FULLDISC:20100119 Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack | CVE-2010-0232 |
| FULLDISC:20100120 Insufficient User Input Validation in VP-ASP 6.50 Demo Code | CVE-2010-1588 CVE-2010-1589 CVE-2010-1590 |
| FULLDISC:20100122 Silverstripe <= v2.3.4: two XSS vulnerabilities | CVE-2010-1593 |
| FULLDISC:20100125 DDIVRT-2009-27 F2L-3000 files2links SQL Injection Vulnerability | CVE-2010-0469 |
| FULLDISC:20100127 Apple Iphone/Ipod - Serversman 3.1.5 HTTP Remote DoS exploit | CVE-2010-0496 |
| FULLDISC:20100127 Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow. | CVE-2010-0010 |
| FULLDISC:20100128 PR09-19: Cross-Site Scripting (XSS) on CommonSpot server | CVE-2010-0468 |
| FULLDISC:20100204 Re: Samba Remote Zero-Day Exploit | CVE-2010-0926 |
| FULLDISC:20100204 Samba Remote Zero-Day Exploit | CVE-2010-0926 |
| FULLDISC:20100204 Sterlite SAM300AX ADSL router - Cross Site | CVE-2010-0607 |
| FULLDISC:20100205 Re: Samba Remote Zero-Day Exploit | CVE-2010-0926 |
| FULLDISC:20100211 [Onapsis Security Advisory 2010-003] SAP WebDynpro Runtime XSS/CSS Injection | CVE-2010-1609 |
| FULLDISC:20100223 CA20100223-01: Security Notice for CA eHealth Performance Manager | CVE-2010-0640 |
| FULLDISC:20100303 fcrontab Information Disclosure Vulnerability | CVE-2010-0792 |
| FULLDISC:20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass | CVE-2010-0962 |
| FULLDISC:20100305 ncpfs, Multiple Vulnerabilities | CVE-2010-0788 CVE-2010-0790 CVE-2010-0791 |
| FULLDISC:20100307 Spamassassin Milter Plugin Remote Root | CVE-2010-1132 |
| FULLDISC:20100401 Zabbix <= 1.8.1 SQL Injection | CVE-2010-1277 |
| FULLDISC:20100406 [SECURITY] - Jzip (.zip) Unicode bof Vulnerability | CVE-2010-5300 |
| FULLDISC:20100409 Java Deployment Toolkit Performs Insufficient Validation of Parameters | CVE-2010-1423 |
| FULLDISC:20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues | CVE-2009-1564 CVE-2009-1565 CVE-2009-2042 CVE-2009-3707 CVE-2009-3732 CVE-2009-4811 CVE-2010-1138 CVE-2010-1139 CVE-2010-1140 CVE-2010-1141 CVE-2010-1142 |
| FULLDISC:20100419 [CORELAN-10-026] TweakFS Zip Stack BOF | CVE-2010-1458 |
| FULLDISC:20100422 Apache ActiveMQ is prone to source code disclosure vulnerability. | CVE-2010-1587 |
| FULLDISC:20100427 Fun with FORTIFY_SOURCE | CVE-2010-3192 |
| FULLDISC:20100504 [CORE-2010-0427] Windows SMTP Service DNS query Id vulnerabilities | CVE-2010-1689 CVE-2010-1690 |
| FULLDISC:20100505 KHOBE - 8.0 earthquake for Windows desktop security software | CVE-2010-5150 CVE-2010-5151 CVE-2010-5152 CVE-2010-5153 CVE-2010-5154 CVE-2010-5155 CVE-2010-5156 CVE-2010-5157 CVE-2010-5158 CVE-2010-5159 CVE-2010-5160 CVE-2010-5161 CVE-2010-5162 CVE-2010-5163 CVE-2010-5164 CVE-2010-5165 CVE-2010-5166 CVE-2010-5167 CVE-2010-5168 CVE-2010-5169 CVE-2010-5170 CVE-2010-5171 CVE-2010-5172 CVE-2010-5173 CVE-2010-5174 CVE-2010-5175 CVE-2010-5176 CVE-2010-5177 CVE-2010-5178 CVE-2010-5179 CVE-2010-5180 CVE-2010-5181 CVE-2010-5182 CVE-2010-5183 CVE-2010-5184 |
| FULLDISC:20100511 [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability | CVE-2010-1282 |
| FULLDISC:20100511 [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability | CVE-2010-0129 |
| FULLDISC:20100511 [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite | CVE-2010-1280 |
| FULLDISC:20100512 Drupal storm 1.32 | CVE-2010-2123 |
| FULLDISC:20100514 Mathematica on Linux /tmp/MathLink vulnerability | CVE-2010-2027 |
| FULLDISC:20100520 Drupal Chaos Tools Suite (Ctools) Module Multiple Vulns | CVE-2010-1546 CVE-2010-1547 CVE-2010-1548 |
| FULLDISC:20100524 Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities | CVE-2010-2025 CVE-2010-2026 CVE-2010-2082 |
| FULLDISC:20100529 Websense Enterprise 6.3.3 Policy Bypass | CVE-2010-5144 |
| FULLDISC:20100602 Wing FTP Server - Cross Site Scripting Vulnerability | CVE-2010-2428 |
| FULLDISC:20100603 Multiple vulnerabilities in Exim | CVE-2010-2023 CVE-2010-2024 |
| FULLDISC:20100603 RSA Key Manager SQL injection Vulnerability ( CVE-2010-1904 ) | CVE-2010-1904 |
| FULLDISC:20100607 Re: Wing FTP Server - Cross Site Scripting Vulnerability | CVE-2010-2428 |
| FULLDISC:20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly | CVE-2010-1885 CVE-2010-2265 |
| FULLDISC:20100612 Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site | CVE-2010-2075 |
| FULLDISC:20100612 Re: Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site | CVE-2010-2075 |
| FULLDISC:20100613 Litespeed Technologies Web Server Remote Poison null byte Zero-Day | CVE-2010-2333 |
| FULLDISC:20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass | CVE-2010-2347 |
| FULLDISC:20100629 Miyabi CGI Tools index.pl command execution | CVE-2010-2626 |
| FULLDISC:20100629 Re: Miyabi CGI Tools index.pl command execution | CVE-2010-2626 |
| FULLDISC:20100630 MSRC-001: Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability | CVE-2010-2549 |
| FULLDISC:20100701 DDIVRT-2010-29 ALPHA Ethernet Adapter II Web-Manager 3.40.2 Authentication Bypass | CVE-2010-2668 |
| FULLDISC:20100713 CVE-2010-1870: Struts2 remote commands execution | CVE-2010-1870 |
| FULLDISC:20100718 --== ~ AIX5l w/ FTP-SERVER REMOTE ROOT HASH DISCLOSURE EXPLOIT ~ =-- | CVE-2010-3187 |
| FULLDISC:20100722 Re: --== ~ AIX5l w/ FTP-SERVER REMOTE ROOT HASH DISCLOSURE EXPLOIT ~ =-- | CVE-2010-3187 |
| FULLDISC:20100723 Advanced AIX 5l FTPd Exploit | CVE-2010-3187 |
| FULLDISC:20100723 Advanced AIX 5l FTPd Exploit V2.0 | CVE-2010-3187 |
| FULLDISC:20100802 TWSL2010-003: Unauthorized access to root NFS export on EMC Celerra NAS appliance | CVE-2010-2860 |
| FULLDISC:20100804 Heap Offset Overflow in Citrix ICA Clients | CVE-2010-2990 |
| FULLDISC:20100814 IE8 toStaticHtml Bypass | CVE-2010-3324 |
| FULLDISC:20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities | CVE-2010-5063 CVE-2010-5064 CVE-2010-5065 CVE-2010-5066 CVE-2010-5067 CVE-2010-5279 |
| FULLDISC:20100826 CAD 2D-3D Pipe designing software Microstation, Nero, Quicktime Pictureviwer vulnerable to DLL hijack attack | CVE-2010-5230 |
| FULLDISC:20100828 QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll) | CVE-2010-5247 |
| FULLDISC:20100912 UltraEdit Text Editor version 16.10.0.1036 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) | CVE-2010-3402 |
| FULLDISC:20100922 OpenText LiveLink 9.7.1 multiple vulnerabilities (CSRF, XSS) | CVE-2010-5282 CVE-2010-5283 |
| FULLDISC:20101031 'WSN Links' SQL Injection Vulnerability (CVE-2010-4006) | CVE-2010-4006 |
| FULLDISC:20101031 Joomla 1.5.21 | Potential SQL Injection Flaws | CVE-2010-4166 |
| FULLDISC:20101102 CVE-2010-3863: Apache Shiro information disclosure vulnerability | CVE-2010-3863 |
| FULLDISC:20101103 [0dayz] Acrobat Reader Memory Corruption Remote Arbitrary Code Execution | CVE-2010-4091 |
| FULLDISC:20101105 nSense-2010-003: Cisco Unified Communications Manager | CVE-2010-3039 |
| FULLDISC:20101106 pfsense xss issues. | CVE-2010-4246 CVE-2010-4412 |
| FULLDISC:20101107 ASPilot Pilot Cart 7.3 multiple vulnerabilities | CVE-2010-4631 CVE-2010-4632 |
| FULLDISC:20101107 ZDI-10-230: Novell ZENworks Handheld Management ZfHIPCND.exe Remote Code Execution Vulnerability | CVE-2010-4299 |
| FULLDISC:20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038 | CVE-2010-3037 CVE-2010-3038 CVE-2010-4302 CVE-2010-4303 CVE-2010-4304 CVE-2010-4305 |
| FULLDISC:20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities | CVE-2010-4278 CVE-2010-4279 CVE-2010-4280 CVE-2010-4281 CVE-2010-4282 CVE-2010-4283 |
| FULLDISC:20101208 IE CSS parser dos bug | CVE-2010-3971 |
| FULLDISC:20101210 PHP 5.3.3 GD extension imagepstext stack buffer overflow | CVE-2010-4698 |
| FULLDISC:20101213 hidden admin user on every HP MSA2000 G3 | CVE-2010-4115 |
| FULLDISC:20101214 xss in PmWiki | CVE-2010-4748 |
| FULLDISC:20101227 LiveZilla Cross Site Scripting Vulnerability (XSS) - CVE-2010-4276 | CVE-2010-4276 |
| FULLDISC:20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more | CVE-2011-0346 CVE-2011-0347 |
| FULLDISC:20110106 RoomWizard Default Password and Sync Connector Credential Leak [CVE-2010-0214] | CVE-2010-0214 CVE-2011-0423 |
| FULLDISC:20110107 GNU libc/regcomp(3) Multiple Vulnerabilities | CVE-2010-4051 CVE-2010-4052 |
| FULLDISC:20110108 NetSupport Manager Agent Remote Buffer Overflow (Linux, Solaris, Mac, ...) | CVE-2011-0404 |
| FULLDISC:20110128 Vulnerabilities in Adobe ColdFusion | CVE-2011-0733 CVE-2011-0734 CVE-2011-0735 CVE-2011-0736 CVE-2011-0737 |
| FULLDISC:20110211 [SECURITY] CVE-2010-3449: Apache Continuum CSRF vulnerability | CVE-2010-3449 |
| FULLDISC:20110211 [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability | CVE-2011-0533 |
| FULLDISC:20110214 MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow | CVE-2011-0654 |
| FULLDISC:20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification | CVE-2011-1428 |
| FULLDISC:20110228 BackWPup Wordpress plugin <= 1.4.0 File content disclosure | CVE-2011-5208 |
| FULLDISC:20110228 FreeBSD crontab information leakage | CVE-2011-1073 CVE-2011-1074 |
| FULLDISC:20110301 DDIVRT-2010-30 Alcatel-Lucent OmniVista 4760 NMS 'lang' Directory Traversal Vulnerability [ CVE-2011-0345 ] | CVE-2011-0345 |
| FULLDISC:20110308 Mutt: failure to check server certificate in SMTP TLS connection | CVE-2011-1429 |
| FULLDISC:20110317 Recaptcha Word Press Plugin Cross Site Scripting Vulnerability - CVE-2011-0759 | CVE-2011-0759 |
| FULLDISC:20110317 Related Posts Word Press Plugin Cross Site Scripting Vulnerability - CVE-2011-0760 | CVE-2011-0760 |
| FULLDISC:20110328 Android SDK: Segmentation fault with dexdump / dexDecodeDebugInfo | CVE-2011-1001 |
| FULLDISC:20110328 Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 | CVE-2011-4342 |
| FULLDISC:20110401 BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload | CVE-2011-1547 |
| FULLDISC:20110405 ICMPv6 Router Announcement flooding denial of service affecting multiple systems | CVE-2011-2393 |
| FULLDISC:20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection | CVE-2010-4562 CVE-2010-4563 |
| FULLDISC:20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability | CVE-2011-1604 CVE-2011-1605 CVE-2011-1606 CVE-2011-1607 CVE-2011-1609 CVE-2011-1610 |
| FULLDISC:20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006 | CVE-2011-0959 CVE-2011-0960 CVE-2011-0961 CVE-2011-0962 CVE-2011-0966 |
| FULLDISC:20110523 Bypassing Cisco's ICMPv6 Router Advertisement Guard feature | CVE-2011-2395 |
| FULLDISC:20110531 [CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities | CVE-2011-1026 |
| FULLDISC:20110531 [CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities | CVE-2011-1077 |
| FULLDISC:20110728 Two security issues fixed in ioQuake3 engine | CVE-2011-1412 CVE-2011-2764 CVE-2011-3012 |
| FULLDISC:20110801 Useless OpenSSH resources exhausion bug via GSSAPI | CVE-2011-5000 |
| FULLDISC:20110802 Android Browser Cross-Application Scripting (CVE-2011-2357) | CVE-2011-2357 |
| FULLDISC:20110811 CVE-2011-0527: VMware vFabric tc Server password obfuscation bypass | CVE-2011-0527 |
| FULLDISC:20110820 Apache Killer | CVE-2011-3192 |
| FULLDISC:20110824 Re: Apache Killer | CVE-2011-3192 |
| FULLDISC:20110916 PunBB PHP Forum - Multiple XSS | CVE-2011-3371 |
| FULLDISC:20110918 Re: PunBB PHP Forum - Multiple XSS | CVE-2011-3371 |
| FULLDISC:20110922 Re: PunBB PHP Forum - Multiple XSS | CVE-2011-3371 |
| FULLDISC:20110926 [CVE-2011-3645] Multiple vulnerability in "Omnidocs" | CVE-2011-3645 |
| FULLDISC:20111004 vTiger CRM 5.2.x <= Multiple Cross Site Scripting Vulnerabilities | CVE-2011-4670 |
| FULLDISC:20111005 Apache HTTP Server: mod_proxy reverse proxy exposure (CVE-2011-3368) | CVE-2011-3368 |
| FULLDISC:20111005 Context IS Advisory - Apache Reverse Proxy Bypass Vulnerability | CVE-2011-3368 |
| FULLDISC:20111005 vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability | CVE-2011-4559 |
| FULLDISC:20111005 vTiger CRM 5.2.x <= Remote Code Execution Vulnerability | CVE-2007-3215 |
| FULLDISC:20111102 Integer Overflow in Apache ap_pregsub via mod-setenvif | CVE-2011-3607 |
| FULLDISC:20111109 osCSS2 "_ID" parameter Local file inclusion | CVE-2011-4713 |
| FULLDISC:20111110 XSS vulnerability in Joomla 1.6.3 | CVE-2011-4332 |
| FULLDISC:20111110 [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities | CVE-2011-5178 |
| FULLDISC:20111118 Blogs manager <= 1.101 SQL Injection Vulnerability | CVE-2011-5110 |
| FULLDISC:20111118 Freelancer calendar <= 1.01 SQL Injection Vulnerability | CVE-2011-5109 |
| FULLDISC:20111119 Valid tiny-erp <= 1.6 SQL Injection Vulnerability | CVE-2011-4672 |
| FULLDISC:20111130 Serv-U Remote | CVE-2011-4800 |
| FULLDISC:20111206 Backdoor in EPractize Labs Online Subscription Manager from epractizelabs.com | CVE-2011-5136 |
| FULLDISC:20111218 Novell Sentinel Log Manager <=1.2.0.1 Path Traversal | CVE-2011-5028 |
| FULLDISC:20111229 Akiva Webboard 8.x SQL Injection + Plaintext Passwords. | CVE-2011-5203 CVE-2011-5204 |
| FULLDISC:20120103 SQL Injection Vulnerability in OpenEMR 4.1.0 | CVE-2012-2115 |
| FULLDISC:20120107 OP5 Monitor - Multiple Vulnerabilities | CVE-2012-0261 CVE-2012-0262 CVE-2012-0263 CVE-2012-0264 |
| FULLDISC:20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785) | CVE-2011-4785 |
| FULLDISC:20120116 Zimbra Desktop v7.1.2 - Persistent Software Vulnerability | CVE-2012-0903 |
| FULLDISC:20120119 Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow | CVE-2012-0807 |
| FULLDISC:20120120 Snitz Communications 2010/11 - SQL Injection Vulnerability | CVE-2012-5313 |
| FULLDISC:20120125 NX Web Companion Spoofing Arbitrary Code Execution Vulnerability | CVE-2012-5003 |
| FULLDISC:20120205 NexorONE Online Banking - Multiple Cross Site Vulnerabilities | CVE-2012-1020 |
| FULLDISC:20120210 CVE-2012-1037: GLPI <= 0.80.61 LFI/RFI | CVE-2012-1037 |
| FULLDISC:20120210 Zen-Cart Admin CSRF/XSRF - Delete / Disable Products | UPS-2011-0018 | CVE-2011-4403 | CVE-2011-4403 |
| FULLDISC:20120224 TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform | CVE-2012-1262 |
| FULLDISC:20120301 lashFXP v4.1.8.1701 - Buffer Overflow Vulnerability | CVE-2012-4992 |
| FULLDISC:20120320 FreePBX remote command execution, xss | CVE-2012-4869 CVE-2012-4870 |
| FULLDISC:20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour | CVE-2012-1576 |
| FULLDISC:20120322 'phpMoneyBooks' Local File Inclusion (CVE-2012-1669) | CVE-2012-1669 |
| FULLDISC:20120322 [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256 | CVE-2012-0256 |
| FULLDISC:20120328 SEC Consult SA-20120328-0 :: F5 FirePass SSL VPN unauthenticated remote root through SQL injection - CVE-2012-1777 | CVE-2012-1777 |
| FULLDISC:20120401 FW: iis bug | CVE-2011-5279 |
| FULLDISC:20120402 Re: iis bug | CVE-2011-5279 |
| FULLDISC:20120405 [CVE-2012-1574] Apache Hadoop user impersonation vulnerability | CVE-2012-1574 |
| FULLDISC:20120415 [CVE-2012-1621] Apache OFBiz information disclosure vulnerability | CVE-2012-1621 |
| FULLDISC:20120418 The history of a -probably- 13 years old Oracle bug: TNS Poison | CVE-2012-1675 |
| FULLDISC:20120419 incorrect integer conversions in OpenSSL can result in memory corruption. | CVE-2012-2110 |
| FULLDISC:20120423 RuggedCom - Backdoor Accounts in my SCADA network? You don't say... | CVE-2012-1803 CVE-2012-2441 |
| FULLDISC:20120428 Oracle TNS Poison vulnerability is actually a 0day with no patch available | CVE-2012-1675 |
| FULLDISC:20120503 Advisory: Android SQLite Journal Information Disclosure (CVE-2011-3901) | CVE-2011-3901 |
| FULLDISC:20120516 JW player xss security flaw | CVE-2012-2904 |
| FULLDISC:20120522 session stealing in mod_auth_openid - CVE-2012-2760 | CVE-2012-2760 |
| FULLDISC:20120610 [CVE-2012-3238] Astaro Security Gateway <= v8.304 Persistent Cross-Site Scripting Vulnerability | CVE-2012-3238 |
| FULLDISC:20120612 Strange gpg key shadowing | CVE-2012-0954 CVE-2012-3587 |
| FULLDISC:20120614 Using second gpg keyring may be misleading? | CVE-2012-0954 |
| FULLDISC:20120615 ubuntu apt-key (part 3) | CVE-2012-0954 |
| FULLDISC:20120624 CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability | CVE-2012-2380 |
| FULLDISC:20120624 CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability | CVE-2012-2381 |
| FULLDISC:20120726 Transmission BitTorrent XSS Vulnerability | CVE-2012-4037 |
| FULLDISC:20120729 Re: AxMan ActiveX fuzzing <== Memory Corruption PoC | CVE-2012-4177 |
| FULLDISC:20120801 nvidia linux binary driver priv escalation exploit | CVE-2012-4225 |
| FULLDISC:20120804 nvidia linux binary driver priv escalation exploit | CVE-2012-4225 |
| FULLDISC:20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick | CVE-2012-3483 CVE-2012-3484 CVE-2012-3485 CVE-2012-3486 CVE-2012-3487 CVE-2012-4676 |
| FULLDISC:20120823 foxit reader 5.3.1(dwmapi.dll) DLL Hijacking Exploit | CVE-2012-4759 |
| FULLDISC:20120906 Authentication flaw in APS-Soft DTE Axiom (CVE-2012-2455) | CVE-2012-2455 |
| FULLDISC:20120921 DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419) | CVE-2012-0419 |
| FULLDISC:20121001 BF, XSS, CSRF and Redirector vulnerabilities in IBM Lotus Notes Traveler | CVE-2012-4824 CVE-2012-4825 CVE-2012-5307 CVE-2012-5308 CVE-2012-5309 |
| FULLDISC:20121003 Novell Sentinel Log Manager <= 1.2.0.2 retention policy vulnerability | CVE-2012-6534 |
| FULLDISC:20121003 XnView JLS File Decompression Heap Overflow | CVE-2012-4988 |
| FULLDISC:20121022 [ANNOUNCE] Apache OFBiz 10.04.03 released | CVE-2012-3506 |
| FULLDISC:20121026 Realplayer Watchfolders Long Filepath Overflow | CVE-2012-4987 |
| FULLDISC:20121201 FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique) | CVE-2012-6067 |
| FULLDISC:20121201 FreeSSHD Remote Authentication Bypass Zeroday Exploit | CVE-2012-6066 |
| FULLDISC:20121201 MySQL (Linux) Database Privilege Elevation Zeroday Exploit | CVE-2012-5613 |
| FULLDISC:20121201 MySQL (Linux) Heap Based Overrun PoC Zeroday | CVE-2012-5612 |
| FULLDISC:20121201 MySQL (Linux) Stack based buffer overrun PoC Zeroday | CVE-2012-5611 |
| FULLDISC:20121201 MySQL Denial of Service Zeroday PoC | CVE-2012-5614 |
| FULLDISC:20121201 SSH.com Communications SSH Tectia Authentication Bypass Remote Zeroday Exploit | CVE-2012-5975 |
| FULLDISC:20121203 Re: SSH.com Communications SSH Tectia Authentication Bypass Remote Zeroday Exploit (king cope) | CVE-2012-5975 |
| FULLDISC:20121207 TP-LINK TL-WR841N XSS (Cross Site Scripting) | CVE-2012-6316 |
| FULLDISC:20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability | CVE-2012-5616 |
| FULLDISC:20130114 CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows | CVE-2012-5641 |
| FULLDISC:20130114 Updated - CA20121018-01: Security Notice for CA ARCserve Backup | CVE-2012-2971 CVE-2012-2972 |
| FULLDISC:20130116 [Security-news] SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities | CVE-2013-0244 CVE-2013-0245 CVE-2013-0246 |
| FULLDISC:20130118 [CVE-2013-0177] Cross-Site Scripting (XSS) Vulnerability in Apache OFBiz | CVE-2013-0177 |
| FULLDISC:20130118 [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable | CVE-2013-0431 CVE-2013-1490 |
| FULLDISC:20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable | CVE-2013-0431 CVE-2013-1490 |
| FULLDISC:20130123 CVE-2013-0805 | CVE-2013-0805 |
| FULLDISC:20130123 CVE-2013-1393 | CVE-2013-1393 |
| FULLDISC:20130123 [Security-news] SA-CONTRIB-2013-008 - CurvyCorners - Cross Site Scripting (XSS) - module unsupported | CVE-2013-1393 |
| FULLDISC:20130127 [SE-2012-01] An issue with new Java SE 7 security features | CVE-2013-1489 |
| FULLDISC:20130129 XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") | CVE-2013-0234 |
| FULLDISC:20130205 Re: [SE-2012-01] Details of issues fixed by Feb 2013 Java SE CPU | CVE-2013-1537 |
| FULLDISC:20130218 XSS vulnerabilities in ZeroClipboard | CVE-2012-6550 |
| FULLDISC:20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05 | CVE-2013-1803 CVE-2013-1804 CVE-2013-1806 CVE-2013-1807 CVE-2013-7375 |
| FULLDISC:20130301 CVE-2013-1413 | CVE-2013-1413 |
| FULLDISC:20130301 Oracle Auto Service Request /tmp file clobbering vulnerability | CVE-2013-1495 |
| FULLDISC:20130305 Apache Subversion mod_dav_svn DoS via MKACTIVITY/PROPFIND | CVE-2013-1849 |
| FULLDISC:20130306 OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability | CVE-2013-2561 |
| FULLDISC:20130310 CS and XSS vulnerabilities in SWFUpload | CVE-2012-2399 |
| FULLDISC:20130311 XSS Vulnerability in TinyMCE | CVE-2012-4230 |
| FULLDISC:20130312 Curl Ruby Gem Remote command execution | CVE-2013-2617 |
| FULLDISC:20130312 MiniMagic ruby gem remote code execution | CVE-2013-2616 |
| FULLDISC:20130312 Ruby gem fastreader-1.0.8 remote code exec | CVE-2013-2615 |
| FULLDISC:20130313 [Security-news] SA-CONTRIB-2013-034 - Node Parameter Control - Access Bypass | CVE-2013-1859 |
| FULLDISC:20130318 Remote command execution in Ruby Gem Command Wrap | CVE-2013-1875 |
| FULLDISC:20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS) | CVE-2013-1887 |
| FULLDISC:20130323 Backupbuddy wordpress plugin - sensitive data exposure in importbuddy.php | CVE-2013-2741 CVE-2013-2742 CVE-2013-2743 CVE-2013-2744 |
| FULLDISC:20130326 Ruby gem Thumbshooter 0.1.5 remote command execution | CVE-2013-1898 |
| FULLDISC:20130327 [Security-news] SA-CONTRIB-2013-036 - Zero Point - Cross Site Scripting (XSS) | CVE-2013-1905 |
| FULLDISC:20130327 [Security-news] SA-CONTRIB-2013-038 - Commons Groups - Access bypass & Privilege escalation | CVE-2013-1907 |
| FULLDISC:20130327 [Security-news] SA-CONTRIB-2013-039 - Commons Wikis - Access bypass & Privilege escalation | CVE-2013-1908 |
| FULLDISC:20130331 WP FuneralPress - Stored XSS in Guestbook | CVE-2013-3529 |
| FULLDISC:20130401 Aspen 0.8 - Directory Traversal | CVE-2013-2619 |
| FULLDISC:20130401 Network Weathermap 0.97a - Persistent XSS | CVE-2013-2618 |
| FULLDISC:20130403 [Security-news] SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass | CVE-2013-1925 |
| FULLDISC:20130407 Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user & dump usertable | CVE-2013-3527 |
| FULLDISC:20130409 [waraxe-2013-SA#102] - Reflected XSS in phpMyAdmin 3.5.7 | CVE-2013-1937 |
| FULLDISC:20130417 [Security-news] SA-CONTRIB-2013-044 - elFinder file manager - Cross Site Request Forgery (CSRF) | CVE-2013-1972 |
| FULLDISC:20130418 Fwd: CVE-2013-2504 : Matrix42 Service Desk XSS | CVE-2013-2504 |
| FULLDISC:20130424 hornbill supportworks SQL injection | CVE-2013-2594 |
| FULLDISC:20130427 WPS Office Wpsio.dll Stack Buffer Overflow Vulnerability | CVE-2012-4886 |
| FULLDISC:20130501 Forticlient VPN client credential interception vulnerability | CVE-2013-4669 |
| FULLDISC:20130501 n.runs-SA-2013.005 - IBM Lotus Notes - arbitrary code execution | CVE-2013-0127 |
| FULLDISC:20130517 Re: exploitation ideas under memory pressure | CVE-2013-3660 CVE-2013-3661 |
| FULLDISC:20130517 exploitation ideas under memory pressure | CVE-2013-3660 |
| FULLDISC:20130525 CVE-2013-3666 - LG Optimus G command injection (as system user) vulnerability | CVE-2013-3666 |
| FULLDISC:20130528 CORE-2013-0322 - MayGion IP Cameras multiple vulnerabilities | CVE-2013-1604 CVE-2013-1605 |
| FULLDISC:20130529 [Security-news] SA-CONTRIB-2013-048 - Edit Limit - Access Bypass | CVE-2013-2122 |
| FULLDISC:20130603 Re: exploitation ideas under memory pressure | CVE-2013-3660 CVE-2013-3661 |
| FULLDISC:20130605 Plesk Apache Zeroday Remote Exploit | CVE-2013-4878 |
| FULLDISC:20130605 [Security-news] SA-CONTRIB-2013-051 - Services - Cross site request forgery (CSRF) | CVE-2013-2158 |
| FULLDISC:20130611 [CVE-2013-3961] iSQL in php-agenda <= 2.2.8 | CVE-2013-3961 |
| FULLDISC:20130612 Security Analysis of IP video surveillance cameras | CVE-2013-3539 CVE-2013-3540 CVE-2013-3541 CVE-2013-3543 CVE-2013-3686 CVE-2013-3687 CVE-2013-3688 CVE-2013-3689 CVE-2013-3690 CVE-2013-3962 CVE-2013-3963 CVE-2013-3964 |
| FULLDISC:20130612 [CVE-2013-1768] Apache OpenJPA security vulnerability | CVE-2013-1768 |
| FULLDISC:20130612 [Security-news] SA-CONTRIB-2013-052 - Display Suite - Cross Site Scripting (XSS) | CVE-2013-2177 |
| FULLDISC:20130617 CVE-2013-2153: Apache Santuario C++ signature bypass vulnerability | CVE-2013-2153 |
| FULLDISC:20130617 CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability | CVE-2013-2154 |
| FULLDISC:20130617 CVE-2013-2155: Apache Santuario C++ denial of service vulnerability | CVE-2013-2155 |
| FULLDISC:20130617 Re: CVE-2013-2156: Apache Santuario C++ heap overflow vulnerability | CVE-2013-2156 |
| FULLDISC:20130618 Canon Wireless Printer Disclosure & DoS | CVE-2013-4613 CVE-2013-4614 CVE-2013-4615 |
| FULLDISC:20130626 [Security-news] SA-CONTRIB-2012-136 - Apache Solr Search Autocomplete - Cross Site Scripting (XSS) | CVE-2012-6573 |
| FULLDISC:20130701 [CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows | CVE-2013-4694 |
| FULLDISC:20130710 Re: VLC media player MKV Parsing POC | CVE-2013-3245 |
| FULLDISC:20130710 VLC media player MKV Parsing POC | CVE-2013-3245 |
| FULLDISC:20130710 [Security-news] SA-CONTRIB-2013-057 - TinyBox - Cross Site Scripting (XSS) | CVE-2013-4140 |
| FULLDISC:20130711 XSS Vulnerabilities in MintBoard | CVE-2013-4951 |
| FULLDISC:20130711 XSS and SQL Injection Vulnerabilities in MiniBB | CVE-2008-2066 CVE-2008-2067 CVE-2013-5020 |
| FULLDISC:20130716 Multiple vulnerabilities in Googlemaps plugin for Joomla | CVE-2013-7428 CVE-2013-7429 |
| FULLDISC:20130724 [Security-news] SA-CONTRIB-2013-060 - Scald - Cross Site Scripting (XSS) | CVE-2013-4174 CVE-2013-5315 |
| FULLDISC:20130801 TWSL2013-020: Hard-Coded Bluetooth PIN Vulnerability in LIXIL Satis Toilet | CVE-2013-4866 |
| FULLDISC:20130806 TWSL2013-024: Cross Site Scripting (XSS) vulnerability in McAfee Superscan 4.0 | CVE-2013-4884 |
| FULLDISC:20130808 [RCA-201308-01] HMS Testimonials 2.0.10 WP plugin - Multiple vulnerabilities | CVE-2013-4240 |
| FULLDISC:20130809 Update [RCA-201309-01] HMS Testimonials 2.0.10 WP plugin - Multiple vulnerabilities | CVE-2013-4240 |
| FULLDISC:20130823 CVE-2013-2192: Apache Hadoop Man in the Middle Vulnerability | CVE-2013-2192 |
| FULLDISC:20130823 CVE-2013-2193: Apache HBase Man in the Middle Vulnerability | CVE-2013-2193 |
| FULLDISC:20130828 CORE-2013-0726 - AVTECH DVR multiple vulnerabilities | CVE-2013-4980 CVE-2013-4981 |
| FULLDISC:20130828 [Security-news] SA-CONTRIB-2013-071 - Flag - Cross Site Scripting | CVE-2013-5964 |
| FULLDISC:20130901 IndiaNIC Testimonial WP plugin - Multiple vulnerabilities | CVE-2013-5672 CVE-2013-5673 |
| FULLDISC:20130902 DotNetNuke (DNNArticle Module) SQL Injection Vulnerability | CVE-2013-5117 |
| FULLDISC:20130902 list of vulnerabilities discovered by realpentesting | CVE-2013-5660 |
| FULLDISC:20130903 Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem | CVE-2013-5671 |
| FULLDISC:20130908 [CVE-2013-5701] Watchguard Server Center v11.7.4 wgpr.dll Insecure Library Loading Local Privilege Escalation Vulnerability | CVE-2013-5701 |
| FULLDISC:20130911 [Security-news] SA-CONTRIB-2013-075 - Click2Sell - Multiple Vulnerabilities (XSS and CSRF) | CVE-2013-5937 CVE-2013-5938 |
| FULLDISC:20130925 CVE-2013-5572 | CVE-2013-5572 |
| FULLDISC:20131016 [Security-news] SA-CONTRIB-2013-080 - Simplenews - Cross Site Scripting (XSS) | CVE-2013-4447 |
| FULLDISC:20131023 [CVE-2013-5939]PHPCMS guestbook module Stored XSS Vulnerability | CVE-2013-5939 |
| FULLDISC:20131024 CA20131024-01: Security Notice for CA SiteMinder | CVE-2013-5968 |
| FULLDISC:20131028 [Wooyun]Apache Struts2 showcase multiple XSS | CVE-2013-6348 |
| FULLDISC:20131101 [CVE-2013-5726] - Tweetbot for iOS and Mac user disclosure/privacy issue | CVE-2013-5726 |
| FULLDISC:20131102 XXE Injection in Spring Framework | CVE-2013-4152 CVE-2013-7315 |
| FULLDISC:20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in "Project'Or RIA" | CVE-2013-6163 |
| FULLDISC:20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in "Project'Or RIA" allow arbitrary access to the database and the file system | CVE-2013-6164 |
| FULLDISC:20131107 FOSCAM Wireless IP Camera - SSID Cross Site Scripting | CVE-2013-5215 |
| FULLDISC:20131110 D-Link Router 2760N (DSL-2760U-BN) Multiple XSS | CVE-2013-5223 |
| FULLDISC:20131112 bugs in IJG jpeg6b & libjpeg-turbo | CVE-2013-6629 CVE-2013-6630 |
| FULLDISC:20131115 CVE-2013-5966 - XSS in ZK Framework | CVE-2013-5966 |
| FULLDISC:20131115 XADV-2013005 FreeBSD 10 <= nand Driver IOCTL Kernel Memory Leak Bug | CVE-2013-6832 |
| FULLDISC:20131115 XADV-2013006 FreeBSD <= 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs | CVE-2013-6833 CVE-2013-6834 |
| FULLDISC:20131119 pineapp mailsecure no authenticated privilege escalation & remote execution code | CVE-2013-6830 CVE-2013-6831 |
| FULLDISC:20131119 pineapp mailsecure pwnage | CVE-2013-6827 CVE-2013-6828 CVE-2013-6829 |
| FULLDISC:20131127 CVE-2013-6271 Remove Android Device Lock by rouge app | CVE-2013-6271 |
| FULLDISC:20131128 CVE-2013-6223: Local Password Disclosure in Livezilla prior version 5.1.1.0 | CVE-2013-6223 |
| FULLDISC:20131128 CVE-2013-6224: XSS in Livezilla prior version 5.1.1.0 | CVE-2013-6224 |
| FULLDISC:20131203 McAfee Email Gateway multiple vulns | CVE-2013-7092 CVE-2013-7103 CVE-2013-7104 |
| FULLDISC:20131203 Tftpd32 Client Side Format String Vulnerability | CVE-2013-6809 |
| FULLDISC:20131203 [CVE-2013-6237] ISL Light - Desktop 3.5.4, Clipboard security issue | CVE-2013-6237 |
| FULLDISC:20131205 Reflected XSS Attacks XSS vulnerabilities in NagiosQL 3.2.0 Servicepack 2 (CVE: CVE-2013-6039) | CVE-2013-6039 |
| FULLDISC:20131205 Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability | CVE-2013-7025 |
| FULLDISC:20131206 [CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin | CVE-2013-5676 |
| FULLDISC:20131206 [CVE-2013-6985]SQL Injection Vulnerability In Enorth Webpublisher CMS | CVE-2013-6985 |
| FULLDISC:20131206 [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application | CVE-2013-6986 |
| FULLDISC:20131210 CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability | CVE-2013-4988 |
| FULLDISC:20131212 Ditto Forensic FieldStation, multiple vulnerabilities | CVE-2013-6881 CVE-2013-6882 CVE-2013-6883 CVE-2013-6884 |
| FULLDISC:20131213 Multiple vulnerabilities in SMF forum software | CVE-2013-7234 CVE-2013-7235 CVE-2013-7236 |
| FULLDISC:20131215 Re: WordPress OptimizePress Theme - File Upload Vulnerability | CVE-2013-7102 |
| FULLDISC:20131215 iscripts autohoster , multiple vulns / php code injection exploit | CVE-2013-7189 CVE-2013-7190 |
| FULLDISC:20131217 CSRF, DoS and IL vulnerabilities in WordPress | CVE-2013-7233 |
| FULLDISC:20131217 [CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms | CVE-2013-5573 |
| FULLDISC:20131218 Apache Santuario security advisory CVE-2013-4517 released | CVE-2013-4517 |
| FULLDISC:20131219 URL Redirector Abuse and XSS vulnerabilities in WordPress | CVE-2013-4339 |
| FULLDISC:20131220 Synology DSM multiple directory traversal | CVE-2013-6987 |
| FULLDISC:20131224 Happy Holidays / Xmas Advisory | CVE-2013-7222 CVE-2013-7223 CVE-2013-7224 CVE-2013-7225 CVE-2013-7249 |
| FULLDISC:20131226 [CVE-2013-7209]JForum CSRF(Cross-site request forgery) Vulnerability | CVE-2013-7209 |
| FULLDISC:20140108 [CVE-2014-1203] Eyou Mail System Remote Code Execution | CVE-2014-1203 |
| FULLDISC:20140113 [CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application | CVE-2014-0647 |
| FULLDISC:20140114 [CVE-2013-6838] Enghouse Interactive IVR Pro (VIP2000) remote root authentication bypass Vulnerability | CVE-2013-6838 |
| FULLDISC:20140115 Collabtive Sql Injection | CVE-2013-6872 |
| FULLDISC:20140115 [Security-news] SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS) | CVE-2014-1611 |
| FULLDISC:20140117 Re: [CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application | CVE-2014-0647 |
| FULLDISC:20140120 0day - MuPDF Stack-based Buffer Overflow in xps_parse_color() | CVE-2014-2013 |
| FULLDISC:20140120 TWSL2014-002: Buffer Overflow Vulnerability in DaumGame ActiveX | CVE-2013-7246 |
| FULLDISC:20140123 Remote Command Injection Vulnerability in SkyBlueCanvas CMS | CVE-2014-1683 |
| FULLDISC:20140123 [CVE-2013-6235] - Multiple Reflected XSS vulnerabilities in JAMon v2.7 | CVE-2013-6235 |
| FULLDISC:20140124 ADV: IBM QRadar SIEM | CVE-2014-0835 CVE-2014-0836 CVE-2014-0837 |
| FULLDISC:20140127 Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability | CVE-2013-6674 |
| FULLDISC:20140127 Oracle Reports Exploit - Remote Shell/Dump Passwords | CVE-2012-3152 CVE-2012-3153 |
| FULLDISC:20140127 [CVE-2014-1673] Check Point Session Authentication Agent vulnerability | CVE-2014-1673 |
| FULLDISC:20140131 CVE-2014-1213 - Denial of Service in Sophos Anti Virus | CVE-2014-1213 |
| FULLDISC:20140131 [CVE-2014-1403] DOM XSS in EasyXDM 2.4.18 | CVE-2014-1403 |
| FULLDISC:20140203 XSS Reflected vulnerabilities in OS of FortiWeb v 5.0.3 (CVE-2013-7181) | CVE-2013-7181 |
| FULLDISC:20140203 [CVE-2014-1836] Arbitrary file deletion in ImpressCMS < 1.3.6 and two XSS issues | CVE-2014-1836 |
| FULLDISC:20140205 CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability | CVE-2014-0980 |
| FULLDISC:20140205 CVE-2014-1237 (XSS in i-doit Pro) | CVE-2014-1237 |
| FULLDISC:20140205 Core FTP Server Vulnerabilities | CVE-2014-1441 CVE-2014-1442 CVE-2014-1443 |
| FULLDISC:20140206 [CVE-2013-2055] Apache Wicket information disclosure vulnerability | CVE-2013-2055 |
| FULLDISC:20140207 New vulnerabilities in Google Maps plugin for Joomla | CVE-2014-9686 |
| FULLDISC:20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843] | CVE-2014-1841 CVE-2014-1842 CVE-2014-1843 |
| FULLDISC:20140211 Freepbx , php code execution exploit | CVE-2014-1903 |
| FULLDISC:20140211 Re: Freepbx , php code execution exploit | CVE-2014-1903 |
| FULLDISC:20140217 SQL Injection i-doit Pro (CVE-2014-1597) | CVE-2014-1597 |
| FULLDISC:20140219 CVE-2014-0053 Information Disclosure when using Grails | CVE-2014-0053 |
| FULLDISC:20140222 [CVE-2014-2069] 'eshtery CMS' allows remote attackers to read arbitrary files | CVE-2014-2069 |
| FULLDISC:20140223 Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability ( CVE-2013-7182) | CVE-2013-7182 |
| FULLDISC:20140227 Update: CVE-2014-0053 Information Disclosure when using Grails | CVE-2014-0053 CVE-2014-2857 CVE-2014-2858 |
| FULLDISC:20140304 [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults | CVE-2014-0072 |
| FULLDISC:20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation | CVE-2014-0073 |
| FULLDISC:20140306 CVE-2014-2044 - Remote Code Execution in ownCloud | CVE-2014-2044 |
| FULLDISC:20140310 [HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability | CVE-2014-100010 |
| FULLDISC:20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities | CVE-2014-0981 CVE-2014-0983 |
| FULLDISC:20140311 [CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue | CVE-2013-6835 |
| FULLDISC:20140312 CVE-2014-1686 -- Information disclosure: webserver source path in Mediawiki 1.18.0 | CVE-2014-1686 |
| FULLDISC:20140312 CVE-2014-1904 XSS when using Spring MVC | CVE-2014-1904 |
| FULLDISC:20140312 CVE-2014-2043 - SQL Injection in Procentia IntelliPen | CVE-2014-2043 |
| FULLDISC:20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS | CVE-2014-2533 CVE-2014-2534 |
| FULLDISC:20140312 Multiplus XSS in Proxmox Mail Gateway 3.1 (CVE-2014-2325) | CVE-2014-2325 |
| FULLDISC:20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS | CVE-2014-2533 CVE-2014-2534 |
| FULLDISC:20140313 WatchGuard Fireware XTM devices contain a cross-site scripting vulnerability (CVE-2014-0338) | CVE-2014-0338 |
| FULLDISC:20140313 [CVE-2014-2087] Free Download Manager CDownloads_Deleted::UpdateDownload() Buffer Overflow Remote Code Execution | CVE-2014-2087 |
| FULLDISC:20140314 MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service | CVE-2011-3336 |
| FULLDISC:20140315 Re: XSS Vulnerability in the Youtube Gallery 3.4.0 Component | CVE-2013-5956 |
| FULLDISC:20140315 Reflected XSS Attacks XSS vulnerabilities in Webmin 1.670 (CVE-2014-0339) | CVE-2014-0339 |
| FULLDISC:20140315 XSS Vulnerability in the Youtube Gallery 3.4.0 Component | CVE-2013-5956 |
| FULLDISC:20140315 [CVE-2013-5951] Multiple Cross Site Scripting Vulnerabilities in eXtplorer 2.1.3 | CVE-2013-5951 |
| FULLDISC:20140315 [CVE-2013-5952] Multiple Cross Site Scripting Vulnerabilities in Freichat | CVE-2013-5952 |
| FULLDISC:20140315 [CVE-2013-5953] | CVE-2013-5953 |
| FULLDISC:20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11 | CVE-2013-5954 |
| FULLDISC:20140315 [CVE-2013-5955] Cross-site scripting Vulnerability in the Pbbooking 2.4 | CVE-2013-5955 |
| FULLDISC:20140317 [CVE-2014-2339] GNUboard SQL Injection Vulnerability | CVE-2014-2339 |
| FULLDISC:20140318 McAfee Cloud SSO and McAfee Asset Manager vulns | CVE-2014-2586 CVE-2014-2587 CVE-2014-2588 |
| FULLDISC:20140318 [Quantum Leap Advisory] #QLA140216 - VLC Reflected XSS vulnerability | CVE-2014-9743 |
| FULLDISC:20140326 [GTA-2014-01] - Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. | CVE-2014-1982 |
| FULLDISC:20140327 [RT-SA-2014-002] rexx Recruitment: Cross-Site Scripting in User Registration | CVE-2014-1224 |
| FULLDISC:20140328 Dell SonicWall EMail Security 7.4.5 - Multiple Vulnerabilities (Bulletin) | CVE-2014-2879 |
| FULLDISC:20140328 XSS, CSRF and blind SQL injection in GD Star Rating 1.9.22 (WordPress plugin) | CVE-2014-2838 CVE-2014-2839 |
| FULLDISC:20140331 EMC CTA v10.0 unauthenticated XXE with root perms | CVE-2014-0644 CVE-2014-0645 |
| FULLDISC:20140402 Drupal Custom Search module XSS | CVE-2014-8320 |
| FULLDISC:20140402 [Quantum Leap Advisory] #QLA140402 - A10 Networks remote Buffer Overflow | CVE-2014-3976 |
| FULLDISC:20140403 Drupal Custom Search module XSS | CVE-2014-7870 |
| FULLDISC:20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331) | CVE-2014-0331 |
| FULLDISC:20140404 Re: Remote Command Execution within the ASUS RT-AC68U Managing Web Interface | CVE-2013-5948 |
| FULLDISC:20140404 Reflected Cross-Site Scripting within the ASUS RT-AC68U Managing Web Interface | CVE-2013-5948 CVE-2014-2925 |
| FULLDISC:20140408 Re: heartbleed OpenSSL bug CVE-2014-0160 | CVE-2014-0160 |
| FULLDISC:20140408 heartbleed OpenSSL bug CVE-2014-0160 | CVE-2014-0160 |
| FULLDISC:20140409 Re: heartbleed OpenSSL bug CVE-2014-0160 | CVE-2014-0160 |
| FULLDISC:20140409 iis cgi 0day | CVE-2011-5279 |
| FULLDISC:20140410 Re: iis cgi 0day | CVE-2011-5279 |
| FULLDISC:20140411 CSRF and stored XSS in Quick Page/Post Redirect Plugin (WordPress plugin) | CVE-2014-2598 |
| FULLDISC:20140411 CSRF/XSS vulnerability in Twitget 3.3.1 (WordPress plugin) | CVE-2014-2559 CVE-2014-2995 |
| FULLDISC:20140411 CVE-2014-2384 - Invalid Pointer Dereference in VMware Workstation and Player | CVE-2014-2384 |
| FULLDISC:20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL | CVE-2014-0160 |
| FULLDISC:20140412 Re: heartbleed OpenSSL bug CVE-2014-0160 | CVE-2014-0160 |
| FULLDISC:20140413 Adobe Reader for Android exposes insecure Javascript interfaces | CVE-2014-0514 |
| FULLDISC:20140414 CVE-2014-2591 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in BMC Patrol for AIX | CVE-2014-2591 |
| FULLDISC:20140415 Unitrends enterprise backup remote unauthenticated root | CVE-2014-3008 CVE-2014-3139 |
| FULLDISC:20140415 Xerox DocuShare authenticated SQL injection | CVE-2014-3138 |
| FULLDISC:20140416 ASUS RT-XXXX SOHO routers expose admin password, fixed in 3.0.0.4.374.5517 | CVE-2014-2719 |
| FULLDISC:20140416 CVE-2014-2597 - Denial of Service in PCNetSoftware RAC Server | CVE-2014-2597 |
| FULLDISC:20140416 Reflected XSS Attacks vulnerabilities F-Secure Messaging Security Gateway V7.5.0.892 (CVE-2014-2844) | CVE-2014-2844 |
| FULLDISC:20140416 Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC | CVE-2014-2734 |
| FULLDISC:20140417 NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution | CVE-2014-2913 |
| FULLDISC:20140418 CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150 | CVE-2014-3760 CVE-2014-3761 |
| FULLDISC:20140418 Re: NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution | CVE-2014-2913 |
| FULLDISC:20140418 Remote Command Injection in Ruby Gem sfpagent 0.4.14 | CVE-2014-2888 |
| FULLDISC:20140419 Re: iis cgi 0day | CVE-2011-5279 |
| FULLDISC:20140420 phpManufaktur / kitForm Unauthenticated SQL Injection Vulnerability | CVE-2014-3757 |
| FULLDISC:20140422 (CVE-2014-1648) Symantec Messaging Gateway Management Console Cross Site Scripting Vulnerability | CVE-2014-1648 |
| FULLDISC:20140423 CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive | CVE-2014-1217 |
| FULLDISC:20140423 CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive | CVE-2014-2042 |
| FULLDISC:20140423 CVE-2014-2383 - Arbitrary file read in dompdf | CVE-2014-2383 |
| FULLDISC:20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances | CVE-2014-2846 |
| FULLDISC:20140424 Multiple Vulnerabilities in iMember360 (Wordpress plugin) | CVE-2014-3842 CVE-2014-3848 CVE-2014-3849 CVE-2014-8948 CVE-2014-8949 |
| FULLDISC:20140426 Divx plugin suite heap-based buffer overflow | CVE-2014-10024 |
| FULLDISC:20140427 Re: Exploit: McAfee ePolicy 0wner (ePowner ) – Release | CVE-2013-0140 CVE-2013-0141 |
| FULLDISC:20140428 [Onapsis Security Advisory 2014-005] Information disclosure in SAP Software Lifeclycle Manager | CVE-2014-3129 |
| FULLDISC:20140428 [Onapsis Security Advisory 2014-006] Missing authorization check in SAP Background Processing RFC | CVE-2014-3132 |
| FULLDISC:20140428 [Onapsis Security Advisory 2014-007] Missing authorization check in SAP Profile Maintenance | CVE-2014-3131 |
| FULLDISC:20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure | CVE-2014-3133 |
| FULLDISC:20140428 [Onapsis Security Advisory 2014-009] SAP BASIS Missing Authorization Check | CVE-2014-3130 |
| FULLDISC:20140428 [Onapsis Security Advisory 2014-010] SAP BusinessObjects InfoView Reflected Cross Site Scripting | CVE-2014-3134 |
| FULLDISC:20140429 Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin) | CVE-2014-2558 |
| FULLDISC:20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access | CVE-2014-3006 |
| FULLDISC:20140430 SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex | CVE-2014-3758 CVE-2014-3759 |
| FULLDISC:20140501 F5 BIG-IQ authed arbitrary user password change | CVE-2014-3220 |
| FULLDISC:20140502 Re: F5 BIG-IQ authed arbitrary user password change | CVE-2014-3220 |
| FULLDISC:20140502 Re: Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC | CVE-2014-2734 |
| FULLDISC:20140504 Re: F5 BIG-IQ authed arbitrary user password change | CVE-2014-3220 |
| FULLDISC:20140506 CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities | CVE-2014-3242 CVE-2014-3243 |
| FULLDISC:20140507 Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability (CVE-2014-3115) | CVE-2014-3115 |
| FULLDISC:20140507 Moar F5 fun in iControl API | CVE-2014-2928 |
| FULLDISC:20140508 CVE-2014-1849 Foscam Dynamic DNS predictable credentials vulnerability | CVE-2014-1849 |
| FULLDISC:20140509 Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer | CVE-2014-3453 |
| FULLDISC:20140512 CodeIgniter <= 2.1.4 and Kohana <= 3.2.3, 3.3.2 - Timing Attacks and Object Injection | CVE-2014-8684 |
| FULLDISC:20140513 CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211 | CVE-2014-2046 |
| FULLDISC:20140513 [CVE-2014-1603] XSS in GetSimple CMS 3.3.1 | CVE-2014-1603 |
| FULLDISC:20140514 FD - Multiple stored XSS in FOG imaging deployment system CVE-2014-3111 | CVE-2014-3111 |
| FULLDISC:20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability | CVE-2013-5954 |
| FULLDISC:20140516 [CVE-2014-3749] Construtiva CIS Manager CMS POST SQLi | CVE-2014-3749 |
| FULLDISC:20140516 check_dhcp - Nagios Plugins <= 2.0.1 Arbitrary Option File Read | CVE-2014-4701 |
| FULLDISC:20140520 CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS | CVE-2014-3446 |
| FULLDISC:20140520 CVE-2014-3450 - Privilege Escalation in Panda Security | CVE-2014-3450 |
| FULLDISC:20140521 [KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability | CVE-2014-3781 |
| FULLDISC:20140521 [KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability | CVE-2014-3782 |
| FULLDISC:20140521 [KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability | CVE-2014-3783 |
| FULLDISC:20140522 Re: [KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability | CVE-2014-3782 |
| FULLDISC:20140523 Re: [KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability | CVE-2014-3782 |
| FULLDISC:20140527 CVE-2014-3004 - Castor Library Default Config could lead to XML External Entity (XXE) Attacks | CVE-2014-3004 |
| FULLDISC:20140527 [SECURITY] Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure | CVE-2014-0099 |
| FULLDISC:20140527 [SECURITY] CVE-2014-0095 Apache Tomcat denial of service | CVE-2014-0095 |
| FULLDISC:20140527 [SECURITY] CVE-2014-0096 Apache Tomcat information disclosure | CVE-2014-0096 |
| FULLDISC:20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure | CVE-2014-0099 |
| FULLDISC:20140527 [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure | CVE-2014-0119 |
| FULLDISC:20140528 CS and XSS vulnerabilities in DZS Video Gallery for WordPress | CVE-2014-3923 |
| FULLDISC:20140528 LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability | CVE-2014-0243 |
| FULLDISC:20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script | CVE-2014-2302 |
| FULLDISC:20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script | CVE-2014-2303 |
| FULLDISC:20140529 XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 (Zero-DAY) | CVE-2014-3922 |
| FULLDISC:20140601 Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress | CVE-2014-3961 |
| FULLDISC:20140603 CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2 | CVE-2014-0907 |
| FULLDISC:20140604 CVE-2013-6825 DCMTK Root Privilege escalation | CVE-2013-6825 |
| FULLDISC:20140604 CVE-2013-6876 s3dvt Root shell | CVE-2013-6876 |
| FULLDISC:20140604 CVE-2014-1226 s3dvt Root shell (still) | CVE-2014-1226 |
| FULLDISC:20140604 IPSwitch IMail Server WEB client 12.4 persistent XSS | CVE-2014-3878 |
| FULLDISC:20140604 More /tmp fun (PHP, Lynis) | CVE-2014-3981 CVE-2014-3986 |
| FULLDISC:20140604 [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies | CVE-2014-2577 |
| FULLDISC:20140605 [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager | CVE-2014-2575 |
| FULLDISC:20140606 [Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components | CVE-2014-4004 CVE-2014-4005 CVE-2014-4006 CVE-2014-4007 CVE-2014-4008 CVE-2014-4009 CVE-2014-4010 CVE-2014-4011 CVE-2014-4012 |
| FULLDISC:20140606 [Onapsis Security Advisory 2014-020] SAP SLD Information Tampering | CVE-2014-4003 |
| FULLDISC:20140607 Re: More OpenSSL issues | CVE-2014-0224 |
| FULLDISC:20140608 CVE-2014-3740 - SpiceWorks Cross-site scripting | CVE-2014-3740 |
| FULLDISC:20140608 Xornic Contact Us Form - Captcha Bypass / XSS | CVE-2014-8365 |
| FULLDISC:20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability CVE-2014-3289 | CVE-2014-3289 |
| FULLDISC:20140610 CSRF in Featured Comments 1.2.1 allows an attacker to set and unset comment statuses (WordPress plugin) | CVE-2014-4163 |
| FULLDISC:20140610 CSRF in JW Player for Flash & HTML5 Video 2.1.2 permits deletion of players (WordPress plugin) | CVE-2014-4030 |
| FULLDISC:20140610 CSRF in Member Approval 131109 permits unapproved registrations (WordPress plugin) | CVE-2014-3850 |
| FULLDISC:20140612 CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones | CVE-2014-3427 CVE-2014-3428 |
| FULLDISC:20140617 [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack | CVE-2014-3005 |
| FULLDISC:20140618 [CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack | CVE-2014-3244 |
| FULLDISC:20140623 SpamTitan contains a reflected cross-site scripting (XSS) vulnerability CVE-2014-2965 | CVE-2014-2965 |
| FULLDISC:20140624 Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day) | CVE-2014-4663 |
| FULLDISC:20140625 CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux) | CVE-2014-2385 |
| FULLDISC:20140625 CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014 | CVE-2014-3752 |
| FULLDISC:20140625 [RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery | CVE-2014-2399 |
| FULLDISC:20140625 [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting | CVE-2014-2400 |
| FULLDISC:20140626 CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin) | CVE-2014-4717 |
| FULLDISC:20140626 HP Enterprise Maps 1.00 Authenticated XXE | CVE-2014-4669 |
| FULLDISC:20140628 SECV-05-1402 - Reportico php admin credentials leak | CVE-2014-3777 |
| FULLDISC:20140628 check_dhcp - Nagios Plugins = 2.0.2 Race Condition | CVE-2014-4703 |
| FULLDISC:20140628 openSIS 4.5 - 5.3 SQL Injection vulnerability | CVE-2014-8366 |
| FULLDISC:20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS | CVE-2014-0864 CVE-2014-0865 CVE-2014-0866 CVE-2014-0867 CVE-2014-0868 CVE-2014-0869 CVE-2014-0870 CVE-2014-0871 CVE-2014-0894 |
| FULLDISC:20140701 Re: Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day) | CVE-2014-4663 |
| FULLDISC:20140701 SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom | CVE-2014-2512 |
| FULLDISC:20140703 Raritan IPMI vulnerability | CVE-2014-2955 |
| FULLDISC:20140706 Conduct phonecalls on Android without the necessary permission, advisory+testapplication+exploits for testing (CVE-2013-6272 and CVE-2014-N/A) | CVE-2013-6272 |
| FULLDISC:20140708 CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX | CVE-2014-3074 |
| FULLDISC:20140709 CVE-2014-3418 - OS Command Injection Infoblox Network Automation | CVE-2014-3418 |
| FULLDISC:20140710 Dell Scrutinizer 11.01 multiple vulnerabilities | CVE-2014-4976 CVE-2014-4977 |
| FULLDISC:20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop | CVE-2014-4962 CVE-2014-4963 CVE-2014-4964 CVE-2014-4965 CVE-2014-5385 |
| FULLDISC:20140710 SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system | CVE-2014-5382 CVE-2014-5396 CVE-2014-8329 |
| FULLDISC:20140711 QNAP TS-469U shadow file world readable | CVE-2014-5457 |
| FULLDISC:20140711 Re: QNAP TS-469U shadow file world readable | CVE-2014-5457 |
| FULLDISC:20140714 XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress | CVE-2014-9094 |
| FULLDISC:20140714 [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability | CVE-2014-3990 |
| FULLDISC:20140715 Http DoS Requests Flooding Crash Device Vulnerabilities Elipse E3 Scada PLC. | CVE-2014-8652 |
| FULLDISC:20140716 SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client" | CVE-2014-9104 |
| FULLDISC:20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway | CVE-2014-4346 CVE-2014-4347 |
| FULLDISC:20140716 SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone | CVE-2014-5350 |
| FULLDISC:20140717 Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE | CVE-2014-9095 |
| FULLDISC:20140718 KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation | CVE-2014-4971 |
| FULLDISC:20140718 KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation | CVE-2014-4971 |
| FULLDISC:20140721 Apache HTTPd - description of the CVE-2014-0226. | CVE-2014-0226 |
| FULLDISC:20140721 IBM GCM16/32 v1.20.0.22575 vulnerabilities | CVE-2014-3080 CVE-2014-3081 |
| FULLDISC:20140722 Apache HTTPd - description of the CVE-2014-0117. | CVE-2014-0117 |
| FULLDISC:20140722 CVE-2014-4501 : Stack Overflow in Parsing client.reconnect Message of the Stratum Mining Protocol | CVE-2014-4501 |
| FULLDISC:20140722 CVE-2014-4502 : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow | CVE-2014-4502 |
| FULLDISC:20140722 CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service | CVE-2014-4503 |
| FULLDISC:20140722 Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 (CVE-2014-5024) | CVE-2014-5024 |
| FULLDISC:20140724 CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog | CVE-2014-2226 |
| FULLDISC:20140724 CVE-2014-2227: Ubiquiti Networks - AirVision v2.1.3 - Overly Permissive default crossdomain.xml | CVE-2014-2227 |
| FULLDISC:20140724 Pligg 2.x SQLi / PWD disclosure / RCE | CVE-2014-9096 |
| FULLDISC:20140726 SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method | CVE-2014-4959 |
| FULLDISC:20140726 SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method ( link correction) | CVE-2014-4959 |
| FULLDISC:20140729 [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication | CVE-2014-5171 |
| FULLDISC:20140729 [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass | CVE-2014-5173 |
| FULLDISC:20140729 [Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS | CVE-2014-5175 |
| FULLDISC:20140729 [Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service | CVE-2014-5176 |
| FULLDISC:20140729 [Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool | CVE-2014-5172 |
| FULLDISC:20140729 [Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4 | CVE-2014-5174 |
| FULLDISC:20140730 Re: Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x) | CVE-2011-3426 |
| FULLDISC:20140812 CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service | CVE-2014-5035 |
| FULLDISC:20140812 Multiple Vulnerabilities in Disqus for Wordpress v2.7.5 | CVE-2014-5345 CVE-2014-5347 |
| FULLDISC:20140816 CSRF in Disqus for Wordpress 2.77 | CVE-2014-5346 |
| FULLDISC:20140816 XSS Reflected vulnerability in RiverBed Stingray Traffic Manager Virtual Appliance V 9.6 | CVE-2014-5348 |
| FULLDISC:20140818 CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack | CVE-2014-3577 |
| FULLDISC:20140818 Hilariously Bad SQRL Implementation | CVE-2014-5458 |
| FULLDISC:20140819 [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included) | CVE-2014-3996 CVE-2014-3997 |
| FULLDISC:20140820 CVE-2014-4973 - Privilege Escalation in ESET Windows Products | CVE-2014-4973 |
| FULLDISC:20140820 CVE-2014-5307 - Privilege Escalation in Panda Security Products | CVE-2014-5307 |
| FULLDISC:20140825 CVE-2014-2081 - VTLS Virtua InfoStation.cgi SQLi. | CVE-2014-2081 |
| FULLDISC:20140825 ntopng 1.2.0 XSS injection using monitored network traffic | CVE-2014-5464 |
| FULLDISC:20140826 VMware vm-support multiple vulnerabilities | CVE-2014-4199 CVE-2014-4200 |
| FULLDISC:20140827 ManageEngine EventLog Analyzer 7 Reflective cross-site scripting Vulnerability [CVE-2014-4930] | CVE-2014-4930 |
| FULLDISC:20140827 PHP-Wiki Command Injection | CVE-2014-5519 |
| FULLDISC:20140827 Re: [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert | CVE-2014-5377 |
| FULLDISC:20140827 XRMS SQLi to RCE 0day | CVE-2014-5520 CVE-2014-5521 |
| FULLDISC:20140827 [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert | CVE-2014-5377 |
| FULLDISC:20140830 Re: [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert | CVE-2014-5377 |
| FULLDISC:20140830 Re: [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included) | CVE-2014-3996 CVE-2014-3997 |
| FULLDISC:20140830 [CVE-2014-5440] MX-SmartTimer SQL Injection | CVE-2014-5440 |
| FULLDISC:20140831 Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities | CVE-2014-6037 CVE-2014-6043 |
| FULLDISC:20140831 [The ManageOwnage Series, part III]: Multiple vulnerabilities / RCE in ManageEngine Desktop Central | CVE-2014-5005 CVE-2014-5006 |
| FULLDISC:20140901 [The ManageOwnage Series, part IV]: RCE / file upload in Eventlog Analyzer, feat. special guests h0ng10 and Mogwai Security | CVE-2014-6037 |
| FULLDISC:20140902 Reflected XSS Attacks vulnerabilities used MIME Sniffing in Facebook Messenger and Facebook App for iOS. | CVE-2014-6392 |
| FULLDISC:20140902 Syslog LogAnalyzer persistent XSS injection CVE-2014-6070 | CVE-2014-6070 |
| FULLDISC:20140902 XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side | CVE-2014-6071 |
| FULLDISC:20140903 Mpay24 prestashop payment module multiple vulnerabilities | CVE-2014-2008 CVE-2014-2009 |
| FULLDISC:20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities | CVE-2014-6037 CVE-2014-6043 |
| FULLDISC:20140903 Re: ntopng 1.2.0 XSS injection using monitored network traffic | CVE-2014-5464 |
| FULLDISC:20140903 Uninit memory disclosure via truncated images in Firefox | CVE-2014-1564 |
| FULLDISC:20140909 Re: ntopng 1.2.0 XSS injection using monitored network traffic | CVE-2014-5464 |
| FULLDISC:20140911 CSRF vulnerabilities in CacheGuard-OS v5.7.7 (CVE-2014-4865) | CVE-2014-4865 |
| FULLDISC:20140916 Vulnerabilities in In-Portal CMS | CVE-2014-8304 |
| FULLDISC:20140916 [CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow | CVE-2014-0994 |
| FULLDISC:20140916 [Quantum Leap Advisory] #QLA140808 Cart Engine 3.0 Multiple vulnerabilities - SQL Injection, XSS Reflected, Open Redirect | CVE-2014-8305 CVE-2014-8306 CVE-2014-8307 |
| FULLDISC:20140917 CSRF/XSS vulnerablity in Login Widget With Shortcode allows unauthenticated attackers to do anything an admin can do (WordPress plugin) | CVE-2014-6312 |
| FULLDISC:20140917 Multiple SQL Injection Vulnerabilities in ClassApps SelectSurvey.net | CVE-2014-6030 |
| FULLDISC:20140917 Reflected XSS in WooCommerce - excelling e Commerce allows attackers ability to do almost anything an admin user can do (WordPress plugin) | CVE-2014-6313 |
| FULLDISC:20140917 Vulnerability in WP-Ban allows visitors to bypass the IP blacklist in some configurations (WordPress plugin) | CVE-2014-6230 |
| FULLDISC:20140919 M/Monit - Account hijacking via CSRF | CVE-2014-6409 CVE-2014-6607 |
| FULLDISC:20140923 CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser | CVE-2014-6603 |
| FULLDISC:20140923 TP-LINK WDR4300 - Stored XSS & DoS | CVE-2014-4727 CVE-2014-4728 |
| FULLDISC:20140923 [KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability | CVE-2014-5297 |
| FULLDISC:20140923 [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability | CVE-2014-5298 |
| FULLDISC:20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow | CVE-2014-4330 |
| FULLDISC:20140925 MSA-2014-02: Typo3 Extension dmmjobcontrol Multiple Vulnerabilities (typo3-ext-sa-2014-012) | CVE-2014-7200 CVE-2014-7201 |
| FULLDISC:20140927 Openfiler DoS via CSRF (CVE-2014-7190) | CVE-2014-7190 |
| FULLDISC:20140927 XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite (CVE-2014-7157, CVE-2014-7158) | CVE-2014-7157 CVE-2014-7158 |
| FULLDISC:20140927 [The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360 | CVE-2014-6034 CVE-2014-6035 CVE-2014-6036 |
| FULLDISC:20141001 Blind SQLi vulnerability in Content Audit could allow a privileged attacker to exfiltrate password hashes (WordPress plugin) | CVE-2014-5389 |
| FULLDISC:20141001 CVE-2014-5308 - Multiple SQL Injection Vulnerabilities in TestLink | CVE-2014-5308 |
| FULLDISC:20141001 CVE-2014-6389 - Remote Command Execution in PHPCompta/NOALYSS | CVE-2014-6389 |
| FULLDISC:20141001 Epicor Enterprise vulnerabilities | CVE-2014-4311 CVE-2014-4312 |
| FULLDISC:20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities | CVE-2014-6271 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 |
| FULLDISC:20141001 Re: CVE-2014-5308 - Multiple SQL Injection Vulnerabilities in TestLink | CVE-2014-5308 |
| FULLDISC:20141003 CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway | CVE-2014-7277 |
| FULLDISC:20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway | CVE-2014-7278 |
| FULLDISC:20141005 CVE-2014-4313 Epicor Procurement SQL Injection | CVE-2014-4313 |
| FULLDISC:20141007 CVE-2014-6251 : Stack Overflow in CPUMiner When Submitting Upstream Work | CVE-2014-6251 |
| FULLDISC:20141007 Nessus Web UI 2.3.3: Stored XSS | CVE-2014-7280 |
| FULLDISC:20141008 [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities | CVE-2014-8314 |
| FULLDISC:20141008 [Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection | CVE-2014-8313 |
| FULLDISC:20141008 [Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure | CVE-2014-8309 |
| FULLDISC:20141008 [Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA | CVE-2014-8310 |
| FULLDISC:20141008 [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA | CVE-2014-8311 |
| FULLDISC:20141008 [Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting | CVE-2014-8308 |
| FULLDISC:20141008 [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check | CVE-2014-8312 |
| FULLDISC:20141009 TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server | CVE-2014-7237 |
| FULLDISC:20141010 SAP Security Note 1908531 - XXE in BusinessObjects Explorer | CVE-2014-8316 |
| FULLDISC:20141010 SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer | CVE-2014-8315 |
| FULLDISC:20141013 CVE-2013-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth) | CVE-2014-2021 |
| FULLDISC:20141013 CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API (post-auth) | CVE-2014-2022 |
| FULLDISC:20141013 CVE-2014-2023 - Tapatalk for vBulletin 4.x - multiple blind sql injection (pre-auth) | CVE-2014-2023 |
| FULLDISC:20141014 Re: CVE-2013-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth) | CVE-2014-2021 |
| FULLDISC:20141016 Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability | CVE-2014-3704 |
| FULLDISC:20141016 CVE-2014-2230 - OpenX Open Redirect Vulnerability | CVE-2014-2230 |
| FULLDISC:20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0 | CVE-2014-3828 CVE-2014-3829 |
| FULLDISC:20141016 [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability | CVE-2014-0995 |
| FULLDISC:20141017 XSS vulnerabilities in Megapolis.Portal Manager | CVE-2014-8381 |
| FULLDISC:20141020 CVE-2014-7292 Newtelligence dasBlog Open Redirect Vulnerability | CVE-2014-7292 |
| FULLDISC:20141022 Incredible PBX remote command execution exploit | CVE-2014-9001 |
| FULLDISC:20141022 Mulesoft ESB Authenticated Privilege Escalation | CVE-2014-9000 |
| FULLDISC:20141022 Vulnerabilities in WordPress Database Manager v2.7.1 | CVE-2014-8334 |
| FULLDISC:20141023 CVE-2014-7180 - ElectricCommander Local Privilege Escalation | CVE-2014-7180 |
| FULLDISC:20141023 [KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability | CVE-2014-8081 |
| FULLDISC:20141023 [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness | CVE-2014-8082 |
| FULLDISC:20141024 Re: Mulesoft ESB Authenticated Privilege Escalation | CVE-2014-9000 |
| FULLDISC:20141025 Yourls XSS Stored | CVE-2014-8488 |
| FULLDISC:20141028 CVE-2014-2718: ASUS wireless router updates are vulnerable to a MITM attack | CVE-2014-2718 |
| FULLDISC:20141028 CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products | CVE-2014-4974 |
| FULLDISC:20141028 CVE-2014-7176 - Authenticated Blind SQL Injection in Enalean Tuleap | CVE-2014-7176 |
| FULLDISC:20141028 CVE-2014-7177 - External XML Entity Injection in Enalean Tuleap | CVE-2014-7177 |
| FULLDISC:20141028 CVE-2014-7178 - Remote Command Execution in Enalean Tuleap | CVE-2014-7178 |
| FULLDISC:20141029 SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme | CVE-2014-8658 |
| FULLDISC:20141030 CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP | CVE-2014-6032 |
| FULLDISC:20141030 CVE-2014-6033 - XML External Entity Injection in F5 Networks Big-IP | CVE-2014-6032 |
| FULLDISC:20141030 Re: CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP | CVE-2014-6032 |
| FULLDISC:20141031 SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access | CVE-2014-9352 CVE-2014-9360 |
| FULLDISC:20141103 CNIL CookieViz XSS + SQL injection leading to user pwnage | CVE-2014-8351 CVE-2014-8352 |
| FULLDISC:20141103 CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core | CVE-2014-5387 |
| FULLDISC:20141106 CVE-2014-8557 - JExperts Tecnologia - Channel Software Cross Site Scripting Issues | CVE-2014-8557 |
| FULLDISC:20141106 CVE-2014-8558 - JExperts Tecnologia - Channel Software Escalation Access Issues | CVE-2014-8558 |
| FULLDISC:20141106 Cisco RV Series multiple vulnerabilities | CVE-2014-2177 CVE-2014-2178 CVE-2014-2179 |
| FULLDISC:20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection | CVE-2014-3437 CVE-2014-3438 CVE-2014-3439 |
| FULLDISC:20141106 Wordpress bulletproof-security <=.51 multiple vulnerabilities | CVE-2014-8749 |
| FULLDISC:20141109 IL and CSRF vulnerabilities in D-Link DAP-1360 | CVE-2014-10025 CVE-2014-10026 |
| FULLDISC:20141109 IP.Board <= 3.4.7 SQL Injection | CVE-2014-9239 |
| FULLDISC:20141109 [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro | CVE-2014-8498 CVE-2014-8499 |
| FULLDISC:20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 | CVE-2014-7866 CVE-2014-7868 |
| FULLDISC:20141112 Lantronix xPrintServer Code execution and CSRF vulnerability | CVE-2014-9002 CVE-2014-9003 |
| FULLDISC:20141112 Piwigo <= v2.6.0 - Blind SQL Injection | CVE-2014-9115 |
| FULLDISC:20141112 [ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC) | CVE-2013-3678 |
| FULLDISC:20141114 CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability | CVE-2014-7290 |
| FULLDISC:20141114 CVE-2014-8681 Blind SQL Injection in Gogs label search | CVE-2014-8681 |
| FULLDISC:20141114 CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs | CVE-2014-8682 |
| FULLDISC:20141114 CVE-2014-8683 XSS in Gogs Markdown Renderer | CVE-2014-8683 |
| FULLDISC:20141114 XSS Reflected in Page visualization agents in Pand ora FMS v5.1SP1 - RevisioÃŒÂn PC141031 (CVE-2014- 8629) | CVE-2014-8629 |
| FULLDISC:20141114 xdg-open RCE | CVE-2014-9622 |
| FULLDISC:20141117 CVE-2014-8493 - ZTE ZXHN H108L Authentication Bypass | CVE-2014-8493 |
| FULLDISC:20141117 Proticaret E-Commerce Script v3.0 SQL Injection | CVE-2014-9237 |
| FULLDISC:20141117 Reflected XSS in Nibbleblog <= v4.0.1 | CVE-2014-8996 |
| FULLDISC:20141117 Vulnerabilities in D-Link DCS-2103 | CVE-2014-9234 CVE-2014-9238 |
| FULLDISC:20141117 WebsiteBaker <=2.8.3 - Multiple Vulnerabilities | CVE-2014-9242 CVE-2014-9243 |
| FULLDISC:20141117 XOOPS <= 2.5.6 - Blind SQL Injection | CVE-2014-8999 |
| FULLDISC:20141117 Zoph <= 0.9.1 - Multiple Vulnerabilities | CVE-2014-9235 CVE-2014-9236 |
| FULLDISC:20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload | CVE-2014-8767 |
| FULLDISC:20141118 CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload | CVE-2014-8768 |
| FULLDISC:20141118 CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload | CVE-2014-8769 |
| FULLDISC:20141118 PHPFox XSS AdminCP | CVE-2014-8469 |
| FULLDISC:20141119 CVE-2014-2382 - Arbitrary Code Execution In Faronics Deep Freeze Standard and Enterprise | CVE-2014-2382 |
| FULLDISC:20141119 CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM | CVE-2014-7137 |
| FULLDISC:20141119 CVE-2014-7911: Android <5.0 Privilege Escalation using ObjectInputStream | CVE-2014-7911 |
| FULLDISC:20141119 CVE-2014-8600 - Insufficient Input Validation By IO Slaves In KDE e.V. KDE | CVE-2014-8600 |
| FULLDISC:20141119 [CORE-2014-0008] - Advantech AdamView Buffer Overflow | CVE-2014-8386 |
| FULLDISC:20141119 [CORE-2014-0009] - Advantech EKI-6340 Command Injection | CVE-2014-8387 |
| FULLDISC:20141120 CVE-2014-8349 LIFERAY Portal Stored XSS | CVE-2014-8349 |
| FULLDISC:20141120 WordPress 3 persistent script injection | CVE-2014-9031 |
| FULLDISC:20141121 AST-2014-014: High call load may result in hung channels in ConfBridge. | CVE-2014-8414 |
| FULLDISC:20141121 FluxBB <= 1.5.6 SQL Injection | CVE-2014-10029 |
| FULLDISC:20141123 on Linux, 'less' can probably get you owned | CVE-2014-9112 |
| FULLDISC:20141126 CVE-2014-8507 Android < 5.0 SQL injection vulnerability in WAPPushManager | CVE-2014-8507 |
| FULLDISC:20141126 CVE-2014-8609 Android Settings application privilege leakage vulnerability | CVE-2014-8609 |
| FULLDISC:20141126 CVE-2014-8610 Android < 5.0 SMS resend vulnerability | CVE-2014-8610 |
| FULLDISC:20141127 CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Vulnerability | CVE-2014-7291 |
| FULLDISC:20141127 CVE-2014-8754 WordPress "Ad-Manager Plugin " Dest Redirect Privilege Escalation | CVE-2014-8754 |
| FULLDISC:20141127 FileVista < v6.0.8.0 Insecure zip file handling | CVE-2014-8788 CVE-2014-8789 |
| FULLDISC:20141129 CSRF and XSS vulnerabilities in D-Link DAP-1360 | CVE-2014-10027 CVE-2014-10028 |
| FULLDISC:20141129 [KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability | CVE-2014-8791 |
| FULLDISC:20141201 [RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire | CVE-2014-8874 |
| FULLDISC:20141201 [RT-SA-2014-011] EntryPass N5200 Credentials Disclosure | CVE-2014-8868 CVE-2014-9303 |
| FULLDISC:20141202 [RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components | CVE-2014-6140 |
| FULLDISC:20141203 Re: CVE-2014-8610 Android < 5.0 SMS resend vulnerability | CVE-2014-8610 |
| FULLDISC:20141203 [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 | CVE-2014-5445 CVE-2014-5446 |
| FULLDISC:20141205 CVE-2014-5462 - Multiple Authenticated SQL Injections In OpenEMR | CVE-2014-5462 |
| FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | CVE-2010-5298 CVE-2012-3544 CVE-2013-1620 CVE-2013-1739 CVE-2013-1740 CVE-2013-1741 CVE-2013-2461 CVE-2013-2877 CVE-2013-3751 CVE-2013-3774 CVE-2013-4286 CVE-2013-4322 CVE-2013-5605 CVE-2013-5606 CVE-2013-5855 CVE-2013-6438 CVE-2013-6449 CVE-2013-6450 CVE-2014-0015 CVE-2014-0033 CVE-2014-0050 CVE-2014-0075 CVE-2014-0096 CVE-2014-0098 CVE-2014-0099 CVE-2014-0119 CVE-2014-0138 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 CVE-2014-0221 CVE-2014-0224 CVE-2014-0436 CVE-2014-1490 CVE-2014-1491 CVE-2014-1492 CVE-2014-2456 CVE-2014-2477 CVE-2014-2479 CVE-2014-2480 CVE-2014-2481 CVE-2014-2482 CVE-2014-2483 CVE-2014-2484 CVE-2014-2485 CVE-2014-2486 CVE-2014-2487 CVE-2014-2488 CVE-2014-2489 CVE-2014-2490 CVE-2014-2491 CVE-2014-2492 CVE-2014-2493 CVE-2014-2494 CVE-2014-2495 CVE-2014-2496 CVE-2014-3470 CVE-2014-3797 CVE-2014-4201 CVE-2014-4202 CVE-2014-4203 CVE-2014-4204 CVE-2014-4205 CVE-2014-4206 CVE-2014-4207 CVE-2014-4208 CVE-2014-4209 CVE-2014-4210 CVE-2014-4211 CVE-2014-4212 CVE-2014-4213 CVE-2014-4214 CVE-2014-4215 CVE-2014-4216 CVE-2014-4217 CVE-2014-4218 CVE-2014-4219 CVE-2014-4220 CVE-2014-4221 CVE-2014-4222 CVE-2014-4223 CVE-2014-4224 CVE-2014-4225 CVE-2014-4226 CVE-2014-4227 CVE-2014-4228 CVE-2014-4229 CVE-2014-4230 CVE-2014-4231 CVE-2014-4232 CVE-2014-4233 CVE-2014-4234 CVE-2014-4235 CVE-2014-4236 CVE-2014-4237 CVE-2014-4238 CVE-2014-4239 CVE-2014-4240 CVE-2014-4241 CVE-2014-4242 CVE-2014-4243 CVE-2014-4244 CVE-2014-4245 CVE-2014-4246 CVE-2014-4247 CVE-2014-4248 CVE-2014-4249 CVE-2014-4250 CVE-2014-4251 CVE-2014-4252 CVE-2014-4253 CVE-2014-4254 CVE-2014-4255 CVE-2014-4256 CVE-2014-4257 CVE-2014-4258 CVE-2014-4260 CVE-2014-4261 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4265 CVE-2014-4266 CVE-2014-4267 CVE-2014-4268 CVE-2014-4269 CVE-2014-4270 CVE-2014-4271 CVE-2014-8371 |
| FULLDISC:20141209 CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability | CVE-2014-8489 |
| FULLDISC:20141209 CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities | CVE-2014-8751 |
| FULLDISC:20141209 Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities | CVE-2014-9526 |
| FULLDISC:20141209 Humhub SQL injection and multiple persistent XSS vulnerabilities | CVE-2014-9528 |
| FULLDISC:20141209 NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability | CVE-2014-8373 |
| FULLDISC:20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server | CVE-2014-9374 |
| FULLDISC:20141210 CVE-2014-7136 - Privilege Escalation In K7 Computing Multiple Products [K7FWFilt.sys] | CVE-2014-7136 |
| FULLDISC:20141210 CVE-2014-8608 - Null Pointer Dereference In K7 Computing Multiple Products [K7Sentry.sys] | CVE-2014-8608 |
| FULLDISC:20141210 CVE-2014-8956 - Privilege Escalation In K7 Computing Multiple Products [K7Sentry.sys] | CVE-2014-8956 |
| FULLDISC:20141210 Multiple vulnerabilities in InfiniteWP Admin Panel | CVE-2014-9519 CVE-2014-9520 CVE-2014-9521 |
| FULLDISC:20141210 NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities | CVE-2014-8372 |
| FULLDISC:20141211 RedCloth contains unfixed XSS vulnerability for 9 years | CVE-2012-6684 |
| FULLDISC:20141216 CA20141215-01: Security Notice for CA LISA Release Automation | CVE-2014-8246 CVE-2014-8247 CVE-2014-8248 |
| FULLDISC:20141216 CVE-2014-5437: Arris TG862G - Cross-site Request Forgery (CSRF) | CVE-2014-5437 CVE-2014-9406 |
| FULLDISC:20141216 CVE-2014-5438: Arris TG862G - Cross-site Scripting (XSS) | CVE-2014-5437 CVE-2014-5438 |
| FULLDISC:20141216 W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface | CVE-2014-9414 |
| FULLDISC:20141216 [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA | CVE-2014-9387 |
| FULLDISC:20141217 Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability | CVE-2014-9334 |
| FULLDISC:20141217 Morfy CMS v1.05 - Command Execution Vulnerability | CVE-2014-9185 |
| FULLDISC:20141218 SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA) | CVE-2014-9451 CVE-2014-9452 CVE-2014-9575 CVE-2014-9576 CVE-2014-9577 CVE-2014-9578 CVE-2014-9579 |
| FULLDISC:20141218 SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted | CVE-2014-7208 |
| FULLDISC:20141218 SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager | CVE-2014-5214 CVE-2014-5215 CVE-2014-5216 CVE-2014-5217 CVE-2014-9412 |
| FULLDISC:20141218 iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability | CVE-2014-9336 |
| FULLDISC:20141219 BF and XSS vulnerabilities in D-Link DCS-2103 | CVE-2014-9517 |
| FULLDISC:20141219 CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Security Vulnerability | CVE-2014-8752 |
| FULLDISC:20141219 TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables | CVE-2014-9325 |
| FULLDISC:20141219 TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch | CVE-2014-9367 |
| FULLDISC:20141219 The Misfortune Cookie Vulnerability | CVE-2014-9222 |
| FULLDISC:20141222 CVE-2014-9330: Libtiff integer overflow in bmp2tiff | CVE-2014-9330 |
| FULLDISC:20141222 VP-2014-004 SysAid Server Arbitrary File Disclosure | CVE-2014-9436 |
| FULLDISC:20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 | CVE-2014-9432 |
| FULLDISC:20141224 Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 | CVE-2014-9433 |
| FULLDISC:20141227 Wordpress Frontend Uploader Cross Site Scripting(XSS) | CVE-2014-9444 |
| FULLDISC:20141229 CSRF vulnerability in CMS e107 v.2 alpha2 | CVE-2014-9459 |
| FULLDISC:20141229 CVE-2014-7293 Ex Libris Patron Directory Services (PDS) XSS (Cross-Site Scripting) Security Vulnerability | CVE-2014-7293 |
| FULLDISC:20141229 CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect Security Vulnerability | CVE-2014-7294 |
| FULLDISC:20141230 Multiple SQL Injections and Reflecting XSS in Absolut Engine v. 1.73 CMS | CVE-2014-9434 CVE-2014-9435 |
| FULLDISC:20141231 [KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability | CVE-2014-8083 |
| FULLDISC:20141231 [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability | CVE-2014-8084 |
| FULLDISC:20141231 [KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability | CVE-2014-8085 |
| FULLDISC:20141231 [KIS-2014-17] GetSimple CMS <= 3.3.4 (api.php) XML External Entity Vulnerability | CVE-2014-8790 |
| FULLDISC:20150102 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central | CVE-2014-7862 |
| FULLDISC:20150105 [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 | CVE-2014-5301 CVE-2014-5302 |
| FULLDISC:20150106 McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure | CVE-2015-0921 CVE-2015-0922 |
| FULLDISC:20150106 Re: [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 | CVE-2014-5302 |
| FULLDISC:20150106 Reflecting XSS vulnerability in CMS Kajona v. 4.6 | CVE-2015-0917 |
| FULLDISC:20150106 Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0 | CVE-2015-0918 |
| FULLDISC:20150106 SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0 | CVE-2015-0919 |
| FULLDISC:20150107 CVE-2014-9510 - TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF) | CVE-2014-9510 |
| FULLDISC:20150108 Good for Enterprise Android HTML Injection (CVE-2014-4925) | CVE-2014-4925 |
| FULLDISC:20150108 Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0 | CVE-2015-1040 |
| FULLDISC:20150109 Reflecting XSS vulnerability in CMS e107 v. 1.0.4 | CVE-2015-1041 |
| FULLDISC:20150110 CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability | CVE-2014-9560 |
| FULLDISC:20150110 CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability | CVE-2014-9561 |
| FULLDISC:20150112 CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0 | CVE-2014-8870 |
| FULLDISC:20150112 Corel Software DLL Hijacking | CVE-2014-8393 CVE-2014-8394 CVE-2014-8395 CVE-2014-8396 CVE-2014-8397 CVE-2014-8398 |
| FULLDISC:20150112 Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure | CVE-2015-0921 CVE-2015-0922 |
| FULLDISC:20150112 Reflecting XSS vulnerability in CMS Croogo v.2.2.0 | CVE-2015-1053 |
| FULLDISC:20150112 Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6 | CVE-2015-1052 |
| FULLDISC:20150112 Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection | CVE-2015-1055 |
| FULLDISC:20150112 Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities | CVE-2014-7956 CVE-2014-7957 |
| FULLDISC:20150112 [RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 | CVE-2014-8869 |
| FULLDISC:20150113 Reflecting XSS vulnerability in filemanager of CMS b2evolution v. 5.2.0 | CVE-2014-9599 |
| FULLDISC:20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower | CVE-2015-1368 CVE-2015-1481 CVE-2015-1482 |
| FULLDISC:20150113 [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager | CVE-2015-1050 |
| FULLDISC:20150114 Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection | CVE-2015-2054 |
| FULLDISC:20150116 CatBot v0.4.2 (PHP) - SQL Injection Vulnerability | CVE-2015-1367 |
| FULLDISC:20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597) | CVE-2014-9597 CVE-2014-9598 |
| FULLDISC:20150118 Reflecting XSS vulnerability in administrative backend of CMS Websitebaker v. 2.8.3 SP3 | CVE-2015-0553 |
| FULLDISC:20150120 Barracuda Load Balancer ADC VM multiple vulnerabilities | CVE-2014-8426 CVE-2014-8428 |
| FULLDISC:20150120 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities | CVE-2015-1365 CVE-2015-1366 CVE-2015-1375 CVE-2015-1376 |
| FULLDISC:20150120 WebGUI 7.10.29 stable version Cross site scripting vulnerability | CVE-2015-1564 |
| FULLDISC:20150121 CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards. | CVE-2015-1169 |
| FULLDISC:20150121 SQL injection vulnerability in articleFR CMS 3.0.5 | CVE-2015-1364 |
| FULLDISC:20150121 [RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass | CVE-2014-8872 |
| FULLDISC:20150122 CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities | CVE-2014-9557 |
| FULLDISC:20150122 CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities | CVE-2014-9558 |
| FULLDISC:20150122 Multiple stored/reflecting XSS- and SQLi-vulnerabilities and unrestricted file-upload in ferretCMS v. 1.0.4-alpha | CVE-2015-1371 CVE-2015-1372 CVE-2015-1373 |
| FULLDISC:20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP | CVE-2014-7289 CVE-2014-9224 CVE-2014-9225 CVE-2014-9226 |
| FULLDISC:20150122 USAA mobile app gives away personal data; fix released | CVE-2015-1314 |
| FULLDISC:20150122 XSS vulnerability in articleFR CMS 3.0.5 | CVE-2015-1363 |
| FULLDISC:20150126 [CORE-2015-0002] - Android WiFi-Direct Denial of Service | CVE-2014-0997 |
| FULLDISC:20150127 Reflecting XSS vulnerabilities in CMS Saurus v. 4.7 (CE) | CVE-2015-1562 |
| FULLDISC:20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities | CVE-2014-0998 CVE-2014-8612 |
| FULLDISC:20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered | CVE-2015-1558 |
| FULLDISC:20150128 CVE-2015-1042 - Mantis BugTracker 1.2.19 - URL Redirection to Untrusted Site ('Open Redirect') | CVE-2015-1042 |
| FULLDISC:20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow | CVE-2015-0235 |
| FULLDISC:20150128 Wordpress Geo Mashup plugin <= 1.8.2 XSS vulnerability | CVE-2015-1383 |
| FULLDISC:20150128 [AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability | CVE-2014-8826 |
| FULLDISC:20150128 [The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360) | CVE-2014-7864 |
| FULLDISC:20150129 Fortinet FortiClient Multiple Vulnerabilities | CVE-2015-1453 CVE-2015-1569 CVE-2015-1570 |
| FULLDISC:20150129 Fortinet FortiOS Multiple Vulnerabilities | CVE-2015-1451 CVE-2015-1452 CVE-2015-1571 |
| FULLDISC:20150130 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385 | CVE-2015-1385 |
| FULLDISC:20150131 Major Internet Explorer Vulnerability - NOT Patched | CVE-2015-0072 |
| FULLDISC:20150201 Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384 | CVE-2015-1384 |
| FULLDISC:20150201 CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities | CVE-2014-9559 |
| FULLDISC:20150201 SQL injection vulnerabilities in zerocms <= v.1.3.3 | CVE-2014-4034 CVE-2015-1442 |
| FULLDISC:20150202 CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability | CVE-2014-5360 |
| FULLDISC:20150202 CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Security Vulnerabilities | CVE-2014-9562 |
| FULLDISC:20150203 My Little Forum Multiple XSS Security Vulnerabilities | CVE-2015-1475 |
| FULLDISC:20150203 SQL injection vulnerability in Pragyan CMS v.3.0 | CVE-2015-1471 |
| FULLDISC:20150208 LG On Screen Phone authentication bypass (CVE-2014-8757) | CVE-2014-8757 |
| FULLDISC:20150208 Multiple CSRF vulnerabilities in eFront v. 3.6.15.2 (CE) | CVE-2015-1559 |
| FULLDISC:20150211 CVE-2014-6412 - WordPress (all versions) lacks CSPRNG | CVE-2014-6412 |
| FULLDISC:20150212 CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Security Vulnerabilities | CVE-2014-8753 |
| FULLDISC:20150212 CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities | CVE-2014-9469 |
| FULLDISC:20150212 Followup on CVE-2014-6412 | CVE-2014-6412 |
| FULLDISC:20150212 Radexscript CMS 2.2.0 - SQL Injection vulnerability | CVE-2015-1518 |
| FULLDISC:20150213 Reflecting XSS vulnerabitlies, unrestricted file upload and underlaying CSRF in Landsknecht Adminsystems CMS v. 4.0.1 (DEV, beta version) | CVE-2015-1603 CVE-2015-1604 |
| FULLDISC:20150213 eTouch SamePage v4.4.0.0.239 multiple vulnerabilities | CVE-2015-2070 CVE-2015-2071 |
| FULLDISC:20150214 CVE-2015-1574 - Google Email App 4.2.2 remote denial of service | CVE-2015-1574 |
| FULLDISC:20150217 [CVE-REQUEST] Multiple vulnerabilities on GLPI | CVE-2015-7684 CVE-2015-7685 |
| FULLDISC:20150218 CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities | CVE-2014-9468 |
| FULLDISC:20150218 DLGuard Full Path Disclosure (Information Leakage) Security Vulnerabilities | CVE-2015-2209 |
| FULLDISC:20150218 DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities | CVE-2015-2064 |
| FULLDISC:20150218 DLGuard SQL Injection Security Vulnerabilities | CVE-2015-2066 |
| FULLDISC:20150218 Reflecting XSS- and SQL injection-vulnerabilities in the administrative backend of Piwigo <= v. 2.7.3 | CVE-2015-2034 CVE-2015-2035 |
| FULLDISC:20150218 [RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite | CVE-2014-8871 |
| FULLDISC:20150221 Easy Social Icons WordPress plugin v1.2.2 Persistent XSS and CSRF | CVE-2015-2084 |
| FULLDISC:20150221 Multiple stored XSS-vulnerabilities in MyBB v. 1.8.3 | CVE-2015-2149 |
| FULLDISC:20150221 Samsung iPolis XnsSdkDeviceIpInstaller.ocx ActiveX Remote Code Execution Vulnerabilities | CVE-2015-0555 |
| FULLDISC:20150221 WooCommerce WordPress plugin 2.2.10 Reflected XSS | CVE-2015-2069 |
| FULLDISC:20150223 ECommerce-Shopping Cart Zeuscart v. 4: Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities | CVE-2010-5322 CVE-2015-2182 CVE-2015-2183 CVE-2015-2184 |
| FULLDISC:20150223 WESP SDK multiple Remote Code Execution Vulnerabilities | CVE-2015-2097 |
| FULLDISC:20150225 [Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench | CVE-2015-2072 |
| FULLDISC:20150225 [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA | CVE-2015-2075 |
| FULLDISC:20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA | CVE-2015-2076 |
| FULLDISC:20150301 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server | CVE-2015-2080 |
| FULLDISC:20150302 CVE-2015-1187: D-Link DIR-636L Remote Command Injection - Incorrect Authentication | CVE-2015-1187 |
| FULLDISC:20150302 NetCat CMS Full Path Disclosure (Information Disclosure) Security Vulnerabilities | CVE-2015-2214 |
| FULLDISC:20150302 Slim Framework - (CVE-2015-2171, PHP Object Injection), Other Vulnerabilities | CVE-2015-2171 |
| FULLDISC:20150302 XSS Reflected vulnerabilities in Fortimail version 5.2.1 (CVE-2014-8617) | CVE-2014-8617 |
| FULLDISC:20150302 upstart logrotate privilege escalation in Ubuntu Vivid (development) | CVE-2015-2285 |
| FULLDISC:20150303 Multiple SQL injections in core Orion service affecting many Solarwinds products (CVE-2014-9566) | CVE-2014-9566 |
| FULLDISC:20150304 CSRF in Contact Form DB allows attacker to delete all stored form submissions (WordPress plugin) | CVE-2015-1874 |
| FULLDISC:20150304 PHPMoAdmin Unauthorized Remote Code Execution (0-Day) | CVE-2015-2208 |
| FULLDISC:20150305 ProjectSend r561 - SQL injection vulnerability | CVE-2015-2564 |
| FULLDISC:20150305 Webshop hun v1.062S Directory Traversal Security Vulnerabilities | CVE-2015-2243 |
| FULLDISC:20150305 Webshop hun v1.062S SQL Injection Security Vulnerabilities | CVE-2015-2242 |
| FULLDISC:20150305 Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities | CVE-2015-2244 |
| FULLDISC:20150307 Fw: Vulnerabilities in ASUS RT-G32 | CVE-2015-2676 CVE-2015-2681 |
| FULLDISC:20150309 MikroTik RouterOS Admin Password Change CSRF | CVE-2015-2350 |
| FULLDISC:20150309 OpenKM Platform Remote Reflected Cross Site Scripting | CVE-2014-9017 |
| FULLDISC:20150310 SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Security Vulnerabilities | CVE-2015-2349 |
| FULLDISC:20150310 Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities | CVE-2008-2335 |
| FULLDISC:20150310 Vastal I-tech phpVID 1.2.3 SQL Injection Security Vulnerabilities | CVE-2008-4157 CVE-2015-2563 |
| FULLDISC:20150310 [CORE-2015-0005] - Windows Pass-Through Authentication Methods Improper Validation | CVE-2015-0005 |
| FULLDISC:20150310 [CVE Identifier Updated] OpenKM Platform Remote Reflected Cross Site Scripting | CVE-2014-9017 |
| FULLDISC:20150311 Community Gallery - Srored Corss-Site Scripting vulnerability | CVE-2015-2275 |
| FULLDISC:20150311 Vulnerability in the Dropbox SDK for Android (CVE-2014-8889) | CVE-2014-8889 |
| FULLDISC:20150311 [CVE-2015-1474]Integer overflow leading to heap corruption while unflattening GraphicBuffer | CVE-2015-1474 |
| FULLDISC:20150312 Alkacon OpenCms 9.5.1 Multiple XSS Vulnerabilities | CVE-2015-2351 |
| FULLDISC:20150312 WPML WordPress plug-in SQL injection etc. | CVE-2015-2314 CVE-2015-2315 CVE-2015-2791 |
| FULLDISC:20150312 WordPress SEO by Yoast <= 1.7.3.3 - Blind SQL Injection | CVE-2015-2292 CVE-2015-2293 |
| FULLDISC:20150316 Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution | CVE-2015-2841 |
| FULLDISC:20150316 Re: WPML WordPress plug-in SQL injection etc. | CVE-2015-2792 |
| FULLDISC:20150318 Command injection vulnerability in EMC Secure Remote Services Virtual Edition | CVE-2015-0525 |
| FULLDISC:20150318 Command injection vulnerability in network diagnostics tool of Websense Appliance Manager | CVE-2015-2746 |
| FULLDISC:20150318 Cross-Site Scripting vulnerability in Websense Data Security block page | CVE-2015-2703 |
| FULLDISC:20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler | CVE-2014-9711 |
| FULLDISC:20150318 EMC M&R (Watch4net) data storage collector credentials are not properly protected | CVE-2015-0514 |
| FULLDISC:20150318 EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection | CVE-2015-0524 |
| FULLDISC:20150318 Error messages of Websense Content Gateway are vulnerable to Cross-Site Scripting | CVE-2015-2703 |
| FULLDISC:20150318 Missing access control on Websense Explorer web folder | CVE-2015-2748 |
| FULLDISC:20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting | CVE-2014-9711 |
| FULLDISC:20150318 Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser | CVE-2015-0516 |
| FULLDISC:20150318 Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting | CVE-2015-2747 |
| FULLDISC:20150318 Websense Email Security vulnerable to persistent Cross-Site Scripting in audit log details view | CVE-2015-2702 |
| FULLDISC:20150318 [CORE-2015-0006] - Fortinet Single Sign On Stack Overflow | CVE-2015-2281 |
| FULLDISC:20150319 Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users | CVE-2015-2683 |
| FULLDISC:20150319 Citrix Command Center allows downloading of configuration files | CVE-2015-2682 |
| FULLDISC:20150319 Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting | CVE-2015-2839 |
| FULLDISC:20150319 Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting | CVE-2015-2840 |
| FULLDISC:20150319 Command injection vulnerability in Citrix NITRO SDK xen_hotfix page | CVE-2015-2838 |
| FULLDISC:20150319 Web-Dorado ECommerce-WD for Joomla plugin multiple unauthenticated SQL injections | CVE-2015-2562 |
| FULLDISC:20150322 [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection) | CVE-2015-0250 |
| FULLDISC:20150326 Insecure file upload in Berta CMS | CVE-2015-2780 |
| FULLDISC:20150327 Advisory: CVE-2014-9708: Appweb Web Server | CVE-2014-9708 |
| FULLDISC:20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1 | CVE-2014-9707 |
| FULLDISC:20150328 Advisory: CVE-2014-9708: Appweb Web Server | CVE-2014-9708 |
| FULLDISC:20150401 Ceragon FibeAir IP-10 SSH Private Key Exposure (CVE-2015-0936) | CVE-2015-0936 |
| FULLDISC:20150404 Wordpress plugin Simple Ads Manager - Information Disclosure | CVE-2015-2826 |
| FULLDISC:20150405 Multiple SQL Injection | CVE-2015-2824 |
| FULLDISC:20150405 Wordpress plugin Simple Ads Manager - Arbitrary File Upload | CVE-2015-2825 |
| FULLDISC:20150405 Wordpress plugin Simple Ads Manager - SQL Injection | CVE-2015-2824 |
| FULLDISC:20150407 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server | CVE-2014-9708 |
| FULLDISC:20150407 [CVE-2015-0779]: Novell ZenWorks Configuration Management remote code execution | CVE-2015-0779 |
| FULLDISC:20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit | CVE-2015-3008 |
| FULLDISC:20150408 HotExBilling Manager – Cross-site scriptin g (XSS) vulnerability | CVE-2015-3319 |
| FULLDISC:20150408 HotExBilling Manager - Cross-site scriptin g (XSS) vulnerability | CVE-2015-2781 |
| FULLDISC:20150408 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server | CVE-2014-9708 |
| FULLDISC:20150410 SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035) | CVE-2015-3035 |
| FULLDISC:20150414 several issues in SQLite (+ catching up on several other bugs) | CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 CVE-2015-3417 |
| FULLDISC:20150415 Huawei SEQ Analyst - Multiple Reflected Cross Site Scripting (XSS) | CVE-2015-2347 |
| FULLDISC:20150415 Huawei SEQ Analyst - XML External Entity Injection (XXE) | CVE-2015-2346 |
| FULLDISC:20150417 CVE-2014-5370 - Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet | CVE-2014-5370 |
| FULLDISC:20150417 CVE-2014-7953 Android backup agent code execution | CVE-2014-7953 |
| FULLDISC:20150417 CVE-2014-7954 MTP path traversal vulnerability in Android | CVE-2014-7954 |
| FULLDISC:20150422 CVE-2015-0984 SCADA - Gaining remote shell on Honeywell Falcon XLWEB | CVE-2015-0984 |
| FULLDISC:20150424 [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow | CVE-2015-1863 |
| FULLDISC:20150426 WordPress 4.2 stored XSS | CVE-2015-3440 |
| FULLDISC:20150427 [CORE-2015-0008] - InFocus IN3128HD Projector Multiple Vulnerabilities | CVE-2014-8383 CVE-2014-8384 |
| FULLDISC:20150428 SonicWall SonicOS 7.5.0.12 & 6.x - Client Side Cross Site Scripting Vulnerability | CVE-2015-3447 |
| FULLDISC:20150429 CVE-ID 2015-1188: Swisscom DSL Router Centro Grande (ADB) | CVE-2015-1188 |
| FULLDISC:20150430 Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015) | CVE-2015-3622 |
| FULLDISC:20150505 Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability | CVE-2015-3620 |
| FULLDISC:20150505 [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL | CVE-2014-8146 CVE-2014-8147 |
| FULLDISC:20150508 Docker 1.6.1 - Security Advisory [150507] | CVE-2015-3627 CVE-2015-3629 CVE-2015-3630 CVE-2015-3631 |
| FULLDISC:20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities | CVE-2005-3955 |
| FULLDISC:20150509 0day Mailbird XSS ? | CVE-2015-4657 |
| FULLDISC:20150509 CVE-2014-3440 - Symantec Critical System Protection RCE | CVE-2014-3440 |
| FULLDISC:20150509 Wordpress Roomcloud plugin v1.1(rev @1115307) XSS vulnerability | CVE-2015-3904 |
| FULLDISC:20150509 Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429 | CVE-2015-3429 |
| FULLDISC:20150513 Concrete5 Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-2250 | CVE-2015-2250 |
| FULLDISC:20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities | CVE-2015-2278 CVE-2015-2282 |
| FULLDISC:20150515 CSRF & XSS vulnerabilities in Encrypted Contact Form Wordpress Plugin v1.0.4 | CVE-2015-4010 |
| FULLDISC:20150518 KL-001-2015-002 : Piriform CCleaner Wiped Filename Recovery | CVE-2015-3999 |
| FULLDISC:20150519 0-day Denial of Service in IPsec-Tools | CVE-2015-4047 |
| FULLDISC:20150519 Milw0rm Clone Script v1.0 - (time based) SQLi | CVE-2015-4137 |
| FULLDISC:20150519 SEC Consult SA-20150519-0 :: Critical buffer overflow vulnerability in KCodes NetUSB (VU#177092, CVE-2015-3036) | CVE-2015-3036 |
| FULLDISC:20150519 SQLi in FeedWordPress WordPress plugin | CVE-2015-4018 |
| FULLDISC:20150520 Re: 0-day Denial of Service in IPsec-Tools | CVE-2015-4047 |
| FULLDISC:20150522 0day Mailbird XSS | CVE-2015-4657 |
| FULLDISC:20150522 SAP Security Notes May 2015 | CVE-2015-2278 CVE-2015-2282 CVE-2015-4091 CVE-2015-4092 CVE-2015-4157 CVE-2015-4158 CVE-2015-4159 CVE-2015-4160 CVE-2015-4161 |
| FULLDISC:20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability | CVE-2014-0999 CVE-2014-8391 |
| FULLDISC:20150524 phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities | CVE-2015-4134 |
| FULLDISC:20150524 phpwind v8.7 XSS (Cross-site Scripting) Web Security Vulnerabilities | CVE-2015-4135 |
| FULLDISC:20150525 Reflected Cross-Site Scripting in Synology DiskStation Manager | CVE-2015-4655 |
| FULLDISC:20150525 Synology Photo Station multiple Cross-Site Scripting vulnerabilities | CVE-2015-4656 |
| FULLDISC:20150527 ClearPass Policy Manager Stored XSS | CVE-2015-1389 |
| FULLDISC:20150527 [Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement | CVE-2015-3995 |
| FULLDISC:20150527 [Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability | CVE-2015-3994 |
| FULLDISC:20150531 CVE-2015-3935 HTML Injection in Dolibarr | CVE-2015-3935 |
| FULLDISC:20150531 [SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices | CVE-2014-7857 CVE-2014-7858 CVE-2014-7859 CVE-2014-7860 |
| FULLDISC:20150603 [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) | CVE-2015-2993 CVE-2015-2994 CVE-2015-2995 CVE-2015-2996 CVE-2015-2997 CVE-2015-2998 CVE-2015-2999 CVE-2015-3000 CVE-2015-3001 |
| FULLDISC:20150604 [CVE-2015-4051]: Beckhoff IPC diagnostics < 1.8 : Authentication bypass | CVE-2015-4051 |
| FULLDISC:20150609 Fwd: Potentially critical buffer overflow in TinySRP | CVE-2015-4675 |
| FULLDISC:20150609 [CVE-2015-4342]SQL Injection and Location header injection from cdef id | CVE-2015-4342 |
| FULLDISC:20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID | CVE-2015-2804 |
| FULLDISC:20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery | CVE-2015-2805 |
| FULLDISC:20150611 Apache vulnerability program faulting module ntdll.dll | CVE-2015-0251 |
| FULLDISC:20150611 XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 ) | CVE-2015-0343 |
| FULLDISC:20150613 Yoast Wordpress SEO Plugin <= 2.1.1 Stored, Authenticated XSS | CVE-2012-6692 |
| FULLDISC:20150615 [RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager | CVE-2015-2803 |
| FULLDISC:20150618 CVE-2015-4453 - Authentication bypass in OpenEMR | CVE-2015-4453 |
| FULLDISC:20150619 IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981) | CVE-2015-1981 |
| FULLDISC:20150623 CVE-2015-4413 - Wordpress "Nextend Facebo ok Connect" Cross Site Scripting | CVE-2015-4413 |
| FULLDISC:20150623 ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS | CVE-2015-2815 |
| FULLDISC:20150623 ERPSCAN Research Advisory [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE | CVE-2015-2812 |
| FULLDISC:20150623 ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE | CVE-2015-2813 |
| FULLDISC:20150623 ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE | CVE-2015-2811 |
| FULLDISC:20150623 ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure | CVE-2015-2817 |
| FULLDISC:20150623 ERPSCAN Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll | CVE-2015-2820 |
| FULLDISC:20150623 ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check | CVE-2015-2816 |
| FULLDISC:20150623 ERPSCAN Research Advisory [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS | CVE-2015-2819 |
| FULLDISC:20150623 XSS vulnerability in manage engine. | CVE-2015-2169 |
| FULLDISC:20150624 CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004 | CVE-2015-3443 |
| FULLDISC:20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS | CVE-2015-4630 CVE-2015-4631 CVE-2015-4632 CVE-2015-4633 |
| FULLDISC:20150626 SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences | CVE-2015-4681 CVE-2015-4682 CVE-2015-4683 CVE-2015-4684 CVE-2015-4685 |
| FULLDISC:20150629 CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP | CVE-2015-4674 |
| FULLDISC:20150630 ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability | CVE-2015-5459 |
| FULLDISC:20150702 CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0 | CVE-2015-3442 |
| FULLDISC:20150703 Re: [##2255763##] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability | CVE-2015-5459 |
| FULLDISC:20150703 SQL Injection in easy2map wordpress plugin v1.24 | CVE-2015-4614 CVE-2015-4616 |
| FULLDISC:20150703 Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability | CVE-2015-5460 |
| FULLDISC:20150705 Open redirect vulnerability in StageShow Wordpress plugin v5.0.8 | CVE-2015-5461 |
| FULLDISC:20150706 Orchard CMS - Persistent XSS vulnerability | CVE-2015-5520 |
| FULLDISC:20150706 WideImage Demo Code Cross Site Scripting (XSS) | CVE-2015-5519 |
| FULLDISC:20150706 [CORE-2015-0012] - AirLive Multiple Products OS Command Injection | CVE-2015-2279 |
| FULLDISC:20150708 SOPlanning - Simple Online Planning Tool multiple vulnerabilities | CVE-2014-8675 CVE-2014-8676 |
| FULLDISC:20150708 [CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection | CVE-2015-2280 |
| FULLDISC:20150710 CVE-2014-7952, Android ADB backup APK injection vulnerability | CVE-2014-7952 |
| FULLDISC:20150710 Reflected XSS in GD bbPress Attachments allows an attacker to do almost anything an admin can (WordPress plugin) | CVE-2015-5481 |
| FULLDISC:20150710 SOPlanning - Simple Online Planning Tool multiple vulnerabilities | CVE-2014-8677 |
| FULLDISC:20150713 CVE-2015-3449 - Weak File Permissions In SAP Afaria XeService.exe | CVE-2015-3449 |
| FULLDISC:20150713 CVE-2015-3621 - Privilege Escalation In SAP ECC | CVE-2015-3621 |
| FULLDISC:20150713 CVE-2015-4425 - Directory Traversal/Configuration Update In Pimcore CMS | CVE-2015-4425 |
| FULLDISC:20150713 CVE-2015-4426 - SQL Injection In Pimcore CMS | CVE-2015-4426 |
| FULLDISC:20150713 Reflected XSS Attacks vulnerabilities in PFSense Version 2.2.2 (CVE-2015-4029) | CVE-2015-4029 |
| FULLDISC:20150713 Reflected XSS in The Events Calendar: Eventbrite Tickets allows unauthenticated users to do almost anything an admin can (WordPress plugin) | CVE-2015-5485 |
| FULLDISC:20150713 Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 | CVE-2015-5599 CVE-2015-5681 |
| FULLDISC:20150717 OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) | CVE-2015-5600 |
| FULLDISC:20150721 Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0 | CVE-2015-6523 |
| FULLDISC:20150727 Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne | CVE-2015-0943 CVE-2015-6742 CVE-2015-6743 CVE-2015-6744 CVE-2015-6745 CVE-2015-6746 CVE-2015-6747 |
| FULLDISC:20150805 SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network | CVE-2015-5718 |
| FULLDISC:20150811 CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation | CVE-2015-5699 |
| FULLDISC:20150813 BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities | CVE-2015-6563 CVE-2015-6564 |
| FULLDISC:20150818 Bolt 2.2.4 - Code Execution | CVE-2015-7309 |
| FULLDISC:20150818 UNIT4TETA TETA WEB - Authorization Bypass vulnerability | CVE-2015-1173 |
| FULLDISC:20150827 AnchorCMS - PHP Object Injection (CVE-2015-5687) and More | CVE-2015-5687 |
| FULLDISC:20150827 Publicly exploitable XSS in WordPress plugin Navis Documentcloud (WordPress plugin) | CVE-2015-2807 |
| FULLDISC:20150829 Re: AnchorCMS - PHP Object Injection (CVE-2015-5687) and More | CVE-2015-5687 |
| FULLDISC:20150901 KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation | CVE-2015-5465 |
| FULLDISC:20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities | CVE-2015-4077 CVE-2015-5735 CVE-2015-5736 CVE-2015-5737 |
| FULLDISC:20150902 NibbleBlog 4.0.3 - CSRF - Not fixed | CVE-2015-6966 |
| FULLDISC:20150902 NibbleBlog 4.0.3 - Code Execution - Not fixed | CVE-2015-6967 |
| FULLDISC:20150902 Serendipity 2.0.1 - Blind SQL Injection | CVE-2015-6943 |
| FULLDISC:20150902 Serendipity 2.0.1 - Code Execution | CVE-2015-6968 |
| FULLDISC:20150902 Serendipity 2.0.1 - Persistent XSS | CVE-2015-6969 |
| FULLDISC:20150907 Checkmarx CxQL Sandbox bypass (CVE-2014-8778) | CVE-2014-8778 |
| FULLDISC:20150907 Glibc Pointer guarding weakness | CVE-2013-4788 |
| FULLDISC:20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow | CVE-2014-7216 |
| FULLDISC:20150909 Multiple Cross-Site Scripting vulnerabilities in Synology Download Station | CVE-2015-6909 CVE-2015-6913 |
| FULLDISC:20150909 Synology Video Station command injection and multiple SQL injection vulnerabilities | CVE-2015-6910 CVE-2015-6911 CVE-2015-6912 |
| FULLDISC:20150910 CubeCart 6.0.6 > 5.2.12 admin hijacking vulnerability | CVE-2015-6928 |
| FULLDISC:20150910 DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584 | CVE-2015-6584 |
| FULLDISC:20150910 Nokia Solutions and Networks @vantage - Multiple Reflected XSS | CVE-2015-6929 |
| FULLDISC:20150910 [ERPSCAN-15-014] SAP Mobile Platform 3 - XXE in Add Repository | CVE-2015-5068 |
| FULLDISC:20150914 Sunny WebBox CVE-2015-3964 Fix | CVE-2015-3964 |
| FULLDISC:20150915 ManageEngine EventLog Analyzer SQL query execution | CVE-2015-7387 |
| FULLDISC:20150915 ManageEngine OpManager multiple vulnerabilities | CVE-2015-7765 CVE-2015-7766 |
| FULLDISC:20150915 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting | CVE-2015-5956 |
| FULLDISC:20150917 KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation | CVE-2015-6923 |
| FULLDISC:20150922 Cisco AnyConnect elevation of privileges via DLL side loading | CVE-2015-6305 |
| FULLDISC:20150922 [Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption | CVE-2015-7730 |
| FULLDISC:20150923 CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth | CVE-2015-5372 |
| FULLDISC:20150923 Cisco AnyConnect elevation of privileges via DMG install script | CVE-2015-6306 |
| FULLDISC:20150925 CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine | CVE-2015-5074 |
| FULLDISC:20150925 CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine | CVE-2015-5075 |
| FULLDISC:20150925 CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine | CVE-2015-5076 |
| FULLDISC:20150925 CVE-2015-7323 - Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization | CVE-2015-7323 |
| FULLDISC:20150925 Stored XSS in 4images <= v1.7.11 | CVE-2015-7708 |
| FULLDISC:20150927 Apport kernel_crashdump symlink vulnerability exploitation | CVE-2015-1338 |
| FULLDISC:20150929 [Onapsis Security Advisory 2015-009] SAP HANA hdbsql Multiple Memory Corruption Vulnerabilities | CVE-2015-6507 |
| FULLDISC:20150929 [Onapsis Security Advisory 2015-015] SAP HANA SQL injection in _modifyUser function | CVE-2015-7725 |
| FULLDISC:20150929 [Onapsis Security Advisory 2015-016] SAP HANA SQL injection in _newUser function | CVE-2015-7725 |
| FULLDISC:20150929 [Onapsis Security Advisory 2015-017] SAP HANA XSJS Code Injection in test-net.xsjs | CVE-2015-7729 |
| FULLDISC:20150929 [Onapsis Security Advisory 2015-018] SAP HANA SQL injection in, setTraceLevelsForXsApps function | CVE-2015-7725 |
| FULLDISC:20150929 [Onapsis Security Advisory 2015-019] SAP HANA XSS in role deletion through Web-based development workbench | CVE-2015-7726 |
| FULLDISC:20150929 [Onapsis Security Advisory 2015-020] SAP HANA Trace configuration SQL injection | CVE-2015-7727 |
| FULLDISC:20150929 [Onapsis Security Advisory 2015-021] SAP HANA XSS in user creation through Web-based development workbench | CVE-2015-7728 |
| FULLDISC:20150929 [Onapsis Security Advisory 2015-022] SAP HANA SQL injection in getSqlTraceConfiguration function | CVE-2015-7727 |
| FULLDISC:20150929 [Onapsis Security Advisory 2015-023] SAP HANA Drop Credentials SQL injection | CVE-2015-7725 |
| FULLDISC:20151001 CVE-2015-2342 VMware vCenter Remote Code Execution | CVE-2015-2342 |
| FULLDISC:20151001 Mac OS X local root (rsh/libmalloc) | CVE-2015-5889 |
| FULLDISC:20151001 Shell Injection in Pygments FontManager._get_nix_font_path | CVE-2015-8557 |
| FULLDISC:20151005 Apple Safari URI spoofing (CVE-2015-5764) | CVE-2015-5764 |
| FULLDISC:20151005 Blind SQL Injection in admin panel PHP-Fusion <= v7.02.07 | CVE-2014-8596 |
| FULLDISC:20151005 CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability | CVE-2015-6237 |
| FULLDISC:20151005 Komento Joomla! component Persistent XSS | CVE-2015-7324 |
| FULLDISC:20151005 u-design wordpress theme DOM XSS | CVE-2015-7357 |
| FULLDISC:20151008 CVE-2015-2652 - Unauthenticated File Upload in Oracle E-business Suite. | CVE-2015-2652 |
| FULLDISC:20151008 Veeam Backup & Replication Local Privilege Escalation Vulnerability | CVE-2015-5742 |
| FULLDISC:20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities | CVE-2015-7364 CVE-2015-7365 CVE-2015-7366 CVE-2015-7367 CVE-2015-7368 CVE-2015-7369 CVE-2015-7370 CVE-2015-7371 CVE-2015-7372 CVE-2015-7373 |
| FULLDISC:20151010 Exploit NetUSB CVE-2015-3036 | CVE-2015-3036 |
| FULLDISC:20151013 JScript 5.7 (MSIE 8) RegExpBase::FBadHeader regular expression use-after-free | CVE-2015-2482 |
| FULLDISC:20151013 Vantage Point Security Advisory 2015-002 | CVE-2014-8357 CVE-2014-9118 |
| FULLDISC:20151027 [ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability | CVE-2015-4845 |
| FULLDISC:20151027 [ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability | CVE-2015-4846 |
| FULLDISC:20151027 [ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability | CVE-2015-4854 |
| FULLDISC:20151029 CVE-2015-7723 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver | CVE-2015-7723 |
| FULLDISC:20151029 CVE-2015-7724 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver | CVE-2015-7724 |
| FULLDISC:20151030 [ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability | CVE-2015-4886 |
| FULLDISC:20151030 [ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability | CVE-2015-4849 |
| FULLDISC:20151030 [ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability | CVE-2015-4851 |
| FULLDISC:20151102 CVE-2015-6498 | CVE-2015-6498 |
| FULLDISC:20151104 [KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability | CVE-2014-9752 |
| FULLDISC:20151104 [KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability | CVE-2015-7711 |
| FULLDISC:20151104 [KIS-2015-08] ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability | CVE-2015-7712 |
| FULLDISC:20151104 [KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability | CVE-2015-7815 |
| FULLDISC:20151104 [KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability | CVE-2015-7816 |
| FULLDISC:20151109 [Onapsis Security Advisory 2015-024-040] SAP HANA TrexNet Vulnerabilities | CVE-2015-7828 |
| FULLDISC:20151109 [Onapsis Security Advisory 2015-041] SAP HANA Remote Trace Disclosure | CVE-2015-7991 |
| FULLDISC:20151109 [Onapsis Security Advisory 2015-042] SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory corruption | CVE-2015-7992 |
| FULLDISC:20151109 [Onapsis Security Advisory 2015-043] SAP HANA Remote Code Execution (HTTP Login based) | CVE-2015-7993 |
| FULLDISC:20151109 [Onapsis Security Advisory 2015-044] SAP HANA Remote Code Execution (SQL Login based) | CVE-2015-7994 |
| FULLDISC:20151114 AlegroCart 1.2.8: LFI/RFI | CVE-2015-9227 |
| FULLDISC:20151114 AlegroCart 1.2.8: SQL Injection | CVE-2015-9226 |
| FULLDISC:20151114 D-link wireless router DIR-816L – Cross-Site Request Forgery (CSRF) vulnerability | CVE-2015-5999 |
| FULLDISC:20151114 ZTE ADSL modems - Multiple vulnerabilities | CVE-2015-7257 CVE-2015-7258 CVE-2015-7259 |
| FULLDISC:20151114 dotclear 2.8.1: Code Execution | CVE-2015-8832 |
| FULLDISC:20151114 dotclear 2.8.1: XSS | CVE-2015-8831 |
| FULLDISC:20151117 CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability | CVE-2015-6357 |
| FULLDISC:20151117 zTree v3 Security Advisory - XSS Vulnerability - CVE-2015-7348 | CVE-2015-7348 |
| FULLDISC:20151118 Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability | CVE-2015-8051 |
| FULLDISC:20151119 Re: LiteCart 1.3.2: Multiple XSS | CVE-2014-7183 |
| FULLDISC:20151124 : CVE-2015-8298 SQL Injection Vulnerability in RXTEC RXAdmin | CVE-2015-8298 |
| FULLDISC:20151124 CVE-2015-8300: Polycom BToE Connector v2.3.0 Privilege Escalation Vulnerability | CVE-2015-8300 |
| FULLDISC:20151124 [ERPSCAN-15-018] SAP NetWeaver 7.4 - XXE | CVE-2015-6662 |
| FULLDISC:20151124 [ERPSCAN-15-019] SAP Afaria - Stored XSS | CVE-2015-6663 |
| FULLDISC:20151124 [ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import | CVE-2015-6664 |
| FULLDISC:20151125 Slider Revolution/Showbiz Pro shell upload exploit | CVE-2014-9735 |
| FULLDISC:20151127 [CVE-2015-6942] CoreMail XT3.0 Stored XSS | CVE-2015-6942 |
| FULLDISC:20151209 Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability | CVE-2015-8376 |
| FULLDISC:20151209 [CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities | CVE-2015-7706 |
| FULLDISC:20151209 [CVE-2015-8369] Cacti SQL injection in graph.php | CVE-2015-8369 |
| FULLDISC:20151209 ntop-ng <= 2.0.151021 - Privilege Escalation | CVE-2015-8368 |
| FULLDISC:20151211 CLOUD4WI SPLASH PORTAL REFLECTED XSS VULNERABILITY CVE-2015-4699 | CVE-2015-4699 |
| FULLDISC:20151213 SilverStripe CMS & Framework v3.2.0 - Cross-Site Scripting Vulnerability | CVE-2015-8606 |
| FULLDISC:20151213 Symphony 2.6.3 – Multiple Persistent Cross-Site Scripting Vulnerabilities | CVE-2015-8766 |
| FULLDISC:20151213 XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247 | CVE-2015-8247 |
| FULLDISC:20151213 [CVE-2015-8377] Cacti graphs_new.php SQL Injection Vulnerability | CVE-2015-8377 |
| FULLDISC:20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] | CVE-2015-8370 |
| FULLDISC:20151216 [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability | CVE-2015-7239 |
| FULLDISC:20151218 KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address | CVE-2015-6856 |
| FULLDISC:20151218 Samsung softap weak random generated password | CVE-2015-5729 |
| FULLDISC:20151222 [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality | CVE-2015-8124 |
| FULLDISC:20151223 Re: [FD] Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability | CVE-2015-8376 |
| FULLDISC:20151224 Nordex Control 2 (NC2) SCADA V16 and prior versions - XSS | CVE-2015-6477 |
| FULLDISC:20151224 eWON sa Industrial router - Multiple Vulnerabilities | CVE-2015-7924 CVE-2015-7925 CVE-2015-7926 CVE-2015-7927 CVE-2015-7928 CVE-2015-7929 |
| FULLDISC:20151231 CVE-2015-1438 - Arbitrary Code Execution [PSKMAD.sys] In Panda Security - Multiple Products | CVE-2015-1438 |
| FULLDISC:20151231 CVE-2015-1438 - Panda Security Multiple Products Arbitrary Code Execution | CVE-2015-1438 |
| FULLDISC:20151231 CVE-2015-4557 - Wordpress "Nextend Twitter Connect" & "Nextend Google Connect" Cross Site Scripting | CVE-2015-4557 |
| FULLDISC:20151231 Joomla! plugin Helpdesk Pro < 1.4.0 | CVE-2015-4071 CVE-2015-4072 CVE-2015-4073 CVE-2015-4074 CVE-2015-4075 |
| FULLDISC:20151231 New CVE's to be released the 17th of June. | CVE-2015-4071 |
| FULLDISC:20151231 [CORE-2015-0012] - AirLive Multiple Products OS Command Injection | CVE-2014-8389 |
| FULLDISC:20160105 Alcatel Lucent Home Device Manager - Management Console Multiple XSS | CVE-2015-8687 |
| FULLDISC:20160107 [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images | CVE-2014-8886 |
| FULLDISC:20160108 Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege | CVE-2016-1281 |
| FULLDISC:20160108 OpenCart Security Advisory - XSS Vulnerabiltiy - CVE-2015-4671 | CVE-2015-4671 |
| FULLDISC:20160108 Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603 | CVE-2015-8603 |
| FULLDISC:20160108 [CVE-2015-8604] Cacti SQL injection in graphs_new.php | CVE-2015-8604 |
| FULLDISC:20160111 CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer | CVE-2015-8396 |
| FULLDISC:20160111 CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent | CVE-2015-8397 |
| FULLDISC:20160111 SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 | CVE-2016-1909 |
| FULLDISC:20160113 Html injection Dolibarr 3.8.3 | CVE-2015-8685 |
| FULLDISC:20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 | CVE-2016-0777 CVE-2016-0778 |
| FULLDISC:20160115 [KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability | CVE-2015-8379 |
| FULLDISC:20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM | CVE-2016-1493 |
| FULLDISC:20160120 SeaWell Networks Spectrum - Multiple Vulnerabilities | CVE-2015-8282 CVE-2015-8283 CVE-2015-8284 |
| FULLDISC:20160121 SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices | CVE-2015-8362 CVE-2016-1984 |
| FULLDISC:20160125 [CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities | CVE-2016-1489 CVE-2016-1490 CVE-2016-1491 CVE-2016-1492 |
| FULLDISC:20160127 McAfee File Lock Driver - Kernel Memory Leak | CVE-2015-8772 |
| FULLDISC:20160127 McAfee File Lock Driver - Kernel Stack Based BOF | CVE-2015-8773 |
| FULLDISC:20160127 Multiple security issues in MOVEit Managed File Transfer application | CVE-2015-7675 CVE-2015-7676 CVE-2015-7677 CVE-2015-7678 CVE-2015-7679 CVE-2015-7680 |
| FULLDISC:20160127 [ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption | CVE-2015-7986 |
| FULLDISC:20160203 DLink DVG-N5402SP Multiple Vulnerabilities | CVE-2015-7245 CVE-2015-7246 CVE-2015-7247 |
| FULLDISC:20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability | CVE-2016-2268 |
| FULLDISC:20160203 GE Industrial Solutions - UPS SNMP Adapter Command Injection and Clear-text Sensitive Info Vulnerabilities | CVE-2016-0861 CVE-2016-0862 |
| FULLDISC:20160203 Sauter ModuWEB Vision SCADA vulnerabilities | CVE-2015-7914 CVE-2015-7915 CVE-2015-7916 |
| FULLDISC:20160203 Security Advisories | CVE-2014-2045 CVE-2014-9754 CVE-2014-9755 |
| FULLDISC:20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300 | CVE-2016-1524 CVE-2016-1525 |
| FULLDISC:20160210 Apache Sling Framework v2.3.6 (Adobe AEM) [CVE-2016-0956] - Information Disclosure Vulnerability | CVE-2016-0956 |
| FULLDISC:20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9 | CVE-2016-2046 |
| FULLDISC:20160210 NPS Datastore server DLL side loading vulnerability | CVE-2016-0041 |
| FULLDISC:20160210 SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities | CVE-2015-7568 CVE-2015-7569 CVE-2015-7570 CVE-2015-7571 |
| FULLDISC:20160210 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox | CVE-2016-0602 CVE-2016-0603 |
| FULLDISC:20160212 [ERPSCAN-15-031] SAP MII - Encryption Downgrade vulnerability | CVE-2015-8329 |
| FULLDISC:20160212 [ERPSCAN-15-032] SAP PCo agent - DoS vulnerability | CVE-2015-8330 |
| FULLDISC:20160222 Avast Virtualization Driver - Elevation Of Privileges | CVE-2015-8620 |
| FULLDISC:20160222 BlackBerry Enterprise Service 12 Self-Service - SQLi and Reflected XSS | CVE-2016-1914 CVE-2016-1915 |
| FULLDISC:20160222 Vulnerability in WebSVN 2.3.3 | CVE-2016-2511 |
| FULLDISC:20160223 [KIS-2016-02] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability | CVE-2016-2212 |
| FULLDISC:20160225 CVE-2015-6541 : Multiple CSRF in Zimbra Mail interface | CVE-2015-6541 |
| FULLDISC:20160225 D-Link, Netgear Router Vulnerabiltiies | CVE-2016-1555 CVE-2016-1556 CVE-2016-1557 CVE-2016-1558 CVE-2016-1559 |
| FULLDISC:20160225 [CVE-2015-5345] Information disclosure vulnerability in Apache Tomcat | CVE-2015-5345 |
| FULLDISC:20160303 WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities | CVE-2015-6472 CVE-2015-6473 |
| FULLDISC:20160304 McAfee VirusScan Enterprise security restrictions bypass | CVE-2016-3984 CVE-2016-4534 |
| FULLDISC:20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr" | CVE-2016-2851 |
| FULLDISC:20160309 CVE-2016-2563 - PuTTY/PSCP <=0.66 buffer overflow - vuln-pscp-sink-sscanf | CVE-2016-2563 |
| FULLDISC:20160309 [CORE-2016-0004] - SAP Download Manager Password Weak Encryption | CVE-2016-3684 CVE-2016-3685 |
| FULLDISC:20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection | CVE-2016-3115 |
| FULLDISC:20160314 CVE-2016-3116 - Dropbear SSH xauth injection | CVE-2016-3115 CVE-2016-3116 |
| FULLDISC:20160316 [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow | CVE-2016-1885 |
| FULLDISC:20160317 Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing | CVE-2015-8264 |
| FULLDISC:20160317 Re: [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow | CVE-2016-1885 |
| FULLDISC:20160320 FortiOS (Fortinet) - Open Redirect and Cross Site Scripting | CVE-2016-3978 |
| FULLDISC:20160404 DotCMS injection Vulnerability | CVE-2016-3688 |
| FULLDISC:20160404 SQL Injection Vulnerability in DotCms v3.3 | CVE-2016-3688 |
| FULLDISC:20160404 [CVE-2016-3659]Cacti graph_view.php SQL Injection Vulnerability | CVE-2016-3659 |
| FULLDISC:20160404 [SE-2012-01] Broken security fix in IBM Java 7/8 | CVE-2013-3009 CVE-2016-0363 |
| FULLDISC:20160405 Re: [SE-2012-01] Broken security fix in IBM Java 7/8 | CVE-2013-3009 CVE-2016-0363 |
| FULLDISC:20160406 CVE-2016-3672 - Unlimiting the stack not longer disables ASLR | CVE-2016-3672 |
| FULLDISC:20160406 Panda Security 2016 Home User Products - Privilege Escalation | CVE-2015-7378 |
| FULLDISC:20160406 Panda Security Multiple Business Products - Privilege Escalation | CVE-2016-3943 |
| FULLDISC:20160408 [CVE-2016-3971]DotCMS xss vulnerability | CVE-2016-3971 |
| FULLDISC:20160408 [CVE-2016-3972]DotCMS Directory traversal vulnerability | CVE-2016-3972 |
| FULLDISC:20160412 .NET Framework 4.6 allows side loading of Windows API Set DLL | CVE-2016-0148 |
| FULLDISC:20160412 [SE-2012-01] Yet another broken security fix in IBM Java 7/8 | CVE-2016-0376 |
| FULLDISC:20160415 [ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability | CVE-2016-1911 |
| FULLDISC:20160415 [ERPSCAN-16-002] SAP HANA - log injection and no size restriction | CVE-2016-1929 |
| FULLDISC:20160416 Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability | CVE-2016-0160 |
| FULLDISC:20160416 [ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues | CVE-2016-1910 |
| FULLDISC:20160420 Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1 | CVE-2014-2710 |
| FULLDISC:20160420 [ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) - XSS vulnerability | CVE-2016-1911 |
| FULLDISC:20160420 [ERPSCAN-16-005] SAP HANA hdbxsengine JSON - DoS vulnerability | CVE-2016-1928 |
| FULLDISC:20160421 CVE-2016-3074: libgd: signedness vulnerability | CVE-2016-3074 |
| FULLDISC:20160427 EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection | CVE-2016-0891 |
| FULLDISC:20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser) | CVE-2016-3627 |
| FULLDISC:20160503 CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection | CVE-2016-4338 |
| FULLDISC:20160503 Moxa MiiNePort - Multiple Vulnerabilities | CVE-2016-2285 CVE-2016-2286 CVE-2016-2295 |
| FULLDISC:20160506 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning | CVE-2016-2784 |
| FULLDISC:20160506 NetCommWireless HSPA 3G10WVE Wireless Router - Multiple vulnerabilities | CVE-2015-6023 CVE-2015-6024 |
| FULLDISC:20160506 Re: NetCommWireless HSPA 3G10WVE Wireless Router - Multiple vulnerabilities | CVE-2015-6023 CVE-2015-6024 |
| FULLDISC:20160512 Huawei Mobile Broadband HL Service Local Privilege Escalation | CVE-2016-2855 |
| FULLDISC:20160517 [ERPSCAN-16-008] SAP NetWeaver AS JAVA - XSS vulnerability in ProxyServer servlet | CVE-2016-2387 |
| FULLDISC:20160517 [ERPSCAN-16-009] SAP xMII - directory traversal vulnerability | CVE-2016-2389 |
| FULLDISC:20160517 [ICS] Meteocontrol WEB'log Multiple Vulnerabilities | CVE-2016-2296 CVE-2016-2297 CVE-2016-2298 |
| FULLDISC:20160523 [ERPSCAN-16-010] SAP NetWeaver AS JAVA - information disclosure vulnerability | CVE-2016-2388 |
| FULLDISC:20160523 [ERPSCAN-16-011] SAP NetWeaver AS JAVA - SQL injection vulnerability | CVE-2016-2386 |
| FULLDISC:20160525 CVE-2016-4803 dotCMS - Email Header Injection | CVE-2016-4803 |
| FULLDISC:20160526 CVE-2015-3854 Battery permission leakage in Android | CVE-2015-3854 |
| FULLDISC:20160526 Re: CVE-2015-3854 Battery permission leakage in Android | CVE-2015-3854 |
| FULLDISC:20160601 CVE-2016-3670 Stored Cross Site Scripting in Liferay CE | CVE-2016-3670 |
| FULLDISC:20160609 nagios phishing vector & xss | CVE-2016-6209 |
| FULLDISC:20160614 CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder | CVE-2016-5060 |
| FULLDISC:20160615 CVE-2016-3642 - Java Deserialization in Solarwinds Virtualization Manager 6.3.1 | CVE-2016-3642 |
| FULLDISC:20160615 CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager | CVE-2016-3643 |
| FULLDISC:20160615 Java Deserialization in Solarwinds Virtualization Manager 6.3.1 | CVE-2016-3642 |
| FULLDISC:20160615 Microsoft Visio multiple DLL side loading vulnerabilities | CVE-2016-3235 |
| FULLDISC:20160616 CVE-2016-5709 - Use of Weak Encryption Algorithm in Solarwinds Virtualization Manager | CVE-2016-5709 |
| FULLDISC:20160618 CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion | CVE-2016-0199 |
| FULLDISC:20160618 [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player | CVE-2016-1014 |
| FULLDISC:20160618 [ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability | CVE-2016-3976 |
| FULLDISC:20160618 [ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability | CVE-2016-3974 |
| FULLDISC:20160618 [ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability | CVE-2016-3975 |
| FULLDISC:20160621 [ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability | CVE-2016-3973 |
| FULLDISC:20160624 [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability | CVE-2016-3979 |
| FULLDISC:20160624 [ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability | CVE-2016-3980 |
| FULLDISC:20160706 CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] | CVE-2016-4979 |
| FULLDISC:20160707 Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648) | CVE-2016-5648 |
| FULLDISC:20160707 [KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability | CVE-2016-6174 |
| FULLDISC:20160712 [RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries | CVE-2016-4469 |
| FULLDISC:20160712 [RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting | CVE-2016-5005 |
| FULLDISC:20160714 opensshd - user enumeration | CVE-2016-6210 |
| FULLDISC:20160715 [ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability | CVE-2016-4014 |
| FULLDISC:20160715 [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability | CVE-2016-4016 |
| FULLDISC:20160719 Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186) | CVE-2016-6186 |
| FULLDISC:20160725 CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603] | CVE-2016-5080 |
| FULLDISC:20160725 [SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities | CVE-2014-1677 |
| FULLDISC:20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability | CVE-2016-3196 |
| FULLDISC:20160805 Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231) | CVE-2016-6231 |
| FULLDISC:20160805 [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) | CVE-2016-5331 |
| FULLDISC:20160809 Internet Explorer iframe sandbox local file name disclosure vulnerability | CVE-2016-3321 |
| FULLDISC:20160810 [CORE-2016-0006] - SAP CAR Multiple Vulnerabilities | CVE-2016-5845 CVE-2016-5847 |
| FULLDISC:20160812 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 | CVE-2016-6600 CVE-2016-6601 CVE-2016-6602 CVE-2016-6603 |
| FULLDISC:20160818 Onapsis Security Advisory ONAPSIS-2016-006: SAP HANA Get Topology Information | CVE-2016-3639 |
| FULLDISC:20160819 Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution | CVE-2016-6137 |
| FULLDISC:20160819 Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal | CVE-2016-6138 |
| FULLDISC:20160819 Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read | CVE-2016-6139 |
| FULLDISC:20160819 Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write | CVE-2016-6140 |
| FULLDISC:20160819 Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit injection via SQL protocol | CVE-2016-6142 |
| FULLDISC:20160819 Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute force attack | CVE-2016-6144 |
| FULLDISC:20160819 Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure | CVE-2016-6145 |
| FULLDISC:20160819 Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information Disclosure in NameServer | CVE-2016-6146 |
| FULLDISC:20160819 Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution | CVE-2016-6147 |
| FULLDISC:20160819 Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote Code Execution | CVE-2016-6148 |
| FULLDISC:20160819 Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT | CVE-2016-6149 |
| FULLDISC:20160819 Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption | CVE-2016-6150 |
| FULLDISC:20160822 Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT | CVE-2016-6149 |
| FULLDISC:20160822 [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method | CVE-2016-6582 |
| FULLDISC:20160823 Re: Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution | CVE-2016-6137 |
| FULLDISC:20160823 Re: Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal | CVE-2016-6138 |
| FULLDISC:20160823 Re: Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read | CVE-2016-6139 |
| FULLDISC:20160824 [RCESEC-2016-005][CVE-2016-6913] AlienVault USM/OSSIM 5.2 conf/reload.php "back" DOM-based Cross-Site Scripting | CVE-2016-6913 |
| FULLDISC:20160825 Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure | CVE-2016-0425 |
| FULLDISC:20160825 Onapsis Security Advisory ONAPSIS-2016-009: JD Edwards JDENet Password Disclosure | CVE-2016-0422 |
| FULLDISC:20160825 Onapsis Security Advisory ONAPSIS-2016-010: JD Edwards Server Manager Shutdown | CVE-2016-0421 |
| FULLDISC:20160825 Onapsis Security Advisory ONAPSIS-2016-011: JD Edwards Server Manager Create users | CVE-2016-0420 |
| FULLDISC:20160825 Onapsis Security Advisory ONAPSIS-2016-012: JD Edwards JDENET function DoS | CVE-2016-0424 |
| FULLDISC:20160825 Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS | CVE-2016-0423 |
| FULLDISC:20160825 SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise | CVE-2016-5760 CVE-2016-5761 CVE-2016-5762 |
| FULLDISC:20160830 Onapsis Security Advisory ONAPSIS-2016-018: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438 | CVE-2016-3438 |
| FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | CVE-2016-6662 |
| FULLDISC:20160921 CVE-2016-5725 - JCraft/JSch Java Secure Channel <= 0.1.53 recursive sftp-get path traversal (client-side, windows) | CVE-2016-5725 |
| FULLDISC:20160927 skype installer dll hijacking vulnerability - CVE-2016-5720 | CVE-2016-5720 |
| FULLDISC:20160928 Symantec Messaging Gateway <= 10.6.1 Directory Traversal | CVE-2016-5312 |
| FULLDISC:20161003 Onapsis Security Advisory ONAPSIS-2016-036: SAP Security Audit Log invalid address logging | CVE-2016-4551 |
| FULLDISC:20161003 Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP | CVE-2016-7435 |
| FULLDISC:20161003 Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV | CVE-2016-7435 |
| FULLDISC:20161003 Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG | CVE-2016-7435 |
| FULLDISC:20161006 [KIS-2016-12] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability | CVE-2016-5313 |
| FULLDISC:20161011 Onapsis Security Advisory ONAPSIS-2016-001: SAP console insecure password storage | CVE-2016-3946 |
| FULLDISC:20161011 Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass | CVE-2016-3635 |
| FULLDISC:20161011 Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption | CVE-2016-3638 |
| FULLDISC:20161011 Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA Algorithm | CVE-2016-4407 |
| FULLDISC:20161011 Onapsis Security Advisory ONAPSIS-2016-051: SAP Business Objects Memory Corruption | CVE-2016-7437 |
| FULLDISC:20161011 [SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow | CVE-2016-6808 |
| FULLDISC:20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing | CVE-2016-6304 |
| FULLDISC:20161019 Multiple Vulnerabilities in Plone CMS | CVE-2016-7135 CVE-2016-7136 CVE-2016-7137 CVE-2016-7138 CVE-2016-7139 CVE-2016-7140 |
| FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | CVE-2016-6663 CVE-2016-6664 |
| FULLDISC:20161102 Disclose [10 * cve] in Exponent CMS | CVE-2016-7780 CVE-2016-7781 CVE-2016-7782 CVE-2016-7783 CVE-2016-7784 CVE-2016-7788 CVE-2016-7789 CVE-2016-9019 CVE-2016-9020 CVE-2016-9087 |
| FULLDISC:20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow | CVE-2016-6563 |
| FULLDISC:20161110 CA11/09/2016-01: Security Notice for CA Unified Infrastructure Management | CVE-2016-9164 |
| FULLDISC:20161110 CA11/09/2016-02: Security Notice for CA Service Desk Manager | CVE-2016-9148 |
| FULLDISC:20161115 OS-S 2016-22 - Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read | CVE-2016-10208 |
| FULLDISC:20161116 Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247) | CVE-2016-1247 |
| FULLDISC:20161118 CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details | CVE-2016-3247 |
| FULLDISC:20161125 CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details | CVE-2015-0050 |
| FULLDISC:20161125 CVE-2015-1251: Chrome blink Speech­Recognition­Controller use-after-free details | CVE-2015-1251 |
| FULLDISC:20161201 CVE-2015-6168: MS Edge CMarkup::EnsureDeleteCFState use-after-free details | CVE-2015-6168 |
| FULLDISC:20161205 CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption | CVE-2016-3222 |
| FULLDISC:20161209 [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security | CVE-2016-9832 |
| FULLDISC:20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2 | CVE-2016-6304 |
| FULLDISC:20161214 Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability | CVE-2016-7866 |
| FULLDISC:20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] | CVE-2016-9565 |
| FULLDISC:20161215 Nagios Core < 4.2.4 Root Privilege Escalation [CVE-2016-9566] | CVE-2016-9566 |
| FULLDISC:20161219 CVE-2013-6627: Chrome Chrome HTTP 1xx base::StringTokenizerT<...>::QuickGetNext OOBR | CVE-2013-6627 |
| FULLDISC:20161220 [ERPSCAN-16-035] SAP Solman - user accounts disclosure | CVE-2016-10005 |
| FULLDISC:20161227 PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] | CVE-2016-10033 |
| FULLDISC:20161227 PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) | CVE-2016-10045 |
| FULLDISC:20161229 SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074) | CVE-2016-10074 |
| FULLDISC:20170103 Persisted Cross-Site Scripting (XSS) in Confluence Jira Software | CVE-2016-6283 |
| FULLDISC:20170106 Re: Persisted Cross-Site Scripting (XSS) in Confluence Jira Software | CVE-2016-6283 |
| FULLDISC:20170110 Docker 1.12.6 - Security Advisory | CVE-2016-9962 |
| FULLDISC:20170111 Re: [oss-security] Docker 1.12.6 - Security Advisory | CVE-2016-9962 |
| FULLDISC:20170112 [CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions | CVE-2016-3403 |
| FULLDISC:20170113 Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] | CVE-2016-1247 |
| FULLDISC:20170117 Reflected Cross-Site Scripting (XSS) in Atlassian Jira Software | CVE-2016-6285 |
| FULLDISC:20170119 [ERPSCAN-16-036] SAP ASE ODATA SERVER - DENIAL OF SERVICE | CVE-2017-5371 |
| FULLDISC:20170119 [ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE | CVE-2017-5372 |
| FULLDISC:20170206 Remote DoS against OpenBSD http server (up to 6.0) | CVE-2017-5850 |
| FULLDISC:20170214 [Kodi v17.1] - Local File Inclusion | CVE-2017-5982 |
| FULLDISC:20170221 Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass | CVE-2017-5496 |
| FULLDISC:20170222 EasyCom PHP API Stack Buffer Overflow | CVE-2017-5358 |
| FULLDISC:20170222 EasyCom SQL iPlug Denial Of Service | CVE-2017-5359 |
| FULLDISC:20170223 Multiple cross-site request forgery (CSRF) vulnerabilities in the DIGISOL (DG-HR 1400) Wireless Router | CVE-2017-6127 |
| FULLDISC:20170227 CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6 | CVE-2016-9892 |
| FULLDISC:20170228 CVE-2017-6189-Amazon Kindle for Windows | CVE-2017-6189 |
| FULLDISC:20170305 CVE-2017-6443: Persistent XSS in EPSON TMNet WebConfig Ver. 1.00 | CVE-2017-6443 |
| FULLDISC:20170310 CVE-2017-6550: Kinsey Infor-Lawson - Multiple SQL Injections | CVE-2017-6550 |
| FULLDISC:20170314 CVE-2017-6805 MobaXterm Personal Edition v9.4 Directory Traversal File Disclosure | CVE-2017-6805 |
| FULLDISC:20170316 Skype Insecure Library Loading Vulnerability (api-ms-win-core-winrt-string-l1-1-0.dll) | CVE-2017-6517 |
| FULLDISC:20170316 USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability | CVE-2017-6911 |
| FULLDISC:20170316 USB Pratirodh XML External Entity Injection Vulnerability | CVE-2017-6895 |
| FULLDISC:20170318 [CVE-2017-6878]etInfo5.3.15 Stored Cross Site Scripting | CVE-2017-6878 |
| FULLDISC:20170327 CVE-2017-5900 | CVE-2017-5900 |
| FULLDISC:20170330 Splunk Enterprise Information Theft - CVE-2017-5607 | CVE-2017-5607 |
| FULLDISC:20170404 ManageEngine Applications Manager Multiple Vulnerabilities | CVE-2016-9488 CVE-2016-9489 CVE-2016-9490 CVE-2016-9491 CVE-2016-9498 |
| FULLDISC:20170411 CVE-2017-7456 MXview v2.8 Denial Of Service | CVE-2017-7456 |
| FULLDISC:20170411 CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18 | CVE-2017-7643 |
| FULLDISC:20170411 Moxa MX AOPC-Server v1.5 XML External Entity | CVE-2017-7457 |
| FULLDISC:20170411 Moxa MXview v2.8 Remote Private Key Disclosure | CVE-2017-7455 |
| FULLDISC:20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities | CVE-2017-9032 CVE-2017-9033 CVE-2017-9034 CVE-2017-9035 CVE-2017-9036 CVE-2017-9037 |
| FULLDISC:20170602 Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux | CVE-2017-1000367 |
| FULLDISC:20170628 [CORE-2017-0003] - Kaspersky Anti-Virus File Server Multiple Vulnerabilities | CVE-2017-9810 CVE-2017-9811 CVE-2017-9812 CVE-2017-9813 |
| FULLDISC:20170717 CVE-2017-7642 Local root privesc in Hashicorp vagrant-vmware-fusion <= 4.0.20 | CVE-2017-7642 |
| FULLDISC:20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities | CVE-2016-2177 CVE-2016-2178 CVE-2016-2181 CVE-2016-2182 CVE-2016-6304 CVE-2016-6306 |
| FULLDISC:20170717 PEGA Platform <= 7.2 ML0 - Multiple vulnerabilities | CVE-2017-11355 CVE-2017-11356 |
| FULLDISC:20170719 APPLE-SA-2017-07-19-1 iOS 10.3.3 | CVE-2017-8248 |
| FULLDISC:20170720 Google's Android News and Weather App Doesn't Always Use SSL [CVE-2017-9245] | CVE-2017-9245 |
| FULLDISC:20170724 CVE-2017-9457 CompuLab Intense PC lacks firmware signature validation | CVE-2017-9457 |
| FULLDISC:20170726 libjpeg-turbo denial of service vulnerability | CVE-2017-9614 |
| FULLDISC:20170802 CVE-2017-11741 Local root privesc in Hashicorp vagrant-vmware-fusion <= 4.0.23 | CVE-2017-11741 |
| FULLDISC:20170808 minidjvu multiple vulnerabilities | CVE-2017-12441 CVE-2017-12442 CVE-2017-12443 CVE-2017-12444 CVE-2017-12445 |
| FULLDISC:20170808 wildmidi multiple vulnerabilities | CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664 |
| FULLDISC:20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698) | CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698 |
| FULLDISC:20170815 QuantaStor Software Define Storage mmultiple vulnerabilities | CVE-2017-9978 CVE-2017-9979 |
| FULLDISC:20170817 CVE-2017-6327: Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE | CVE-2017-6327 |
| FULLDISC:20170822 libgig-LinuxSampler multiple vulnerabilities | CVE-2017-12950 CVE-2017-12951 CVE-2017-12952 CVE-2017-12953 CVE-2017-12954 |
| FULLDISC:20170831 Lexmark Scan to Network (SNF) printer application <= 3.2.9 Information Exposure | CVE-2017-13771 |
| FULLDISC:20170904 CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution | CVE-2017-11567 |
| FULLDISC:20170904 Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability | CVE-2017-13754 |
| FULLDISC:20170914 ESA-2017-098: EMC Data Protection Advisor Hardcoded Password Vulnerability | CVE-2017-8013 |
| FULLDISC:20170917 ZKTime_Web Software 2.0 - Cross Site Request Forgery | CVE-2017-13129 |
| FULLDISC:20170921 Pixie image Editor SSRF vulnerability for CVE-2017-12905 | CVE-2017-12905 |
| FULLDISC:20170922 WordPress Plugin Responsive Image Gallery 1.1.8 - SQL Injection | CVE-2017-14125 |
| FULLDISC:20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13 | CVE-2016-9042 CVE-2017-6458 |
| FULLDISC:20170925 OpenText Documentum Administrator and Webtop - Open Redirection | CVE-2017-14524 CVE-2017-14525 |
| FULLDISC:20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection | CVE-2017-14526 CVE-2017-14527 |
| FULLDISC:20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084 | CVE-2017-14084 |
| FULLDISC:20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Host Header Injection CVE-2017-14087 | CVE-2017-14087 |
| FULLDISC:20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 | CVE-2017-14085 |
| FULLDISC:20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 | CVE-2017-14083 |
| FULLDISC:20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Memory Corruption CVE-2017-14089 | CVE-2017-14089 |
| FULLDISC:20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / DOS - INI Corruption CVE-2017-14086 | CVE-2017-14086 |
| FULLDISC:20171007 CVE-2017-13706, Lansweeper 6.0.100.29 XXE Vulnerability | CVE-2017-13706 |
| FULLDISC:20171013 [RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 | CVE-2017-14956 |
| FULLDISC:20171016 [CVE-2017-15359] 3CX Phone System - Authenticated Directory Traversal | CVE-2017-15359 |
| FULLDISC:20171017 [CVE-2017-14322] Interspire Email Marketer - Remote Admin Authentication Bypass | CVE-2017-14322 |
| FULLDISC:20171023 [KIS-2017-02] Tuleap <= 9.6 Second-Order PHP Object Injection Vulnerability | CVE-2017-7411 |
| FULLDISC:20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13 | CVE-2016-9042 CVE-2017-6458 |
| FULLDISC:20171105 CVE-2017-12969 Avaya OfficeScan IPO Remote ActiveX Buffer Overflow | CVE-2017-12969 |
| FULLDISC:20171106 mkvalidator libebml2 mkclean multiple vulnerabilities | CVE-2017-12779 CVE-2017-12780 CVE-2017-12781 CVE-2017-12782 CVE-2017-12783 CVE-2017-12800 CVE-2017-12801 CVE-2017-12802 CVE-2017-12803 |
| FULLDISC:20171128 CVE-2017-14953 - Hikvision Wi-Fi IP Cameras associate to a default unencrypted rogue SSIDs in a wired configuration | CVE-2017-14953 |
| FULLDISC:20171201 Artica Web Proxy v3.06 Remote Code Execution / CVE-2017-17055 | CVE-2017-17055 |
| FULLDISC:20171201 Mist Server v2.12 Unauthenticated Persistent XSS CVE-2017-16884 | CVE-2017-16884 |
| FULLDISC:20171212 Meinberg LANTIME Web Configuration Utility - Arbitrary File Upload | CVE-2017-16788 |
| FULLDISC:20171212 Meinberg LANTIME Web Configuration Utility - Failure to Restrict URL Access | CVE-2017-16787 |
| FULLDISC:20171212 Three exploits for Zivif Web Cameras (may impact others) | CVE-2017-17105 CVE-2017-17106 CVE-2017-17107 |
| FULLDISC:20171215 Re: Meinberg LANTIME Web Configuration Utility - Arbitrary File Read | CVE-2017-16786 |
| FULLDISC:20171215 SyncBreeze <= 10.2.12 - Denial of Service | CVE-2017-17088 |
| FULLDISC:20171215 [CONVISO-17-002] - Zoom Linux Client Stack-based Buffer Overflow Vulnerability | CVE-2017-15048 |
| FULLDISC:20171215 [CONVISO-17-003] - Zoom Linux Client Command Injection Vulnerability (RCE) | CVE-2017-15049 |
| FULLDISC:20171219 CVE-2017-6094 - Genexis GAPS Access Control Vulnerability | CVE-2017-6094 |
| FULLDISC:20171219 Multiple Vulnerabilities in TP-Link TL-SG108E - CVE-2017-17745, CVE-2017-17746, CVE-2017-17747 | CVE-2017-17745 CVE-2017-17746 CVE-2017-17747 |
| FULLDISC:20171223 [CVE-2016-6914] Ubiquiti UniFi Video v3.7.3 (Windows) Local Privileges Escalation via Insecure Directory Permissions | CVE-2016-6914 |
| FULLDISC:20180102 EMC xDashboard - SQL Injection Vulnerability | CVE-2017-14960 |
| FULLDISC:20180105 [CVE-2017-7997] Gespage SQL Injection vulnerability | CVE-2017-7997 |
| FULLDISC:20180105 [CVE-2017-7998] Gespage stored cross-site-scripting (XSS) vulnerability | CVE-2017-7998 |
| FULLDISC:20180109 FiberHome MIFI LM53Q1 Multiple Vulnerabilities | CVE-2017-16885 CVE-2017-16886 CVE-2017-16887 |
| FULLDISC:20180109 SSD Advisory - Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access | CVE-2017-18014 |
| FULLDISC:20180116 Multiple vulnerabilities in all versions of ASUS routers | CVE-2017-15653 CVE-2017-15654 CVE-2017-15655 CVE-2017-15656 |
| FULLDISC:20180122 CMS Made Simple 2.2.5[Reflected Cross-Site Scripting] | CVE-2018-5965 |
| FULLDISC:20180123 CMS Made Simple 2.2.5 [Stored Cross-Site Scripting] | CVE-2018-5963 |
| FULLDISC:20180123 CMS Made Simple 2.2.5[Reflected Cross-Site Scripting] | CVE-2018-5964 |
| FULLDISC:20180126 [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4 | CVE-2016-6598 CVE-2016-6599 |
| FULLDISC:20180126 [CVE-2018-6194, CVE-2018-6195] PHP Object Injection + XSS in WordPress Splashing Images Plugin | CVE-2018-6194 CVE-2018-6195 |
| FULLDISC:20180202 Flexense SyncBreeze Entreprise 10.3.14 Buffer Overflow (SEH-bypass) | CVE-2017-17996 |
| FULLDISC:20180208 SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro | CVE-2018-5306 CVE-2018-5307 |
| FULLDISC:20180209 CVS Suite 2009R2 Insecure Library Loading CVE-2018-6461 | CVE-2018-6461 |
| FULLDISC:20180227 ActivePDF Toolkit < 8.1.0 multiple RCE | CVE-2018-7264 |
| FULLDISC:20180306 Rapid Scada - 5.5.0 - Insecure Permissions | CVE-2018-5313 |
| FULLDISC:20180309 10-Strike Network Monitor 5.4 - Unquoted Service Path | CVE-2018-6016 |
| FULLDISC:20180309 BitDefender Total Security 2018 - Insecure Pipe Permissions | CVE-2018-6183 |
| FULLDISC:20180309 Hola VPN 1.79.859 - Insecure service permissions | CVE-2018-6623 |
| FULLDISC:20180309 Panda Global Security 17.0.1 - NULL DACL grants full access | CVE-2018-6322 |
| FULLDISC:20180309 Panda Global Security 17.0.1 - Unquoted service path | CVE-2018-6321 |
| FULLDISC:20180309 Tuleap SQL Injection | CVE-2018-7538 |
| FULLDISC:20180309 WPS Free Office 10.2.0.5978 - NULL DACL grants full access | CVE-2018-6400 |
| FULLDISC:20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail | CVE-2018-7701 CVE-2018-7702 CVE-2018-7703 CVE-2018-7704 CVE-2018-7705 CVE-2018-7706 CVE-2018-7707 |
| FULLDISC:20180313 SQL Injection in Textpattern <= 4.6.2 | CVE-2018-7474 |
| FULLDISC:20180315 [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow | CVE-2018-7445 |
| FULLDISC:20180316 DSA-2018-037: Dell EMC NetWorker Buffer Overflow Vulnerability | CVE-2018-1218 |
| FULLDISC:20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities | CVE-2018-1186 CVE-2018-1187 CVE-2018-1188 CVE-2018-1189 CVE-2018-1201 CVE-2018-1202 CVE-2018-1203 CVE-2018-1204 CVE-2018-1213 |
| FULLDISC:20180322 LDAP Account Manager (6.2) CVE-2018-8763, CVE-2018-8764 | CVE-2018-8763 CVE-2018-8764 |
| FULLDISC:20180324 Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links | CVE-2018-6882 |
| FULLDISC:20180326 DSA-2018-040: RSA Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities | CVE-2018-1232 CVE-2018-1233 CVE-2018-1234 |
| FULLDISC:20180326 DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities | CVE-2018-1205 CVE-2018-1237 CVE-2018-1238 |
| FULLDISC:20180327 Blind SQL Injection in Square 9 GlobalForms <= 6.2.x (CVE-2018-8820) | CVE-2018-8820 |
| FULLDISC:20180327 ManageEngine Service Desk Plus < 9403 Cross-Site Scripting | CVE-2018-5799 |
| FULLDISC:20180330 CVE-2018-5708 | CVE-2018-5708 |
| FULLDISC:20180330 SSRF(Server Side Request Forgery) in Tpshop <= 2.0.6 (CVE-2017-16614) | CVE-2017-16614 |
| FULLDISC:20180403 CVE-2018-4863 Sophos Endpoint Protection v10.7 / Tamper Protection Bypass | CVE-2018-4863 |
| FULLDISC:20180403 CVE-2018-9233 Sophos Endpoint Protection Control Panel v10.7 / Insecure Crypto | CVE-2018-9233 |
| FULLDISC:20180405 DSA-2018-025: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability | CVE-2018-1217 |
| FULLDISC:20180406 SSRF(Server Side Request Forgery) in Cockpit CMS 0.13.0 (CVE-2017-14611) | CVE-2017-14611 |
| FULLDISC:20180406 SSRF(Server Side Request Forgery) in Onethink All version (CVE-2017-14323) | CVE-2017-14323 |
| FULLDISC:20180409 [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution | CVE-2018-9843 |
| FULLDISC:20180409 [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure | CVE-2018-9842 |
| FULLDISC:20180411 DSA-2018-071: Dell EMC ViPR Controller Information Exposure Vulnerability | CVE-2018-1240 |
| FULLDISC:20180413 Re: CVE-2018-7539 Directory Traversal on Appear TV Maintenance centre 8088 | CVE-2018-7539 |
| FULLDISC:20180417 Kodi <= 17.6 - Persistent Cross-Site Scripting | CVE-2018-8831 |
| FULLDISC:20180424 SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server | CVE-2018-8716 |
| FULLDISC:20180424 Sitecore Directory Traversal Vulnerability | CVE-2018-7669 |
| FULLDISC:20180425 DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability | CVE-2018-1183 |
| FULLDISC:20180427 Unvalidated Redirect in Shibboleth component of Blackboard Learn | CVE-2017-18262 |
| FULLDISC:20180429 ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities | CVE-2018-11340 CVE-2018-11341 CVE-2018-11342 CVE-2018-11343 CVE-2018-11344 CVE-2018-11345 CVE-2018-11346 |
| FULLDISC:20180501 Backdoor in Tpshop <= 2.0.8 (CVE-2018-9919) | CVE-2018-9919 |
| FULLDISC:20180501 Multiple issues in WatchGuard AP100 AP102 AP200 result in remote code execution | CVE-2018-10575 CVE-2018-10576 CVE-2018-10577 CVE-2018-10578 |
| FULLDISC:20180501 SSRF(Server Side Request Forgery) in Cockpit 0.4.4-0.5.5 (CVE-2018-9302) | CVE-2018-9302 |
| FULLDISC:20180501 XSS in Flexense DiskPulse, affects all versions | CVE-2018-10564 |
| FULLDISC:20180501 XSS in Flexense DiskSavvy, affects all versions | CVE-2018-10565 |
| FULLDISC:20180501 XSS in Flexense DiskSorter, affects all versions | CVE-2018-10568 |
| FULLDISC:20180501 XSS in Flexense DupScout, affects all versions | CVE-2018-10566 |
| FULLDISC:20180501 XSS in Flexense SyncBreeze, affects all versions | CVE-2018-10563 |
| FULLDISC:20180501 XSS in Flexense VX Search, affects all versions | CVE-2018-10567 |
| FULLDISC:20180501 XSS-Flexense-DiskBoss-Enterprise-all-versions | CVE-2018-10294 |
| FULLDISC:20180503 DSA-2018-063: Dell EMC Unity Family OS Command Injection Vulnerability | CVE-2018-1239 |
| FULLDISC:20180504 DSA-2018-086: RSA Authentication Manager Multiple Vulnerabilities | CVE-2018-1247 CVE-2018-1248 |
| FULLDISC:20180513 CVE-2018-10759/CVE-2018-10760: Project Pier 0.8.8 vulnerabilities | CVE-2018-10759 CVE-2018-10760 |
| FULLDISC:20180516 CVE-2018-11101: Signal-desktop HTML tag injection variant 2 | CVE-2018-11101 |
| FULLDISC:20180516 PDFParser vulnerability | CVE-2018-11128 |
| FULLDISC:20180516 vcftools 0.1.15 vuln bugs | CVE-2018-11099 CVE-2018-11129 CVE-2018-11130 |
| FULLDISC:20180522 DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities | CVE-2018-1235 CVE-2018-1241 CVE-2018-1242 |
| FULLDISC:20180528 libmobi 0.3 vulns | CVE-2018-11432 CVE-2018-11433 CVE-2018-11434 CVE-2018-11435 CVE-2018-11436 CVE-2018-11437 CVE-2018-11438 |
| FULLDISC:20180528 taglib 1.11.1 vuln | CVE-2018-11439 |
| FULLDISC:20180529 SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle | CVE-2018-11476 CVE-2018-11477 CVE-2018-11478 |
| FULLDISC:20180530 CVE-2018-11551 AXON PBX DLL Loading Arbitrary Code Execution & Privilege Escalation Vulnerability | CVE-2018-11551 |
| FULLDISC:20180530 CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting | CVE-2018-11552 |
| FULLDISC:20180531 DSA-2018-085: RSA Web Threat Detection SQL Injection Vulnerability | CVE-2018-1252 |
| FULLDISC:20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities | CVE-2018-11143 CVE-2018-11144 CVE-2018-11145 CVE-2018-11146 CVE-2018-11147 CVE-2018-11148 CVE-2018-11149 CVE-2018-11150 CVE-2018-11151 CVE-2018-11152 CVE-2018-11153 CVE-2018-11154 CVE-2018-11155 CVE-2018-11156 CVE-2018-11157 CVE-2018-11158 CVE-2018-11159 CVE-2018-11160 CVE-2018-11161 CVE-2018-11162 CVE-2018-11163 CVE-2018-11164 CVE-2018-11165 CVE-2018-11166 CVE-2018-11167 CVE-2018-11168 CVE-2018-11169 CVE-2018-11170 CVE-2018-11171 CVE-2018-11172 CVE-2018-11173 CVE-2018-11174 CVE-2018-11175 CVE-2018-11176 CVE-2018-11177 CVE-2018-11178 CVE-2018-11179 CVE-2018-11180 CVE-2018-11181 CVE-2018-11182 CVE-2018-11183 CVE-2018-11184 CVE-2018-11185 CVE-2018-11186 CVE-2018-11187 CVE-2018-11188 CVE-2018-11189 CVE-2018-11190 CVE-2018-11191 CVE-2018-11192 CVE-2018-11193 CVE-2018-11194 |
| FULLDISC:20180601 DisplayLink Installer 8.2.1956 DLL Hijack to privilege escalation CVE-2018-7884 | CVE-2018-7884 |
| FULLDISC:20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) | CVE-2018-11688 |
| FULLDISC:20180608 Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS) | CVE-2018-11690 |
| FULLDISC:20180608 Multiple Automated Logic Corporation WebCTRL XML External Entity Injection (CVE-2018-8819) | CVE-2018-8819 |
| FULLDISC:20180608 Open-Xchange Security Advisory 2018-06-08 | CVE-2017-17062 CVE-2018-5751 CVE-2018-5752 CVE-2018-5753 CVE-2018-5754 CVE-2018-5755 CVE-2018-5756 |
| FULLDISC:20180608 Re: Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) | CVE-2018-11688 |
| FULLDISC:20180608 libfsntfs 20180420 vulns | CVE-2018-11727 CVE-2018-11728 CVE-2018-11729 CVE-2018-11730 CVE-2018-11731 |
| FULLDISC:20180608 libmobi 0.3 vulnerabilities | CVE-2018-11724 CVE-2018-11725 CVE-2018-11726 |
| FULLDISC:20180608 libpff 20180428 vulnerability | CVE-2018-11723 |
| FULLDISC:20180612 DSA-2018-107: RSA Authentication Manager Cross-site scripting Vulnerabilities | CVE-2018-1253 CVE-2018-1254 |
| FULLDISC:20180614 liblnk 20180419 vulns | CVE-2018-12096 CVE-2018-12097 CVE-2018-12098 |
| FULLDISC:20180619 DSA-2018-126: EMC ECS S3 Authentication Bypass Vulnerability | CVE-2018-11052 |
| FULLDISC:20180619 XSS in Canopy login page | CVE-2018-9036 |
| FULLDISC:20180628 DSA-2018-122: RSA Certificate Manager Path Traversal Vulnerability | CVE-2018-11051 |
| FULLDISC:20180702 CVE-2018-12103 | CVE-2018-12103 |
| FULLDISC:20180702 Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction | CVE-2018-12571 |
| FULLDISC:20180702 Open-Xchange Security Advisory 2018-07-02 | CVE-2018-9997 CVE-2018-9998 |
| FULLDISC:20180702 Re: Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction | CVE-2018-12571 |
| FULLDISC:20180702 XSS in Sencha Ext JS 4 to 6 | CVE-2018-8046 |
| FULLDISC:20180702 ntop-ng < 3.4.180617 - Authentication bypass / session hijacking | CVE-2018-12520 |
| FULLDISC:20180704 SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers | CVE-2018-13108 |
| FULLDISC:20180704 SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers | CVE-2018-13109 |
| FULLDISC:20180704 SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers | CVE-2018-13110 |
| FULLDISC:20180705 DSA-2018-117 RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability | CVE-2018-11049 |
| FULLDISC:20180706 Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities. | CVE-2018-6851 CVE-2018-6852 CVE-2018-6853 CVE-2018-6854 CVE-2018-6855 CVE-2018-6856 CVE-2018-6857 |
| FULLDISC:20180710 VLC media player 2.2.8 Arbitrary Code Execution PoC | CVE-2018-11529 |
| FULLDISC:20180710 [CVE-2018-10197] ELO 9/10 - Time-Based blind SQL injection | CVE-2018-10197 |
| FULLDISC:20180711 DSA-2018-084: RSA Identity Governance and Lifecycle Multiple Vulnerabilities | CVE-2018-1245 CVE-2018-1255 |
| FULLDISC:20180711 SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T | CVE-2018-12979 CVE-2018-12980 CVE-2018-12981 |
| FULLDISC:20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities | CVE-2018-0706 CVE-2018-0707 CVE-2018-0708 CVE-2018-0709 CVE-2018-0710 |
| FULLDISC:20180712 G DATA TOTAL SECURITY v25.4.0.3 Activex Buffer Overflow | CVE-2018-10018 |
| FULLDISC:20180712 Total AV 4.1.7 ~ 4 .6.19 - Insecure Permissions | CVE-2018-7535 |
| FULLDISC:20180712 eScan ISS for Business v14.0.1400.2029 - BSOD through of a IOCTL | CVE-2018-10098 |
| FULLDISC:20180718 DSA-2018-130: RSA Archer Multiple Vulnerabilities | CVE-2018-11059 CVE-2018-11060 |
| FULLDISC:20180720 [CVE-2018-12996] Zoho manageengine Applications Manager Reflected XSS | CVE-2018-12996 |
| FULLDISC:20180720 [CVE-2018-12997]Zoho manageengine Arbitrary File Read in multiple Products | CVE-2018-12997 |
| FULLDISC:20180720 [CVE-2018-12998]Zoho manageengine Reflected XSS in multiple Products | CVE-2018-12998 |
| FULLDISC:20180720 [CVE-2018-12999]Zoho manageengine Desktop Central Arbitrary File Deletion | CVE-2018-12999 |
| FULLDISC:20180725 DSA-2018-120: Dell EMC NetWorker Clear-Text authentication over network vulnerability | CVE-2018-11050 |
| FULLDISC:20180726 [CORE-2018-0009] - SoftNAS Cloud OS Command Injection | CVE-2018-14417 |
| FULLDISC:20180727 Integer overflow in SunContract | CVE-2018-14576 |
| FULLDISC:20180731 Out-of-Band XXE in Universal Media Server's SSDP Processing | CVE-2018-13416 |
| FULLDISC:20180802 (CVE-2018-13415) Out-of-Band XXE in Plex Media Server | CVE-2018-13415 |
| FULLDISC:20180802 (CVE-2018-13417) Out-of-Band XXE in Vuze Bittorrent Client | CVE-2018-13417 |
| FULLDISC:20180803 CVE-2018-14857 (Unrestricted File Upload (RCE) in OCS Inventory NG Webconsole before 2.5) | CVE-2018-14857 |
| FULLDISC:20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability | CVE-2018-11048 |
| FULLDISC:20180813 [CONVISO-18-001] - Nasdaq BWise JMX/RMI RCE | CVE-2018-11247 |
| FULLDISC:20180814 DSA-2018-132: RSA NetWitness Platform Server-Side Template Injection Vulnerability | CVE-2018-11061 |
| FULLDISC:20180814 DSA-2018-144: RSA Archer SQL Injection Vulnerability within embedded WorkPoint component | CVE-2018-11065 |
| FULLDISC:20180816 SEC Consult SA-20180813-0 :: SQL Injection, XSS & CSRF vulnerabilities in Pimcore | CVE-2018-14057 CVE-2018-14058 CVE-2018-14059 |
| FULLDISC:20180821 CVE-2017-11563: Remote Code Execution via stack overflow in D-Link EyeOn Baby Monitor (DCS-825L) | CVE-2017-11563 |
| FULLDISC:20180821 CVE-2017-11564: multiple command inject in D-Link EyeOn Baby Monitor (DCS-825L) | CVE-2017-11564 |
| FULLDISC:20180821 CVE-2017-12573: command injection in PLANEX CS-W50HD | CVE-2017-12573 |
| FULLDISC:20180821 CVE-2017-12574: Hardcode credential in PLANEX CS-W50HD | CVE-2017-12574 |
| FULLDISC:20180821 CVE-2017-12575: information leakage in NEC Aterm WG2600HP2 | CVE-2017-12575 |
| FULLDISC:20180821 CVE-2017-12576: an hidden management page in PLANEX CS-QR20 | CVE-2017-12576 |
| FULLDISC:20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20 | CVE-2017-12577 |
| FULLDISC:20180821 RESPONSIVE filemanager | CVE-2018-15535 CVE-2018-15536 |
| FULLDISC:20180827 CVE-2018-12710 | CVE-2018-12710 |
| FULLDISC:20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities | CVE-2018-11054 CVE-2018-11055 CVE-2018-11056 CVE-2018-11057 CVE-2018-11058 |
| FULLDISC:20180904 [CORE-2018-0008] - Opsview Monitor Multiple Vulnerabilities | CVE-2018-16144 CVE-2018-16145 CVE-2018-16146 CVE-2018-16147 CVE-2018-16148 |
| FULLDISC:20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities | CVE-2018-11068 CVE-2018-11069 CVE-2018-11070 |
| FULLDISC:20180906 SEC Consult SA-20180906-0 :: CSV Formula Injection in DokuWiki | CVE-2018-15474 |
| FULLDISC:20180907 CVE-2018-15898: Subsonic Music Streamer 4.4 (Android) - Improper Certificate Validation | CVE-2018-15898 |
| FULLDISC:20180907 DSA-2018-156: Dell EMC VPLEX Insecure File Permissions vulnerability on Witness | CVE-2018-11078 |
| FULLDISC:20180914 DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability | CVE-2018-11071 |
| FULLDISC:20180914 Disclose SSRF Vulnerability | CVE-2018-16794 |
| FULLDISC:20180916 [CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability | CVE-2018-16225 |
| FULLDISC:20180917 Disclose SSRF Vulnerability | CVE-2018-16793 |
| FULLDISC:20180918 DSA-2018-101: Dell EMC Unity Family Multiple Vulnerabilities | CVE-2018-1246 CVE-2018-1250 CVE-2018-1251 |
| FULLDISC:20180918 SEC Consult SA-20180918-0 :: Remote Code Execution via PHP unserialize in Moodle open-source learning platform | CVE-2018-14630 |
| FULLDISC:20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade | CVE-2018-17281 |
| FULLDISC:20180920 WordPress Plugin Localize My Post 1.0 - Local File Inclusion | CVE-2018-16299 |
| FULLDISC:20180920 WordPress Plugin Wechat Broadcast 1.2.0 - Local/Remote File Inclusion | CVE-2018-16283 |
| FULLDISC:20180921 DSA-2018-152: RSA Authentication Manager Multiple Vulnerabilities | CVE-2018-11073 CVE-2018-11074 CVE-2018-11075 |
| FULLDISC:20180921 [CVE-2018-13140] Antidote Remote Code Execution against the update component | CVE-2018-13140 |
| FULLDISC:20180924 DSA-2018-158: Dell EMC ESRS Policy Manager Remote Code Execution Vulnerability | CVE-2018-15764 |
| FULLDISC:20180926 DSA-2018-141: Dell EMC Unity Family Incorrect File Permissions vulnerability | CVE-2018-11064 |
| FULLDISC:20180926 Re: SEC Consult SA-20180926-0 :: Stored Cross-Site Scripting in Progress Kendo UI Editor | CVE-2018-14037 |
| FULLDISC:20180926 SEC Consult SA-20180926-0 :: | CVE-2018-14037 |
| FULLDISC:20181001 Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument | CVE-2018-15591 |
| FULLDISC:20181001 Ivanti Workspace Control Data Security bypass via localhost UNC path | CVE-2018-15590 |
| FULLDISC:20181001 Ivanti Workspace Control local privilege escalation via Named Pipe | CVE-2018-15592 |
| FULLDISC:20181001 Stored credentials Ivanti Workspace Control can be retrieved from Registry | CVE-2018-15593 |
| FULLDISC:20181003 CVE-2018-15903 - Stored XSS on Claromentis | CVE-2018-15903 |
| FULLDISC:20181004 [CORE-2010-0010] - D-Link Central WiFiManager Software Controller Multiple | CVE-2018-17440 CVE-2018-17441 CVE-2018-17442 CVE-2018-17443 |
| FULLDISC:20181008 Ektron Content Management System (CMS) 9.20 SP2, remote re-enabling users (CVE-2018-12596) | CVE-2018-12596 |
| FULLDISC:20181008 Multiple vulnerabilities in NPLUG wireless repeater | CVE-2018-12455 CVE-2018-12456 CVE-2018-17337 |
| FULLDISC:20181011 Cockpit CMS Multiple Vulnerabilities (CVE-2018-15538, CVE-2018-15539, CVE-2018-15540) | CVE-2018-15538 CVE-2018-15539 CVE-2018-15540 |
| FULLDISC:20181011 [SBA-ADV-20180319-01] CVE-2018-17532: Teltonika RUT9XX Unauthenticated OS Command Injection | CVE-2018-17532 |
| FULLDISC:20181011 [SBA-ADV-20180319-02] CVE-2018-17534: Teltonika RUT9XX Missing Access Control to UART Root Terminal | CVE-2018-17534 |
| FULLDISC:20181011 [SBA-ADV-20180410-01] CVE-2018-17533: Teltonika RUT9XX Reflected Cross-Site Scripting (XSS) | CVE-2018-17533 |
| FULLDISC:20181012 Multiple vulnerabilities in D-Link routers | CVE-2018-10822 CVE-2018-10823 CVE-2018-10824 |
| FULLDISC:20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities | CVE-2018-11079 CVE-2018-11080 CVE-2018-15765 |
| FULLDISC:20181016 Vulnerability Disclose | CVE-2018-18262 |
| FULLDISC:20181019 Zoho ManageEngine OpManager 12.3 allows Unrestricted Arbitrary File Upload | CVE-2018-18475 |
| FULLDISC:20181023 CVE-2018-8955: Bitdefender GravityZone Arbitrary Code Execution | CVE-2018-8955 |
| FULLDISC:20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability | CVE-2018-11062 |
| FULLDISC:20181102 Loadbalancer.org Enterprise VA MAX - Unauthenticated Stored XSS | CVE-2018-18864 |
| FULLDISC:20181102 Multiple Privilege Escalation Vulnerabilities in LiquidVPN for MacOS (CVE-2018-18856, CVE-2018-18857, CVE-2018-18858, CVE-2018-18859) | CVE-2018-18856 CVE-2018-18857 CVE-2018-18858 CVE-2018-18859 |
| FULLDISC:20181102 Royal TS/X - Information Disclosure | CVE-2018-18865 |
| FULLDISC:20181102 Zoho ManageEngine OpManager 12.3 allows Self XSS Vulnerability | CVE-2018-18716 |
| FULLDISC:20181102 Zoho ManageEngine OpManager 12.3 allows Stored XSS | CVE-2018-18715 |
| FULLDISC:20181102 [CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products | CVE-2018-16222 CVE-2018-16223 CVE-2018-16224 |
| FULLDISC:20181105 Re: Royal TS/X - Information Disclosure | CVE-2018-18865 |
| FULLDISC:20181108 DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities | CVE-2018-15771 CVE-2018-15772 |
| FULLDISC:20181109 CVE-2018-15515 / D-LINK Central WifiManager CWM-100 / Trojan File SYSTEM Privilege Escalation | CVE-2018-15515 |
| FULLDISC:20181109 CVE-2018-15516 / D- LINK Central WifiManager CWM-100 / FTP Server PORT Bounce Scan | CVE-2018-15516 |
| FULLDISC:20181109 CVE-2018-15517 / D-LINK Central WifiManager CWM-100 / Server Side Request Forgery | CVE-2018-15517 |
| FULLDISC:20181109 [CVE-2018-18619] SQL injection in Advanced comment system v1.0 | CVE-2018-18619 |
| FULLDISC:20181109 [CVE-2018-18940] Cross Site Scripting in default SnoopServlet servlet Netscape Enterprise 3.63 | CVE-2018-18940 |
| FULLDISC:20181109 [CVE-2018-18941] Security Vulnerability in Vignette Content Management version 6 | CVE-2018-18941 |
| FULLDISC:20181111 Sensitive Data Exposure via Battery Information Broadcasts in Android OS [CVE-2018-15835] | CVE-2018-15835 |
| FULLDISC:20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability | CVE-2018-15769 |
| FULLDISC:20181113 OCS Inventory NG ocsreports Authenticated RCE via Shell Upload (CVE-2018-15537) | CVE-2018-15537 |
| FULLDISC:20181113 SwitchVPN MacOS Privilege Escalation Vulnerability | CVE-2018-18860 |
| FULLDISC:20181116 Budabot !calc Denial of Service | CVE-2018-19290 |
| FULLDISC:20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities | CVE-2018-11066 CVE-2018-11067 |
| FULLDISC:20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability | CVE-2018-11076 |
| FULLDISC:20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability | CVE-2018-11077 |
| FULLDISC:20181120 [CVE-2018-18006] Ricoh myPrint - Hardcoded application credentials and information disclosure via WSDL webservices | CVE-2018-18006 |
| FULLDISC:20181121 SEC Consult SA-20181116-0 :: Multiple critical vulnerabilities in Miss Marple Enterprise Edition | CVE-2018-19233 CVE-2018-19234 |
| FULLDISC:20181123 CVE-2018-19439 - Cross Site Scripting in Oracle Secure Global Desktop Administration Console - 4.4; Build: 20080807152602 | CVE-2018-19439 |
| FULLDISC:20181127 CVE-2018-19505 - Impersonation may lead to incorrect user context in Remedy AR System Server in BMC Remedy 7.1 | CVE-2018-19505 |
| FULLDISC:20181130 CVE-2017-9732: knc (kerberized netcat) memory exhaustion | CVE-2017-9732 |
| FULLDISC:20181130 CVE-2018-19753 - Directory Traversal in Tarantella Enterprise before 3.11 | CVE-2018-19753 |
| FULLDISC:20181130 CVE-2018-19754 - Security Bypass Access Control Vulnerability in Tarantella Enterprise before 3.11 | CVE-2018-19754 |
| FULLDISC:20181130 Multiple OS Command Injection in Moxa NPort W2x50A products | CVE-2018-19659 CVE-2018-19660 |
| FULLDISC:20181201 SolarWinds SFTP Vulnerabilities | CVE-2018-16791 CVE-2018-16792 |
| FULLDISC:20181204 CVE-2018-11741 / CVE-2018-11742 / NEC Univerge Sv9100 WebPro - 6.00 / Predictable Session ID / Clear Text Password Storage | CVE-2018-11741 CVE-2018-11742 |
| FULLDISC:20181204 Multiple Cross-Site Scripting Vulnerabilities in FreshRSS 1.11.1 | CVE-2018-19782 |
| FULLDISC:20181204 Multiple Cross-site Scripting and Blind SQL Injection Vulnerabilities in Plikli 4.0.0 | CVE-2018-19414 CVE-2018-19415 |
| FULLDISC:20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) | CVE-2018-19649 CVE-2018-19765 CVE-2018-19766 CVE-2018-19767 CVE-2018-19768 CVE-2018-19769 CVE-2018-19770 CVE-2018-19771 CVE-2018-19772 CVE-2018-19773 CVE-2018-19774 CVE-2018-19775 CVE-2018-19809 CVE-2018-19810 CVE-2018-19811 CVE-2018-19812 CVE-2018-19813 CVE-2018-19814 CVE-2018-19815 CVE-2018-19816 CVE-2018-19817 CVE-2018-19818 CVE-2018-19819 CVE-2018-19820 CVE-2018-19821 CVE-2018-19822 |
| FULLDISC:20181207 [CVE-2018-19861, CVE-2018-19862] Buffer overflow in MiniShare 1.4.1 HEAD and POST method | CVE-2018-19861 CVE-2018-19862 |
| FULLDISC:20181209 Multiple vulnerabilities found in Trendnet routers and IP Cameras. | CVE-2018-19239 CVE-2018-19240 CVE-2018-19241 CVE-2018-19242 |
| FULLDISC:20181221 CVE-2018-20193 - Privilege escalation in Juniper Secure Access SSL VPN - SA-4000, 5.1R5 (build 9627) 4.2 Release (build 7631) | CVE-2018-20193 |
| FULLDISC:20181221 CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0 | CVE-2018-20211 |
| FULLDISC:20181221 [CORE-2017-0012] - ASUS Drivers Elevation of Privilege Vulnerabilities | CVE-2018-18535 CVE-2018-18536 CVE-2018-18537 |
| FULLDISC:20181221 [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities | CVE-2018-19320 CVE-2018-19321 CVE-2018-19322 CVE-2018-19323 |
| FULLDISC:20181221 [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials | CVE-2018-18007 |
| FULLDISC:20181221 [CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials | CVE-2018-18008 |
| FULLDISC:20181221 [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials | CVE-2018-18009 |
| FULLDISC:20181228 DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability | CVE-2018-15780 |
| FULLDISC:20190103 DSA-2018-226: RSA Authentication Manager Relative Path Traversal Vulnerability | CVE-2018-15782 |
| FULLDISC:20190104 Open-Xchange Security Advisory 2018-12-31 | CVE-2018-12609 CVE-2018-12610 CVE-2018-12611 |
| FULLDISC:20190119 [CVE-2019-8925 to CVE-2019-8929] Path traversal and Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone | CVE-2019-8928 |
| FULLDISC:20190124 CA20190124-01: Security Notice for CA Automic Workload Automation | CVE-2019-6504 |
| FULLDISC:20190204 DSA-2019-010: Dell EMC VNX2 Family OS Command Injection Vulnerability | CVE-2019-3704 |
| FULLDISC:20190206 CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421 Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service | CVE-2019-7418 |
| FULLDISC:20190206 Cross Site Scripting in Ericsson Active Library Explorer Server Version 14.3 | CVE-2019-7417 |
| FULLDISC:20190206 Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702) | CVE-2019-6702 |
| FULLDISC:20190206 [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service | CVE-2019-7419 CVE-2019-7420 CVE-2019-7421 |
| FULLDISC:20190206 [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone | CVE-2019-7422 CVE-2019-7423 CVE-2019-7424 CVE-2019-7425 |
| FULLDISC:20190212 KSA-DEV-001: CVE-2018-19524 : StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals. | CVE-2018-19524 |
| FULLDISC:20190212 KSA-Dev-002: CVE-2018-19525 : Account takeover via XSRF in All ISG Series Firewall | CVE-2018-19525 |
| FULLDISC:20190212 KSA-Dev-003:CVE-2019-7383 : Remote Code Execution Via shell upload in all systorme ISG products | CVE-2019-7383 |
| FULLDISC:20190212 KSA-Dev-005:CVE-2019-7384: Authenticated Remote Code Execution in Raisecom GPON Devices | CVE-2019-7384 |
| FULLDISC:20190212 KSA-Dev-006:CVE-2019-7385: Authenticated remote code execution on Multiple Raisecom GPON Devices | CVE-2019-7385 |
| FULLDISC:20190212 KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset | CVE-2019-7386 CVE-2019-7416 |
| FULLDISC:20190217 [CVE-2019-8923, CVE-2019-8924] SQL injection and persistent Cross Site Scripting in XAMPP 5.6.8 (and previous) | CVE-2019-8923 |
| FULLDISC:20190219 [CVE-2019-8925 to CVE-2019-8929] Path traversal and Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone | CVE-2019-8929 |
| FULLDISC:20190228 DSA-2019-038: RSA Authentication Manager Insecure Credential Management Vulnerability | CVE-2019-3711 |
| FULLDISC:20190305 SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS) | CVE-2018-17862 |
| FULLDISC:20190305 SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS) | CVE-2018-17861 |
| FULLDISC:20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities | CVE-2019-3715 CVE-2019-3716 |
| FULLDISC:20190311 CVE-2019-9648 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal | CVE-2019-9648 |
| FULLDISC:20190311 CVE-2019-9649 CoreFTP FTP / SFTP Server v2 - Build 674 MDTM Directory Traversal | CVE-2019-9649 |
| FULLDISC:20190319 2FA & macOS Disk Encryption Bypass in Abine Blur 7.24* [CVE-2019-6481] | CVE-2018-7213 CVE-2019-6481 |
| FULLDISC:20190319 CVE-2018-19971: JFrog Artifactory Pro SAML SSO signature validation error | CVE-2018-19971 |
| FULLDISC:20190319 Re: WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion | CVE-2019-9618 |
| FULLDISC:20190319 WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion | CVE-2019-9618 |
| FULLDISC:20190322 CVE-2018-17057: phar deserialization in TCPDF might lead to RCE | CVE-2018-17057 |
| FULLDISC:20190322 Re: Font_Organizer 2.1.1 - Reflected XSS (WordPress Plugin) | CVE-2019-9908 |
| FULLDISC:20190322 Re: Give 2.3.0 - Reflected XSS (WordPress Plugin) | CVE-2019-9909 |
| FULLDISC:20190322 Re: KingComposer 2.7.6 - Reflected XSS (WordPress Plugin) | CVE-2019-9910 |
| FULLDISC:20190322 Re: NextScripts: Social Networks Auto-Poster 4.2.7 - Reflected XSS (WordPress Plugin) | CVE-2019-9911 |
| FULLDISC:20190322 Re: WP Live Chat Support 8.0.17 - Reflected XSS (WordPress Plugin) | CVE-2019-9913 |
| FULLDISC:20190322 Re: YOP Poll 6.0.2 - Reflected XSS (WordPress Plugin) | CVE-2019-9914 |
| FULLDISC:20190322 Re: wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin) | CVE-2019-9912 |
| FULLDISC:20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra | CVE-2018-12015 CVE-2018-18311 CVE-2018-18313 |
| FULLDISC:20190326 CVE-2019-10009 Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion | CVE-2019-10009 |
| FULLDISC:20190326 Repeat of CVE-2018-4251 in Razer Laptops | CVE-2018-4251 |
| FULLDISC:20190327 [RT-SA-2019-003] Cisco RV320 Unauthenticated Configuration Export | CVE-2019-1653 |
| FULLDISC:20190327 [RT-SA-2019-004] Cisco RV320 Unauthenticated Diagnostic Data Retrieval | CVE-2019-1653 |
| FULLDISC:20190327 [RT-SA-2019-005] Cisco RV320 Command Injection Retrieval | CVE-2019-1652 |
| FULLDISC:20190404 CVE-2019-7727 - JMX/RMI Nice ENGAGE <= 6.5 Remote Command Execution | CVE-2019-7727 |
| FULLDISC:20190405 Uniqkey Password Manager 1.14 - Remote Denial Of Service [CVE-2019-10845] | CVE-2019-10845 |
| FULLDISC:20190407 Loytec LGATE-902: Multiple Vulnerabilities (XSS, Path traversal and File Deletion) | CVE-2018-14916 CVE-2018-14918 CVE-2018-14919 |
| FULLDISC:20190409 GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload | CVE-2019-11028 |
| FULLDISC:20190409 Loytec LGATE-902: Multiple Vulnerabilities (XSS, Path traversal and File Deletion) | CVE-2018-14916 CVE-2018-14918 CVE-2018-14919 |
| FULLDISC:20190413 Nagios XI 5.5.10: XSS to root RCE (CVE-2019-9164, 9165, 9166, 9167, 9202, 9203, 9204) | CVE-2019-9164 |
| FULLDISC:20190416 CVE-2019-9955 Refelected XSS on Zyxel Login page | CVE-2019-9955 |
| FULLDISC:20190418 CVE-2018-2879 - anniversary | CVE-2018-2879 |
| FULLDISC:20190423 Multiple vulnerabilities in Sony Smart TVs | CVE-2019-10886 CVE-2019-11336 |
| FULLDISC:20190426 Re: GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload | CVE-2019-11028 |
| FULLDISC:20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients | CVE-2017-17848 CVE-2018-12019 CVE-2018-12020 CVE-2018-12356 CVE-2018-12556 CVE-2018-15586 CVE-2018-15587 CVE-2018-15588 CVE-2018-18509 CVE-2019-0728 CVE-2019-8338 |
| FULLDISC:20190504 RCE in CGI Servlet - Apache Tomcat on Windows - CVE-2019-0232 | CVE-2019-0232 |
| FULLDISC:20190504 [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310) | CVE-2019-9861 |
| FULLDISC:20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability | CVE-2008-7220 CVE-2015-9251 CVE-2018-14040 CVE-2018-14041 CVE-2018-14042 CVE-2019-11358 CVE-2019-8331 |
| FULLDISC:20190510 SEC Consult SA-20190510-0 :: Unauthenticated SQL Injection vulnerability in OpenProject | CVE-2019-11600 |
| FULLDISC:20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability | CVE-2008-7220 CVE-2015-9251 CVE-2018-14040 CVE-2018-14041 CVE-2018-14042 CVE-2019-11358 CVE-2019-8331 |
| FULLDISC:20190510 dotCMS v5.1.1 Vulnerabilities | CVE-2008-7220 CVE-2015-9251 CVE-2018-14040 CVE-2018-14041 CVE-2018-14042 CVE-2019-11358 CVE-2019-8331 |
| FULLDISC:20190513 APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra | CVE-2018-4456 |
| FULLDISC:20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3 | CVE-2017-14315 CVE-2017-6975 CVE-2017-9417 |
| FULLDISC:20190513 [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services | CVE-2019-8978 |
| FULLDISC:20190514 [CVE-2018-7841] Schneider Electric U.Motion Builder <= 1.3.4 track_import_export.php object_id Unauthenticated Command Injection | CVE-2018-7765 CVE-2018-7841 |
| FULLDISC:20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway | CVE-2019-1854 |
| FULLDISC:20190521 Re: GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability | CVE-2019-12163 |
| FULLDISC:20190524 CMS Made Simple 2.2.10 - (Authenticated) Persistent Cross-Site Scripting | CVE-2019-11226 |
| FULLDISC:20190524 [CVE-2019-11604] Quest KACE Systems Management Appliance <= 9.0 kbot_service_notsoap.php METHOD Reflected Cross-Site Scripting | CVE-2019-11604 |
| FULLDISC:20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication | CVE-2019-7393 CVE-2019-7394 |
| FULLDISC:20190529 Reflected Cross-site Scripting Vulnerability in Kanboard 1.2.7 | CVE-2019-7324 |
| FULLDISC:20190529 XSS in SSI printenv command - Apache Tomcat - CVE-2019-0221 | CVE-2019-0221 |
| FULLDISC:20190529 [SYSS-2019-012]: Siemens LOGO! 8 - Use of Hard-coded Cryptographic Key (CWE-321) | CVE-2019-10920 |
| FULLDISC:20190529 [SYSS-2019-013]: Siemens LOGO! 8 - Missing Authentication for Critical Function (CWE-306) | CVE-2019-10919 |
| FULLDISC:20190529 [SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257) | CVE-2019-10921 |
| FULLDISC:20190609 [CVE-2018-15555 / 15556] Telus Actiontec WEB6000Q Local Privilege Escalation | CVE-2018-15555 |
| FULLDISC:20190609 [CVE-2018-15557] Telus Actiontec WEB6000Q Remote Privilege Escalation | CVE-2018-15557 |
| FULLDISC:20190611 APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1 | CVE-2018-6918 |
| FULLDISC:20190611 Rapid7's Windows InsightIDR Agent: Local Privilege Escalation | CVE-2019-5629 |
| FULLDISC:20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149) | CVE-1999-0095 CVE-1999-0145 CVE-2019-10149 |
| FULLDISC:20190611 [CVE-2018-15555 / 15556] Telus Actiontec WEB6000Q Local Privilege Escalation | CVE-2018-15555 CVE-2018-15556 |
| FULLDISC:20190611 [CVE-2018-15557] Telus Actiontec WEB6000Q Remote Privilege Escalation | CVE-2018-15557 |
| FULLDISC:20190611 [SYSS-2019-007]: Inateck 2.4 GHz Wireless Presenter WP1001 - Keystroke Injection Vulnerability | CVE-2019-12505 |
| FULLDISC:20190611 [SYSS-2019-008]: Inateck 2.4 GHz Wearable Wireless Presenter WP2002 - Keystroke Injection Vulnerability | CVE-2019-12504 |
| FULLDISC:20190611 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability | CVE-2019-12506 |
| FULLDISC:20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series | CVE-2011-5325 CVE-2013-1813 CVE-2014-4043 CVE-2014-9761 CVE-2014-9984 CVE-2015-0235 CVE-2015-1472 CVE-2015-9261 CVE-2017-16544 |
| FULLDISC:20190618 BlogEngine.NET Directory traversal + RCE | CVE-2019-10719 CVE-2019-10720 CVE-2019-6714 |
| FULLDISC:20190620 XL-19-007 - ABB IDAL FTP Server Buffer Overflow Vulnerability | CVE-2019-7231 |
| FULLDISC:20190620 XL-19-008 - ABB IDAL FTP Server Path Traversal Vulnerability | CVE-2019-7227 |
| FULLDISC:20190620 XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability | CVE-2019-7225 |
| FULLDISC:20190620 XL-19-010 - ABB IDAL HTTP Server Authentication Bypass Vulnerability | CVE-2019-7226 |
| FULLDISC:20190620 XL-19-012 - ABB IDAL HTTP Server Uncontrolled Format String Vulnerability | CVE-2019-7228 |
| FULLDISC:20190621 PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element | CVE-2019-12280 |
| FULLDISC:20190624 BlogEngine.NET 3.3.7 and earlier Directory Traversal + Listing | CVE-2019-10717 |
| FULLDISC:20190624 Quarking Password Manager 3.1.84 - Clickjacking Vulnerability | CVE-2019-12880 |
| FULLDISC:20190624 Re: Multiple Cross-site Scripting Vulnerabilities in Shopware 5.5.6 | CVE-2019-12935 |
| FULLDISC:20190624 XL-19-004 - ABB IDAL FTP Server Uncontrolled Format String Vulnerability | CVE-2019-7230 |
| FULLDISC:20190624 XL-19-005 - ABB HMI Absence of Signature Verification Vulnerability | CVE-2019-7229 |
| FULLDISC:20190624 XL-19-007 - ABB IDAL FTP Server Buffer Overflow Vulnerability | CVE-2019-7231 |
| FULLDISC:20190624 XL-19-008 - ABB IDAL FTP Server Path Traversal Vulnerability | CVE-2019-7227 |
| FULLDISC:20190624 XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability | CVE-2019-7225 |
| FULLDISC:20190624 XL-19-010 - ABB IDAL HTTP Server Authentication Bypass Vulnerability | CVE-2019-7226 |
| FULLDISC:20190624 XL-19-011 - ABB IDAL HTTP Server Stack-Based Buffer Overflow Vulnerability | CVE-2019-7232 |
| FULLDISC:20190624 XL-19-012 - ABB IDAL HTTP Server Uncontrolled Format String Vulnerability | CVE-2019-7228 |
| FULLDISC:20190709 Cisco Data Center Manager multiple vulns; RCE as root | CVE-2019-1619 CVE-2019-1620 CVE-2019-1621 CVE-2019-1622 |
| FULLDISC:20190709 KEYNTO Team Password Manager 1.5.0 - Cross Site Scripting [CVE-2019-13380] | CVE-2019-13380 |
| FULLDISC:20190709 PowerPanel Business Edition 3.4.0 - Cross Site Request Forgery | CVE-2019-13071 |
| FULLDISC:20190709 Two vulnerabilities found in Sony BRAVIA Smart TVs | CVE-2019-11889 CVE-2019-11890 |
| FULLDISC:20190709 UPDATE: [SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321) [CVE-2019-13352] | CVE-2019-13352 |
| FULLDISC:20190712 Reflected Cross-site Scripting Vulnerability in Ponzu CMS 0.9.4 | CVE-2017-18364 |
| FULLDISC:20190716 CVE-2019-13577 / MAPLE Computer WBT SNMP Administrator v2.0.195.15 / Unauthenticated Remote Buffer Overflow Code Execution 0day | CVE-2019-13577 |
| FULLDISC:20190716 CVE-2019-2107 a.k.a "Hevcfright" Proof of Concept exploit (Denial of Service PoC) | CVE-2019-2107 |
| FULLDISC:20190723 APPLE-SA-2019-7-22-1 iOS 12.4 | CVE-2019-13118 |
| FULLDISC:20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra | CVE-2018-19860 CVE-2019-13118 |
| FULLDISC:20190723 APPLE-SA-2019-7-22-4 watchOS 5.3 | CVE-2019-13118 |
| FULLDISC:20190723 APPLE-SA-2019-7-22-5 tvOS 12.4 | CVE-2019-13118 |
| FULLDISC:20190723 Tufin SecureChange uses Richfaces 4.3.5, vulnerable to CVE-2015-0279 (unauthenticated RCE) | CVE-2015-0279 |
| FULLDISC:20190723 Two vulnerabilities found in MikroTik's RouterOS | CVE-2018-1157 CVE-2018-1158 |
| FULLDISC:20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13 | CVE-2019-13118 |
| FULLDISC:20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6 | CVE-2019-13118 |
| FULLDISC:20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6 | CVE-2019-13118 |
| FULLDISC:20190726 [SYSS-2019-004]: ABUS Secvest (FUAA50000) - Message Transmission - Unchecked Error Condition (CWE-391) (CVE-2019-14261) | CVE-2019-14261 |
| FULLDISC:20190730 VTS19-002: Multiple Vulnerabilities in Veritas Resiliency Platform (VRP) | CVE-2019-14415 CVE-2019-14416 CVE-2019-14417 CVE-2019-14418 |
| FULLDISC:20190802 Avira Free Security Suite 2019 - Exploiting Arbitrary File Writes for Local Elevation of Privilege | CVE-2019-11396 |
| FULLDISC:20190809 Dlink-CVE-2019-13101 | CVE-2019-13101 |
| FULLDISC:20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 | CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9518 |
| FULLDISC:20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra | CVE-2018-16860 CVE-2018-19860 CVE-2019-13118 CVE-2019-9506 |
| FULLDISC:20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4 | CVE-2018-16860 CVE-2019-13118 CVE-2019-9506 |
| FULLDISC:20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 | CVE-2018-16860 CVE-2019-13118 CVE-2019-9506 |
| FULLDISC:20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4 | CVE-2018-16860 CVE-2019-13118 CVE-2019-9506 |
| FULLDISC:20190821 SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus | CVE-2019-15046 |
| FULLDISC:20190825 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry | CVE-2014-1972 |
| FULLDISC:20190825 CoreFTP Server FTP / SFTP Server v2 - Build 674 MDTM Directory Traversal (Metasploit) Exploit | CVE-2019-9649 |
| FULLDISC:20190825 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal (Metasploit) Exploit | CVE-2019-9648 |
| FULLDISC:20190825 Unquoted Path - Trend Micro | CVE-2019-14685 |
| FULLDISC:20190825 [CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3 | CVE-2019-15150 |
| FULLDISC:20190827 Multiple CSRF Vulnerabilities in Django CRM 0.2.1 | CVE-2019-11457 |
| FULLDISC:20190830 Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root | CVE-2019-1935 CVE-2019-1936 CVE-2019-1937 |
| FULLDISC:20190830 [SBA-ADV-20190305-01] CVE-2019-13564: Ping Identity Agentless Integration Kit <1.5 Reflected Cross-site Scripting (XSS) | CVE-2019-13564 |
| FULLDISC:20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X | CVE-2014-4043 CVE-2014-9761 CVE-2014-9984 CVE-2015-1472 CVE-2015-8778 CVE-2015-8779 CVE-2015-9261 CVE-2017-1000366 CVE-2017-16544 CVE-2018-20679 CVE-2019-5747 |
| FULLDISC:20190906 Re: Totaljs CMS authenticated path traversal (could lead to RCE) | CVE-2019-15952 |
| FULLDISC:20190909 CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA) | CVE-2019-13656 |
| FULLDISC:20190909 CVE-2018-18809 Path traversal in Tibco JasperSoft | CVE-2018-18809 |
| FULLDISC:20190912 SEC Consult SA-20190912-0 :: Stored and reflected XSS vulnerabilities in LimeSurvey | CVE-2019-16172 CVE-2019-16173 |
| FULLDISC:20190920 Reflected XSS - HRworks Login (v1.16.1) | CVE-2019-11559 |
| FULLDISC:20190925 [CVE-2019-14783] Arbitrary file create with system-app privilege in Samsung Mobile Android FotaAgent Component | CVE-2019-14783 |
| FULLDISC:20190927 APPLE-SA-2019-9-26-7 Xcode 11.0 | CVE-2019-3855 |
| FULLDISC:20191003 CA20190930-01: Security Notice for CA Network Flow Analysis | CVE-2019-13658 |
| FULLDISC:20191003 [AIT-SA-20190930-01] CVE-2019-15741: Privilege Escalation via Logrotate in Gitlab Omnibus | CVE-2019-15741 |
| FULLDISC:20191007 [KIS-2019-02] vBulletin <= 5.5.4 (updateAvatar) Remote Code Execution Vulnerability | CVE-2019-17132 |
| FULLDISC:20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15 | CVE-2019-11041 CVE-2019-11042 |
| FULLDISC:20191008 Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 | CVE-2019-15859 |
| FULLDISC:20191011 Open-Xchange Security Advisory 2019-10-09 | CVE-2019-14227 |
| FULLDISC:20191014 SEC Consult SA-20191014-0 :: Reflected XSS vulnerability in OpenProject | CVE-2019-17092 |
| FULLDISC:20191015 Reflected XSS via Broken Link Checker v.1.11.8 WordPress Plugin | CVE-2019-17207 |
| FULLDISC:20191015 Tomedo Server - Weak encryption mech. | CVE-2019-17393 |
| FULLDISC:20191018 CA20191015-01: Security Notice for CA Performance Management | CVE-2019-13657 |
| FULLDISC:20191018 CVE 2019-2215 Android Binder Use After Free | CVE-2019-2215 |
| FULLDISC:20191018 CVE-2019-3010 - Local privilege escalation on Solaris 11.x via xscreensaver | CVE-2019-3010 |
| FULLDISC:20191018 Information leakage found in FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box 7490) [DTC-A-20170323-001] | CVE-2017-8087 |
| FULLDISC:20191018 Sangoma SBC bypass authentication via argument injection - CVE-2019-12148 | CVE-2019-12148 |
| FULLDISC:20191018 Sangoma SBC local sudo user creation vulnerability without authentication - CVE-2019-12147 | CVE-2019-12147 |
| FULLDISC:20191018 WiKID 2FA Enterprise Server Multiple Issues | CVE-2019-16917 CVE-2019-17114 CVE-2019-17115 CVE-2019-17116 CVE-2019-17117 CVE-2019-17118 CVE-2019-17119 CVE-2019-17120 |
| FULLDISC:20191022 Trend Micro Anti-Threat Toolkit (ATTK) <= v1.62.0.1218 Remote Code Execution 0day CVE-2019-9491 | CVE-2019-9491 |
| FULLDISC:20191031 APPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2 | CVE-2017-7152 |
| FULLDISC:20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15 | CVE-2018-12152 CVE-2018-12153 CVE-2018-12154 CVE-2019-11041 CVE-2019-11042 |
| FULLDISC:20191031 APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra | CVE-2017-7152 CVE-2018-12152 CVE-2018-12153 CVE-2018-12154 |
| FULLDISC:20191031 APPLE-SA-2019-10-29-4 watchOS 6.1 | CVE-2017-7152 |
| FULLDISC:20191031 [RT-SA-2019-013] Unsafe Storage of Credentials in Carel pCOWeb HVAC | CVE-2019-11369 CVE-2019-13553 |
| FULLDISC:20191031 [RT-SA-2019-014] Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC | CVE-2019-13549 |
| FULLDISC:20191115 Raritan CommandCenter Secure Gateway XML External Entity < 8.0 | CVE-2018-20687 |
| FULLDISC:20191115 ScanGuard Antivirus (latest version) / Insecure Permissions | CVE-2019-18895 |
| FULLDISC:20191115 Vulnerability Disclosure and CVE assign | CVE-2019-18957 |
| FULLDISC:20191115 WordPress Plugin Social Photo Gallery 1.0 - Remote Code Execution | CVE-2019-14467 |
| FULLDISC:20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius | CVE-2019-10143 |
| FULLDISC:20191119 CVE-2019-16758 Lexmark Services Monitor 2.27.4.0.39 Directory Traversal | CVE-2019-16758 |
| FULLDISC:20191126 CVE-2019-11932 (double free in libpl_droidsonroids_gif) many apps vulnerable | CVE-2019-11932 |
| FULLDISC:20191129 CVE-2019-18922; Directory Traversal; Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] | CVE-2019-18922 |
| FULLDISC:20191129 [SYSS-2019-027]: Inateck BCST-60 Barcode Scanner - Keystroke Injection Vulnerability (CVE-2019-12503) | CVE-2019-12503 |
| FULLDISC:20191203 Reflected XSS in CSS Hero (v.4.0.3) | CVE-2019-19133 |
| FULLDISC:20191204 [KIS-2019-10] YouPHPTube <= 7.7 (getChat.json.php) SQL Injection Vulnerability | CVE-2019-18662 |
| FULLDISC:20191206 Authentication vulnerabilities in OpenBSD | CVE-2019-19519 CVE-2019-19520 CVE-2019-19521 CVE-2019-19522 |
| FULLDISC:20191206 SiteVision Insufficient Module Access Control | CVE-2019-12733 CVE-2019-12734 |
| FULLDISC:20191206 SiteVision Remote Code Execution | CVE-2019-12733 CVE-2019-12734 |
| FULLDISC:20191206 Symantec Endoint Security LPE CVE-2019-12750 | CVE-2019-12750 |
| FULLDISC:20191206 [AIT-SA-20191129-01] CVE-2019-16885: Unauthenticated remote code execution in OkayCMS | CVE-2019-16885 |
| FULLDISC:20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation) | CVE-2019-19230 |
| FULLDISC:20191210 CVE-2019-18345 Reflected Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server | CVE-2019-18346 CVE-2019-18347 |
| FULLDISC:20191210 CVE-2019-18346 Cross-Site Request Forgery (CSRF) vulnerability in DAViCal CalDAV Server | CVE-2019-18346 CVE-2019-18347 |
| FULLDISC:20191210 CVE-2019-18347 Persistent Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server | CVE-2019-18346 CVE-2019-18347 |
| FULLDISC:20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3 | CVE-2019-15903 |
| FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra | CVE-2015-1545 CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2019-13057 CVE-2019-13565 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 |
| FULLDISC:20191213 APPLE-SA-2019-12-10-5 tvOS 13.3 | CVE-2019-15903 |
| FULLDISC:20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1 | CVE-2019-15903 |
| FULLDISC:20191213 CSV injection vulnerability in SolarWinds Serv-U FTP Server | CVE-2019-13181 |
| FULLDISC:20191213 CVE-2019-12750 - Exploitation Write-ups | CVE-2019-12750 |
| FULLDISC:20191213 Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) | CVE-2019-19726 |
| FULLDISC:20191213 Squiz Matrix CMS <= 5.5.3.2 - Multiple Issues may lead to Remote Code Execution | CVE-2019-19373 CVE-2019-19374 |
| FULLDISC:20191213 Stored Cross-Site Scripting in Serv-U FTP Server | CVE-2019-13182 |
| FULLDISC:20191217 D-Link DIR-615 -- Vertical Prviliege Escalation | CVE-2019-19743 |
| FULLDISC:20200103 CA20191218-01: Security Notice for CA Client Automation Agent for Windows | CVE-2019-19231 |
| FULLDISC:20200103 Open-Xchange Security Advisory 2020-01-02 | CVE-2019-16716 CVE-2019-16717 |
| FULLDISC:20200117 CVE-2020-2656 - Low impact information disclosure via Solaris xlock | CVE-2020-2656 |
| FULLDISC:20200117 CVE-2020-2696 - Local privilege escalation via CDE dtsession | CVE-2020-2696 |
| FULLDISC:20200121 Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857 | CVE-2020-6857 |
| FULLDISC:20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus | CVE-2020-6843 |
| FULLDISC:20200123 SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS | CVE-2020-7210 |
| FULLDISC:20200124 CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows | CVE-2019-19363 |
| FULLDISC:20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers | CVE-2019-19822 CVE-2019-19823 CVE-2019-19824 CVE-2019-19825 |
| FULLDISC:20200124 [UPDATED - POC] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857 | CVE-2020-6857 |
| FULLDISC:20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra | CVE-2019-11043 CVE-2019-18634 |
| FULLDISC:20200131 LPE and RCE in OpenSMTPD (CVE-2020-7247) | CVE-2020-7247 |
| FULLDISC:20200131 Re: Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers | CVE-2019-19822 CVE-2019-19823 CVE-2019-19824 CVE-2019-19825 |
| FULLDISC:20200131 [CVE-2019-20358] CVE-2019-9491 in Trend Micro Anti-Threat Toolkit (ATTK) was NOT properly FIXED | CVE-2019-20358 CVE-2019-9491 |
| FULLDISC:20200207 xglance-bin exploit (CVE-2014-2630) | CVE-2014-2630 |
| FULLDISC:20200214 CVE-2019-18915 HP System Event Utility / Privilege Escalation Vulnerability | CVE-2019-18915 |
| FULLDISC:20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag | CVE-2020-0022 |
| FULLDISC:20200218 CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability | CVE-2020-0728 |
| FULLDISC:20200218 Re: [TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information) | CVE-2020-9264 |
| FULLDISC:20200220 Open-Xchange Security Advisory 2020-02-19 | CVE-2019-9853 |
| FULLDISC:20200227 CVE-2020-5497 - MITREid Connect XSS | CVE-2020-5497 |
| FULLDISC:20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064) | CVE-2016-10743 CVE-2019-10064 |
| FULLDISC:20200227 LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) | CVE-2020-8794 |
| FULLDISC:20200227 Local information disclosure in OpenSMTPD (CVE-2020-8793) | CVE-2020-8793 |
| FULLDISC:20200227 [TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP) | CVE-2020-9342 |
| FULLDISC:20200227 [TZO-19-2020] - AVIRA Generic AV Bypass (ISO Container) - CVE-2020-9320 | CVE-2020-9320 |
| FULLDISC:20200306 Buffer overflow in pppd - CVE-2020-8597 | CVE-2020-8597 |
| FULLDISC:20200306 [AIT-SA-20200301-01] CVE-2020-9364: Directory Traversal in Creative Contact Form | CVE-2020-9364 |
| FULLDISC:20200306 [TZO-20-2020] - Quickheal Malformed Archive bypass (ZIP GPFLAG) - CVE-2020-9362 | CVE-2020-9362 |
| FULLDISC:20200313 RichFaces exploitation toolkit | CVE-2015-0279 CVE-2018-12532 CVE-2018-12533 |
| FULLDISC:20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client | CVE-2013-1813 CVE-2014-9645 CVE-2017-16544 CVE-2020-9435 CVE-2020-9436 |
| FULLDISC:20200320 LPE in Avast Secure Browser | CVE-2019-17190 |
| FULLDISC:20200320 Oce Colorwave 500 printer - multiple vulnerabilities | CVE-2020-10667 CVE-2020-10668 CVE-2020-10669 |
| FULLDISC:20200324 APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra | CVE-2019-14615 CVE-2019-19232 |
| FULLDISC:20200324 Authentication Bypass in Tribal SITS:Vision | CVE-2019-19127 |
| FULLDISC:20200324 HP ThinPro - Application filter bypass | CVE-2019-16286 |
| FULLDISC:20200324 HP ThinPro - Citrix command injection | CVE-2019-18909 |
| FULLDISC:20200324 HP ThinPro - Information disclosure | CVE-2019-16285 |
| FULLDISC:20200324 HP ThinPro - Privilege escalation | CVE-2019-16287 |
| FULLDISC:20200324 HP ThinPro - Privileged command injection | CVE-2019-18910 |
| FULLDISC:20200327 CVE-2019-4716: conf overwrite + auth bypass = rce as root / SYSTEM on IBM PA / TM1 | CVE-2019-4716 |
| FULLDISC:20200327 [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520) | CVE-2020-9520 |
| FULLDISC:20200403 MicroStrategy Intelligence Server and Web 10.4 - multiple vulnerabilities | CVE-2020-11450 CVE-2020-11451 CVE-2020-11452 CVE-2020-11453 CVE-2020-11454 |
| FULLDISC:20200410 Re: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference | CVE-2020-10231 |
| FULLDISC:20200414 Matrix42 Workspace Management 9.1.2.2765 - Reflected Cross-Site Scripting | CVE-2019-19913 |
| FULLDISC:20200414 Workspace Management 9.1.2.2765 - Stored Cross-Site Scripting | CVE-2019-19500 |
| FULLDISC:20200417 CA20200414-01: Security Notice for CA API Developer Portal | CVE-2020-11658 CVE-2020-11659 CVE-2020-11660 CVE-2020-11661 CVE-2020-11662 CVE-2020-11663 CVE-2020-11664 CVE-2020-11665 CVE-2020-11666 |
| FULLDISC:20200417 CVE-2020-2771, CVE-2020-2851, CVE-2020-2944 - Multiple vulnerabilities in Oracle Solaris | CVE-2020-2771 CVE-2020-2851 CVE-2020-2944 |
| FULLDISC:20200421 Arbitrary class instantiation & local file inclusion vulnerability in QRadar Forensics web application | CVE-2020-4272 |
| FULLDISC:20200421 Authorization bypass in QRadar Forensics web application | CVE-2020-4274 |
| FULLDISC:20200421 Cisco AnyConnect elevation of privileges due to insecure handling of path names | CVE-2020-3153 |
| FULLDISC:20200421 Local privilege escalation in QRadar due to run-result-reader.sh insecure file permissions | CVE-2020-4270 |
| FULLDISC:20200421 PHP object injection vulnerability in QRadar Forensics web application | CVE-2020-4271 |
| FULLDISC:20200421 QRadar RssFeedItem Server-Side Request Forgery vulnerability | CVE-2020-4294 |
| FULLDISC:20200421 Unauthorized access to QRadar configuration sets via default password | CVE-2020-4269 |
| FULLDISC:20200501 CVE-2020-1967: proving sigalg != NULL | CVE-2020-1967 |
| FULLDISC:20200501 [SYSS-2020-012] Improper Access Control (CWE-284) in xt:Commerce (CVE-2020-12101) | CVE-2020-12101 |
| FULLDISC:20200508 Asset Explorer Windows Agent - Remote Code Execution | CVE-2020-8838 |
| FULLDISC:20200508 ChopSlider3 Wordpress Plugin SQL Injection | CVE-2020-11530 |
| FULLDISC:20200508 SolarWinds MSP PME Cache Service - Insecure File Permissions / Code Execution | CVE-2020-12608 |
| FULLDISC:20200512 Two vulnerabilities in Oracle's iPlanet Web Server (CVE-2020-9315 and CVE-2020-9314) | CVE-2012-0516 CVE-2020-9314 CVE-2020-9315 |
| FULLDISC:20200514 KL-001-2020-002 : Cellebrite Restricted Desktop Escape and Escalation of User Privilege | CVE-2015-1701 |
| FULLDISC:20200515 Asset Explorer (Windows & Linux) - Authenticated Command Execution | CVE-2019-19034 |
| FULLDISC:20200519 Multiple vulnerabilities in Dovecot IMAP server | CVE-2020-10957 CVE-2020-10958 CVE-2020-10967 |
| FULLDISC:20200519 [SYSS-2019-039] Smartbear ReadyAPI/SoapUI Pro/jProductivity Licensing Unsafe Deserialization | CVE-2020-12835 |
| FULLDISC:20200522 APPLE-SA-2020-05-20-1 Xcode 11.5 | CVE-2020-11008 |
| FULLDISC:20200522 Composr CMS 10.0.30 - (Authenticated) Cross-Site Scripting | CVE-2020-8789 |
| FULLDISC:20200522 Remote Code Execution in qmail (CVE-2005-1513) | CVE-2005-1513 CVE-2005-1514 CVE-2005-1515 |
| FULLDISC:20200529 APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5 | CVE-2019-20044 CVE-2019-20503 CVE-2020-6616 |
| FULLDISC:20200529 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra | CVE-2019-20044 |
| FULLDISC:20200529 APPLE-SA-2020-05-26-4 tvOS 13.4.5 | CVE-2019-20044 CVE-2019-20503 |
| FULLDISC:20200529 APPLE-SA-2020-05-26-5 watchOS 6.2.5 | CVE-2019-20044 CVE-2019-20503 |
| FULLDISC:20200529 APPLE-SA-2020-05-26-7 Safari 13.1.1 | CVE-2019-20503 |
| FULLDISC:20200602 BIAS (Bluetooth Impersonation Attack) CVE 2020-10135 reproduction | CVE-2020-10135 |
| FULLDISC:20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager | CVE-2020-9484 |
| FULLDISC:20200605 Castel NextGen DVR multiple CVEs | CVE-2020-11679 CVE-2020-11680 CVE-2020-11681 CVE-2020-11682 |
| FULLDISC:20200609 Avaya IP Office v9.1.8.0 - 11 Insecure Transit Password Disclosure CVE-2020-7030 | CVE-2020-7030 |
| FULLDISC:20200609 CVE-2020-13432 - HFS HTTP File Server / Remote Buffer Overflow DoS | CVE-2020-13432 |
| FULLDISC:20200609 RoyalTS SSH Tunnel - Authentication Bypass | CVE-2020-13872 |
| FULLDISC:20200609 WinGate v9.4.1.5998 Insecure Permissions EoP CVE-2020-13866 | CVE-2020-13866 |
| FULLDISC:20200616 Pulse Secure Client < 9.1R6 TOCTOU Privilege Escalation (CVE-2020-13162) | CVE-2020-13162 |
| FULLDISC:20200616 [CVE-2020-12827] MJML <= 4.6.2 mj-include "path" Path Traversal | CVE-2020-12827 |
| FULLDISC:20200623 DLL Hijacking at the Trend Micro Password Manager (CVE-2020-8469) | CVE-2020-8469 |
| FULLDISC:20200623 GilaCMS - CVE-2019-13364 CVE-2019-13363 | CVE-2019-13363 CVE-2019-13364 CVE-2019-20803 CVE-2019-20804 |
| FULLDISC:20200623 Re: Remote Code Execution in qmail (CVE-2005-1513) | CVE-2005-1513 |
| FULLDISC:20200623 [SYSS_2020-014]: ABUS Secvest Wireless Control Device (FUBE50001) - Missing Encryption of Sensitive Data (CWE-311) (CVE-2020-14157) | CVE-2020-14157 |
| FULLDISC:20200703 Bolt CMS <= 3.7.0 Multiple Vulnerabilities - CSRF to RCE | CVE-2020-4040 CVE-2020-4041 |
| FULLDISC:20200709 X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch | CVE-2014-9862 |
| FULLDISC:20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6 | CVE-2019-19906 |
| FULLDISC:20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra | CVE-2019-19906 CVE-2019-20807 |
| FULLDISC:20200717 VMware ESXi: Multiple vulnerabilities [CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3960] | CVE-2020-3963 CVE-2020-3964 CVE-2020-3965 |
| FULLDISC:20200724 Defense in depth -- the Microsoft way (part 70): CVE-2014-0315 alias MS14-019 revisited | CVE-2014-0315 |
| FULLDISC:20200730 [SYSS-2020-015]: ABUS Secvest Hybrid module (FUMO50110) - Authentication Bypass Using an Alternate Path or Channel (CWE-288) (CVE-2020-14158) | CVE-2020-14158 |
| FULLDISC:20200804 October CMS <= Build 465 Multiple Vulnerabilities - Arbitrary File Read | CVE-2020-11083 CVE-2020-5295 CVE-2020-5296 CVE-2020-5297 CVE-2020-5298 CVE-2020-5299 |
| FULLDISC:20200804 [SYSS-2020-029]: Jira module "Gantt-Chart for Jira" - Improper Privilege Management (CWE-269)(CVE-2020-15943) | CVE-2020-15943 |
| FULLDISC:20200804 [SYSS-2020-030]: Jira module "Gantt-Chart for Jira" - Cross-Site Scripting (CWE-79)(CVE-2020-15944) | CVE-2020-15944 |
| FULLDISC:20200811 Re: [FD] ManageEngine ADSelfService Plus - Unauthenticated Remote Code Execution Vulnerability | CVE-2020-11552 |
| FULLDISC:20200811 Remote Code Execution 0day in vBulletin 5.x | CVE-2019-16759 |
| FULLDISC:20200821 Open-Xchange Security Advisory 2020-08-20 | CVE-2020-12643 CVE-2020-8542 |
| FULLDISC:20200821 Payment bypass in WordPress - WooCommerce - NAB Transact plugin disclosure | CVE-2020-11497 |
| FULLDISC:20200827 SEC Consult SA-20200826-0 :: Extensive file permissions on service executable in Eikon Thomson Reuters | CVE-2019-10679 |
| FULLDISC:20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S | CVE-2011-5325 CVE-2013-1813 CVE-2015-9261 CVE-2017-16544 CVE-2019-3422 |
| FULLDISC:20200901 Sagemcom router insecure deserialization > privilege escalation | CVE-2020-24034 |
| FULLDISC:20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W | CVE-2017-16544 CVE-2020-16204 CVE-2020-16206 CVE-2020-16208 CVE-2020-16210 |
| FULLDISC:20200902 [RT-SA-2020-004] Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site Scripting | CVE-2020-24553 |
| FULLDISC:20200904 Noise-Java AESGCMFallbackCipherState.encryptWithAd() insufficient boundary checks | CVE-2020-17360 CVE-2020-17361 CVE-2020-25022 |
| FULLDISC:20200904 Noise-Java AESGCMOnCtrCipherState.encryptWithAd() insufficient boundary checks | CVE-2020-17360 CVE-2020-17361 CVE-2020-25023 |
| FULLDISC:20200904 Noise-Java ChaChaPolyCipherState.encryptWithAd() insufficient boundary checks | CVE-2020-17360 CVE-2020-17361 CVE-2020-25021 |
| FULLDISC:20200904 Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) - exploit | CVE-2020-13162 |
| FULLDISC:20200918 Apache + PHP <= 7.4.10 open_basedir bypass | CVE-2007-3378 |
| FULLDISC:20200922 Seat Reservation System 1.0 Unauthenticated Remote Code Execution (CVE-2020-25763) | CVE-2020-25763 |
| FULLDISC:20200922 Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762) | CVE-2020-25762 |
| FULLDISC:20200922 Visitor Management System in PHP 1.0 - Authenticated SQL Injection | CVE-2020-25760 |
| FULLDISC:20200922 Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS | CVE-2020-25761 |
| FULLDISC:20201002 CVE-2020-12676 - FusionAuth SAML v2.0 bindings in Java using JAXB - Signature Exclusion Attack | CVE-2020-12676 |
| FULLDISC:20201006 CVE-2020-25790 | CVE-2020-25790 |
| FULLDISC:20201006 Re: Navy Federal Reflective Cross Site Scripting (XSS) | CVE-2020-25247 CVE-2020-25248 CVE-2020-25254 |
| FULLDISC:20201016 Java deserialization vulnerability in QRadar RemoteJavaScript Servlet | CVE-2020-4280 |
| FULLDISC:20201020 LISTSERV Maestro Remote Code Execution Vulnerability | CVE-2010-1870 |
| FULLDISC:20201021 [RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton | CVE-2018-10583 |
| FULLDISC:20201105 Git LFS (git-lfs) - Remote Code Execution (RCE) exploit CVE-2020-27955 - Clone to Pwn | CVE-2020-27955 |
| FULLDISC:20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 | CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-15358 CVE-2020-6147 CVE-2020-9773 CVE-2020-9876 CVE-2020-9941 CVE-2020-9946 CVE-2020-9951 CVE-2020-9952 CVE-2020-9958 CVE-2020-9959 CVE-2020-9961 CVE-2020-9964 CVE-2020-9968 CVE-2020-9973 CVE-2020-9976 CVE-2020-9979 CVE-2020-9983 CVE-2020-9992 |
| FULLDISC:20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0 | CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-15358 CVE-2020-9876 CVE-2020-9951 CVE-2020-9952 CVE-2020-9961 CVE-2020-9968 CVE-2020-9976 CVE-2020-9979 CVE-2020-9983 |
| FULLDISC:20201115 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0 | CVE-2020-9948 CVE-2020-9951 CVE-2020-9952 CVE-2020-9983 |
| FULLDISC:20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0 | CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-15358 CVE-2020-9876 CVE-2020-9941 CVE-2020-9946 CVE-2020-9951 CVE-2020-9952 CVE-2020-9961 CVE-2020-9968 CVE-2020-9976 CVE-2020-9983 |
| FULLDISC:20201115 APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave | CVE-2020-9941 CVE-2020-9961 CVE-2020-9968 CVE-2020-9973 CVE-2020-9986 |
| FULLDISC:20201116 Intel NUC - Local Privilege Escalation Vulnerability | CVE-2020-24525 |
| FULLDISC:20201117 SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager | CVE-2020-7032 |
| FULLDISC:20201118 TCMalloc viewer/dumper - TCMalloc Inspector Tool | CVE-2020-15999 |
| FULLDISC:20201123 CA20201116-01: Security Notice for CA Unified Infrastructure Management | CVE-2020-28421 |
| FULLDISC:20201130 scikit-learn 0.23.2 Local Denial of Service | CVE-2020-28975 |
| FULLDISC:20201204 ProCaster LE-32F430 SmartTV RCE via libsoup/2.51.3 stack overflow (CVE-2017-2885) | CVE-2017-2885 |
| FULLDISC:20201207 Request for full disclosure of CVE-2020-25889 & CVE-2020-25955 | CVE-2020-25889 CVE-2020-25955 |
| FULLDISC:20201211 Authenticated blind SQL injection (SQLi) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure | CVE-2020-28860 |
| FULLDISC:20201211 Cross-site request forgery (CSRF) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure | CVE-2020-28858 |
| FULLDISC:20201211 IP access control bypass in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure | CVE-2020-28856 |
| FULLDISC:20201211 Missing access controls in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure | CVE-2020-28861 |
| FULLDISC:20201211 Reflected XSS in WordPress - DirectoriesPro 1.3.45 plugin disclosure | CVE-2020-29303 |
| FULLDISC:20201211 Self-reflected XSS in WordPress DirectoriesPro 1.3.45 plugin disclosure. | CVE-2020-29304 |
| FULLDISC:20201211 Stored cross-site scripting (XSS) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure | CVE-2020-28857 |
| FULLDISC:20201215 APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3 | CVE-2020-15969 |
| FULLDISC:20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave | CVE-2020-10002 CVE-2020-10004 CVE-2020-10007 CVE-2020-10009 CVE-2020-10010 CVE-2020-10012 CVE-2020-10014 CVE-2020-10016 CVE-2020-10017 CVE-2020-13524 CVE-2020-15969 CVE-2020-27896 CVE-2020-27898 CVE-2020-27903 CVE-2020-27906 CVE-2020-27910 CVE-2020-27911 CVE-2020-27912 CVE-2020-27916 CVE-2020-27926 CVE-2020-9943 CVE-2020-9944 CVE-2020-9974 |
| FULLDISC:20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 | CVE-2019-20838 CVE-2020-10002 CVE-2020-10003 CVE-2020-10004 CVE-2020-10006 CVE-2020-10007 CVE-2020-10009 CVE-2020-10010 CVE-2020-10011 CVE-2020-10012 CVE-2020-10014 CVE-2020-10016 CVE-2020-10017 CVE-2020-10663 CVE-2020-13434 CVE-2020-13435 CVE-2020-13524 CVE-2020-13630 CVE-2020-13631 CVE-2020-14155 CVE-2020-15358 CVE-2020-27894 CVE-2020-27896 CVE-2020-27898 CVE-2020-27900 CVE-2020-27903 CVE-2020-27904 CVE-2020-27906 CVE-2020-27909 CVE-2020-27910 CVE-2020-27911 CVE-2020-27912 CVE-2020-27916 CVE-2020-27917 CVE-2020-27918 CVE-2020-27927 CVE-2020-27930 CVE-2020-27932 CVE-2020-27950 CVE-2020-9849 CVE-2020-9876 CVE-2020-9883 CVE-2020-9941 CVE-2020-9942 CVE-2020-9943 CVE-2020-9944 CVE-2020-9945 CVE-2020-9949 CVE-2020-9963 CVE-2020-9965 CVE-2020-9966 CVE-2020-9969 CVE-2020-9974 CVE-2020-9977 CVE-2020-9988 CVE-2020-9989 CVE-2020-9991 CVE-2020-9996 CVE-2020-9999 |
| FULLDISC:20201215 APPLE-SA-2020-12-14-5 watchOS 7.2 | CVE-2020-15969 |
| FULLDISC:20201215 APPLE-SA-2020-12-14-7 tvOS 14.3 | CVE-2020-15969 |
| FULLDISC:20201215 APPLE-SA-2020-12-14-8 Safari 14.0.2 | CVE-2020-15969 |
| FULLDISC:20201218 Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-11719] | CVE-2020-11719 |
| FULLDISC:20201218 Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update packages are downloaded via unencrypted HTTP [CVE-2020-11718] | CVE-2020-11718 |
| FULLDISC:20201218 Programi Bilanc - Build 007 Release 014 31.01.2020 - Use of weak default Password - CVE-2020-11720 | CVE-2020-11720 |
| FULLDISC:20201225 Re: [FD] CVE-2020-8150 - Remote Code Execution as SYSTEM/root via Backblaze | CVE-2020-8150 |
| FULLDISC:20201225 Re: [FD] CVE-2020-8152 - Elevation of Privilege in Backblaze | CVE-2020-8152 |
| FULLDISC:20201225 SYSS-2020-040 Urve - Missing Authentication for Critical Function (CWE-306) | CVE-2020-29552 |
| FULLDISC:20201225 SYSS-2020-041 Urve - Missing Authorization (CWE-862) | CVE-2020-29551 |
| FULLDISC:20201225 SYSS-2020-042 Urve - Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) | CVE-2020-29550 |
| FULLDISC:20201225 [CVE-2018-7580] - Philips Hue Denial of Service | CVE-2018-7580 |
| FULLDISC:20201229 Re: CVE-2020-8150 - Remote Code Execution as SYSTEM/root via Backblaze | CVE-2020-8150 CVE-2020-8289 |
| FULLDISC:20201229 Re: [FD] CVE-2020-8150 - Remote Code Execution as SYSTEM/root via Backblaze | CVE-2020-8150 CVE-2020-8289 |
| FULLDISC:20210103 Multiple vulnerabilities found in Rock RMS including RCE and account takeover | CVE-2019-18641 |
| FULLDISC:20210103 [KIS-2020-11] qdPM <= 9.1 (executeExport) PHP Object Injection Vulnerability | CVE-2020-26165 |
| FULLDISC:20210106 CVE-2020-24386: IMAP hibernation allows accessing other peoples mail | CVE-2020-12100 CVE-2020-24386 CVE-2020-25275 |
| FULLDISC:20210106 Re: [SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat | CVE-2013-4444 |
| FULLDISC:20210112 Re: Trovent Security Advisory 2010-01 [updated] / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability | CVE-2020-28208 |
| FULLDISC:20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series | CVE-2017-16544 |
| FULLDISC:20210119 Re: Trovent Security Advisory 2010-01 [updated] / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability | CVE-2020-28208 |
| FULLDISC:20210122 CVE-2020-20269 - Caret Editor v4.0.0-rc21 Remote Code Execution | CVE-2020-20269 |
| FULLDISC:20210122 [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities | CVE-2021-22871 CVE-2021-22872 CVE-2021-22873 |
| FULLDISC:20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) | CVE-2021-3156 |
| FULLDISC:20210201 APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave | CVE-2019-20838 CVE-2020-14155 CVE-2020-15358 CVE-2020-25709 CVE-2020-27904 |
| FULLDISC:20210201 Oracle DB: various issues related to malicious database gateways | CVE-2020-2510 CVE-2020-2517 |
| FULLDISC:20210211 APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002 | CVE-2021-3156 |
| FULLDISC:20210211 Path traversal in SolarWinds Serv-U File Server <=15.2.1 | CVE-2020-27994 |
| FULLDISC:20210211 Stored XSS in SolarWinds Serv-U File Server <=15.2.1 | CVE-2020-28001 |
| FULLDISC:20210218 AST-2021-001: Remote crash in res_pjsip_diversion | CVE-2020-35776 |
| FULLDISC:20210218 AST-2021-002: Remote crash possible when negotiating T.38 | CVE-2021-26717 |
| FULLDISC:20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls | CVE-2021-26712 |
| FULLDISC:20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver | CVE-2021-26906 |
| FULLDISC:20210219 [CSA-2021-001] Cross-Site Request Forgery in Apache MyFaces | CVE-2021-26296 |
| FULLDISC:20210219 [KIS-2021-02] docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability | CVE-2020-7680 CVE-2021-23342 |
| FULLDISC:20210223 CIRA Canadian Shield iOS Application - MITM SSL Certificate Vulnerability (CVE-2021-27189) | CVE-2021-27189 |
| FULLDISC:20210226 VisualWare MyConnection Server 11.x Remote Code Execution Vulnerability | CVE-2021-27198 |
| FULLDISC:20210302 Multiple Vulnerabilities in jpeg-xl (CVE-2021-27804) | CVE-2021-27804 |
| FULLDISC:20210304 AST-2021-006: Crash when negotiating T.38 with a zero port | CVE-2019-15297 |
| FULLDISC:20210308 Unholy CRAP: Moziila's executable installers | CVE-2014-1520 |
| FULLDISC:20210311 [CVE-2021-28144] Authenticated Command Injection in D-Link DIR-3060 Web Interface | CVE-2021-28144 |
| FULLDISC:20210312 [AIT-SA-20210215-01] CVE-2020-24914: QCubed PHP Object Injection | CVE-2020-24914 |
| FULLDISC:20210312 [AIT-SA-20210215-02] CVE-2020-24913: QCubed SQL Injection | CVE-2020-24913 |
| FULLDISC:20210312 [AIT-SA-20210215-03] CVE-2020-24912: QCube Cross-Site-Scripting | CVE-2020-24912 CVE-2020-24913 |
| FULLDISC:20210312 [AIT-SA-20210215-04] CVE-2020-24036: ForkCMS PHP Object Injection | CVE-2020-24036 |
| FULLDISC:20210319 [SYSS-2020-044]: Zoom - Exposure of Resource to Wrong Sphere (CWE-668) (CVE-2021-28133) | CVE-2021-28133 |
| FULLDISC:20210323 CVE-2018-3635 revisited: executable installers are vulnerable^WEVIL (case 60): again arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver | CVE-2018-3635 |
| FULLDISC:20210326 CVE-2021-3275 : Unauthenticated Stored Cross-site Scripting in Multiple TP-Link Devices | CVE-2021-3275 |
| FULLDISC:20210405 Onapsis Security Advisory 2021-0001: [CVE-2020-6207] - Unauthenticated RCE in SAP all SMD Agents connected to SAP SolMan | CVE-2020-6207 |
| FULLDISC:20210405 Onapsis Security Advisory 2021-0002: [CVE-2020-6234] - SAP Multiple root LPE through SAP Host Control | CVE-2020-6234 |
| FULLDISC:20210405 Onapsis Security Advisory 2021-0003: [CVE-2020-6287] - [SAP RECON] SAP JAVA: Unauthenticated execution of configuration tasks | CVE-2020-6287 |
| FULLDISC:20210405 Onapsis Security Advisory 2021-0004: [CVE-2020-26820] - SAP Java OS Remote Code Execution | CVE-2020-26820 |
| FULLDISC:20210406 Trojan.Win32.Sharer.h / Known Vulnerable Component - Heap Corruption | CVE-2020-13432 |
| FULLDISC:20210407 SEC Consult SA-20210407-0 :: Arbitrary File Upload and Bypassing .htaccess Rules in Monospace Directus Headless CMS | CVE-2021-29641 |
| FULLDISC:20210408 CVE-2021-26709 - Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem | CVE-2021-26709 |
| FULLDISC:20210408 [SYSS-2020-032] Open Redirect in Tableau Server (CVE-2021-1629) | CVE-2021-1629 |
| FULLDISC:20210419 [CVE-2021-1472/CVE-2021-1473] Cisco RV Series Authentication Bypass and Remote Command Execution | CVE-2021-1472 CVE-2021-1473 |
| FULLDISC:20210419 [CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992] Multiple vulnerabilities in Fibaro Home Center | CVE-2021-20989 CVE-2021-20990 CVE-2021-20991 CVE-2021-20992 |
| FULLDISC:20210427 APPLE-SA-2021-04-26-1 iOS 14.5 and iPadOS 14.5 | CVE-2020-7463 |
| FULLDISC:20210427 APPLE-SA-2021-04-26-10 Xcode 12.5 | CVE-2021-21300 |
| FULLDISC:20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3 | CVE-2020-7463 CVE-2020-8286 |
| FULLDISC:20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina | CVE-2020-3838 CVE-2020-8037 CVE-2020-8285 CVE-2020-8286 CVE-2021-1797 |
| FULLDISC:20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave | CVE-2020-3838 CVE-2020-8286 CVE-2021-1797 CVE-2021-1805 CVE-2021-1806 |
| FULLDISC:20210427 APPLE-SA-2021-04-26-6 tvOS 14.5 | CVE-2021-1844 |
| FULLDISC:20210427 APPLE-SA-2021-04-26-7 Safari 14.1 | CVE-2020-7463 |
| FULLDISC:20210427 APPLE-SA-2021-04-26-8 iCloud for Windows 12.3 | CVE-2020-7463 |
| FULLDISC:20210427 APPLE-SA-2021-04-26-9 iTunes 12.11.3 for Windows | CVE-2020-7463 |
| FULLDISC:20210427 XSS stored in PFSense 2.5.0 CVE-2021-27933 | CVE-2021-27933 |
| FULLDISC:20210504 KSA-Dev-0010:CVE-2021-25328:Authenticated Stack Overflow in Skyworth RN510 mesh Device | CVE-2021-25328 |
| FULLDISC:20210504 KSA-Dev-0011:CVE-2021-25327: Authenticated XSRF in Skyworth RN510 Mesh Extender | CVE-2021-25327 |
| FULLDISC:20210504 KSA-Dev-0012:CVE-2021-25326:Unauthenticated Sensitive information Discloser in Skyworth RN510 Mesh Extender | CVE-2021-25326 |
| FULLDISC:20210507 Four vulnerabilities found in MikroTik's RouterOS | CVE-2020-20214 CVE-2020-20222 CVE-2020-20236 CVE-2020-20237 |
| FULLDISC:20210507 Re: Four vulnerabilities found in MikroTik's RouterOS | CVE-2020-20253 CVE-2020-20254 |
| FULLDISC:20210507 Re: Two vulnerabilities found in MikroTik's RouterOS | CVE-2020-20225 |
| FULLDISC:20210511 Four vulnerabilities found in MikroTik's RouterOS | CVE-2020-20220 CVE-2020-20227 CVE-2020-20245 CVE-2020-20246 |
| FULLDISC:20210520 CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology | CVE-2021-27135 CVE-2021-31535 |
| FULLDISC:20210526 APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6 | CVE-2021-23841 |
| FULLDISC:20210526 APPLE-SA-2021-05-25-2 macOS Big Sur 11.4 | CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-23841 |
| FULLDISC:20210526 APPLE-SA-2021-05-25-3 Security Update 2021-004 Mojave | CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 |
| FULLDISC:20210526 APPLE-SA-2021-05-25-4 Security Update 2021-003 Catalina | CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 |
| FULLDISC:20210526 APPLE-SA-2021-05-25-5 Safari 14.1.1 | CVE-2021-23841 |
| FULLDISC:20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account | CVE-2019-1000018 CVE-2019-3463 CVE-2019-3464 |
| FULLDISC:20210528 [KIS-2021-04] IPS Community Suite <= 4.5.4.2 (previewBlock) PHP Code Injection Vulnerability | CVE-2021-32924 |
| FULLDISC:20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series | CVE-2020-12500 CVE-2020-12501 CVE-2020-12502 CVE-2020-12503 CVE-2020-12504 |
| FULLDISC:20210611 secuvera-SA-2021-01: Privilege Escalation in NetSetMan Pro 4.7.2 | CVE-2021-34546 |
| FULLDISC:20210614 Onapsis Security Advisory 2021-0005: SAP Solution Manager Open Redirect from Trace Analysis | CVE-2020-26836 |
| FULLDISC:20210614 Onapsis Security Advisory 2021-0006: [CVE-2020-26811] - SAP Hybris eCommerce - SSRF in acceleratorservices module | CVE-2020-26811 |
| FULLDISC:20210614 Onapsis Security Advisory 2021-0007: Exposure of Sensitive Information to an Unauthorized Actor | CVE-2020-26809 |
| FULLDISC:20210614 Onapsis Security Advisory 2021-0008: OS Command Injection in CA Introscope Enterprise Manager | CVE-2020-6364 |
| FULLDISC:20210614 Onapsis Security Advisory 2021-0009: Hard-coded Credentials in CA Introscope Enterprise Manager | CVE-2020-6369 |
| FULLDISC:20210614 Onapsis Security Advisory 2021-0010: File exfiltration and DoS in SolMan End-User Experience Monitoring | CVE-2020-26837 |
| FULLDISC:20210614 Onapsis Security Advisory 2021-0011 Missing authorization check in SolMan End-User Experience Monitoring | CVE-2020-26830 |
| FULLDISC:20210614 Onapsis Security Advisory 2021-0012: SAP Manufacturing Integration and Intelligence lack of server side validations leads to RCE | CVE-2021-21480 |
| FULLDISC:20210614 Onapsis Security Advisory 2021-0013: [CVE-2020-26829] - Missing Authentication Check In SAP NetWeaver AS JAVA P2P Cluster communication | CVE-2020-26829 |
| FULLDISC:20210614 Onapsis Security Advisory 2021-0014: Missing authorization check in SAP Solution Manager LM-SERVICE Component SP 11 PL 2 | CVE-2020-6207 |
| FULLDISC:20210618 Trovent Security Advisory 2105-01 / CVE-2021-32612: VeryFitPro unencrypted cleartext transmission of sensitive information | CVE-2021-32612 |
| FULLDISC:20210618 [SYSS-2021-007]: Protectimus SLIM NFC - External Control of System or Configuration Setting (CWE-15) (CVE-2021-32033) | CVE-2021-32033 |
| FULLDISC:20210629 CVE-2021-35523: Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30 | CVE-2021-35523 |
| FULLDISC:20210709 Novus Managment System Vulnerabilities (CVE-2021-34820, CVE-2021-38421) | CVE-2021-34820 |
| FULLDISC:20210714 SEC Consult SA-20210714-0 :: Critical vulnerabilities in Schneider Electric EVlink Charging Stations | CVE-2018-7801 |
| FULLDISC:20210716 Open-Xchange Security Advisory 2021-07-15 | CVE-2020-24700 CVE-2020-24701 CVE-2021-26698 CVE-2021-26699 |
| FULLDISC:20210716 VMware ThinApp DLL hijacking vulnerability | CVE-2021-22000 |
| FULLDISC:20210719 [KIS-2021-05] Concrete5 <= 8.5.5 (Logging Settings) Phar Deserialization Vulnerability | CVE-2021-36766 |
| FULLDISC:20210720 Open-Xchange Security Advisory 2021-07-19 | CVE-2021-28093 CVE-2021-28094 CVE-2021-28095 |
| FULLDISC:20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver | CVE-2021-31878 |
| FULLDISC:20210722 AST-2021-008: Remote crash when using IAX2 channel driver | CVE-2021-32558 |
| FULLDISC:20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7 | CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2021-3518 |
| FULLDISC:20210723 APPLE-SA-2021-07-21-2 macOS Big Sur 11.5 | CVE-2021-3518 |
| FULLDISC:20210723 APPLE-SA-2021-07-21-5 watchOS 7.6 | CVE-2021-3518 |
| FULLDISC:20210723 APPLE-SA-2021-07-21-6 tvOS 14.7 | CVE-2021-3518 |
| FULLDISC:20210813 [SYSS-2021-042] TJWS - Reflected Cross-Site Scripting (CVE-2021-37573) | CVE-2021-37573 |
| FULLDISC:20210816 Cyberoam NetGenie (C0101B1-20141120-NG11VO) - Cross Site Scripting (XSS) | CVE-2021-38702 |
| FULLDISC:20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series | CVE-2017-16544 |
| FULLDISC:20210827 SEC Consult SA-20210827-1 :: XML Tag injection in BSCW Server | CVE-2021-36359 |
| FULLDISC:20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices | CVE-2013-7423 CVE-2015-0235 CVE-2016-1234 |
| FULLDISC:20210907 Re: a xss vulnerability in Jforum 2.7.0 | CVE-2021-40509 |
| FULLDISC:20210917 AMD Chipset Driver Information Disclosure Vulnerability [CVE-2021-26333] | CVE-2021-26333 |
| FULLDISC:20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8 | CVE-2021-30858 CVE-2021-30860 |
| FULLDISC:20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2 | CVE-2021-30860 |
| FULLDISC:20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6 | CVE-2021-30858 CVE-2021-30860 |
| FULLDISC:20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina | CVE-2021-30860 |
| FULLDISC:20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2 | CVE-2021-30858 |
| FULLDISC:20210921 APPLE-SA-2021-09-20-4 Xcode 13 | CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372 |
| FULLDISC:20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8 | CVE-2021-30858 CVE-2021-30860 |
| FULLDISC:20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6 | CVE-2021-22925 CVE-2021-30858 CVE-2021-30860 |
| FULLDISC:20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina | CVE-2021-22925 CVE-2021-30713 CVE-2021-30783 CVE-2021-30860 |
| FULLDISC:20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5 | CVE-2021-30858 CVE-2021-30860 |
| FULLDISC:20211005 [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045) | CVE-2021-33044 CVE-2021-33045 |
| FULLDISC:20211019 Yellowfin < 9.6.1 Multiple Vulnerabilities | CVE-2021-36387 CVE-2021-36388 CVE-2021-36389 |
| FULLDISC:20211022 Onapsis Security Advisory 2021-0016: XXE in SAP JAVA NetWeaver System Connections | CVE-2021-27635 |
| FULLDISC:20211022 Onapsis Security Advisory 2021-0020: SAP Enterprise Portal - Exposed sensitive data in html body | CVE-2021-33687 |
| FULLDISC:20211026 [ES2021-05] FreeSWITCH vulnerable to SIP digest leak for configured gateways | CVE-2021-41158 |
| FULLDISC:20211026 [ES2021-07] FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing | CVE-2021-37624 |
| FULLDISC:20211026 [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default | CVE-2021-41157 |
| FULLDISC:20211026 [ES2021-09] FreeSWITCH susceptible to Denial of Service via invalid SRTP packets | CVE-2021-41105 |
| FULLDISC:20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8 | CVE-2021-30810 CVE-2021-30811 CVE-2021-30835 CVE-2021-30837 CVE-2021-30841 CVE-2021-30842 CVE-2021-30843 CVE-2021-30846 CVE-2021-30847 CVE-2021-30849 |
| FULLDISC:20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15 | CVE-2021-30810 CVE-2021-30835 CVE-2021-30837 CVE-2021-30841 CVE-2021-30842 CVE-2021-30843 CVE-2021-30846 CVE-2021-30847 CVE-2021-30849 CVE-2021-30850 |
| FULLDISC:20211027 APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15 | CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 |
| FULLDISC:20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15 | CVE-2021-30810 CVE-2021-30811 CVE-2021-30815 CVE-2021-30819 CVE-2021-30825 CVE-2021-30826 CVE-2021-30835 CVE-2021-30837 CVE-2021-30838 CVE-2021-30841 CVE-2021-30842 CVE-2021-30843 CVE-2021-30846 CVE-2021-30847 CVE-2021-30848 CVE-2021-30849 |
| FULLDISC:20211029 SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2 | CVE-2021-34593 |
| FULLDISC:20211104 SEC Consult SA-20211104-0 :: Reflected cross-site scripting vulnerability in IBM Sterling B2B Integrator | CVE-2021-20562 |
| FULLDISC:20211112 Trovent Security Advisory 2105-02 / CVE-2021-33618: Stored cross-site scripting in Dolibarr ERP & CRM | CVE-2021-33618 |
| FULLDISC:20211112 Trovent Security Advisory 2106-01 / CVE-2021-33816: Authenticated remote code execution in Dolibarr ERP & CRM | CVE-2021-33816 |
| FULLDISC:20211118 Responsible Full disclosure for LiquidFiles 3.5.13 | CVE-2021-43397 |
| FULLDISC:20211121 CVE-2021-44033: Ionic Identity Vault PIN Unlock Lockout Bypass (Android & iOS) | CVE-2021-44033 |
| FULLDISC:20211121 Open-Xchange Security Advisory 2021-11-18 | CVE-2021-33488 |
| FULLDISC:20211123 Re: Responsible Full disclosure for LiquidFiles 3.5.13 | CVE-2021-43397 |
| FULLDISC:20211203 CA20211201-01: Security Notice for CA Network Flow Analysis | CVE-2021-44050 |
| FULLDISC:20211203 CVE-2021-37253: M-Files Web Improper Range Header Processing Denial of Services (DoS) Vulnerability | CVE-2021-37253 |
| FULLDISC:20211203 usd AG Security Advisories 11/2021 | CVE-2021-25273 CVE-2021-32718 |
| FULLDISC:20211207 (Reprise License Manager) RLM 14.2 - Authenticated Remote Binary Execution | CVE-2018-15573 |
| FULLDISC:20211214 SEC Consult SA-20211214-0 :: Remote ADBC SQL Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG | CVE-2021-33701 |
| FULLDISC:20211214 SEC Consult SA-20211214-1 :: Remote ABAP Code Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG | CVE-2021-33701 |
| FULLDISC:20211217 APPLE-SA-2021-12-15-5 tvOS 15.2 | CVE-2021-30916 |
| FULLDISC:20211217 APPLE-SA-2021-12-15-6 watchOS 8.3 | CVE-2021-30916 |
| FULLDISC:20211217 Trovent Security Advisory 2109-01 / CVE-2021-41843: Authenticated SQL injection in OpenEMR calendar search | CVE-2021-41843 |
| FULLDISC:20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones | CVE-2022-20660 |
| FULLDISC:20220124 SEC Consult SA-20220117-0 :: Stored Cross-Site Scripting vulnerability in TYPO3 extension "femanager" | CVE-2021-36787 |
| FULLDISC:20220124 Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. | CVE-2022-23221 |
| FULLDISC:20220124 [TO-2021-001] WebACMS 2.1.0 - Cross-Site Scripting | CVE-2021-44829 |
| FULLDISC:20220126 Onapsis Security Advisory 2021-0021: SAP Enterprise Portal - XSS NavigationReporter | CVE-2021-33702 |
| FULLDISC:20220126 Onapsis Security Advisory 2021-0022: SAP Enterprise Portal - XSS RunContentCreation | CVE-2021-33703 |
| FULLDISC:20220126 Onapsis Security Advisory 2021-0023: SAP Enterprise Portal - SSRF iviewCatcherEditor | CVE-2021-33705 |
| FULLDISC:20220126 Onapsis Security Advisory 2021-0024: SAP Enterprise Portal - Anonymous Stored Open Redirect | CVE-2021-33707 |
| FULLDISC:20220126 Onapsis Security Advisory 2021-0025: Null Pointer Dereference vulnerability in SAP CommonCryptoLib | CVE-2021-38177 |
| FULLDISC:20220126 Onapsis Security Advisory 2021-0026: SAP Enterprise Portal - XSLT injection | CVE-2021-37531 |
| FULLDISC:20220210 SEC Consult SA-20220209 :: Open Redirect in Login Page in SIEMENS-SINEMA Remote Connect | CVE-2022-23102 |
| FULLDISC:20220304 AST-2022-004: pjproject: integer underflow on STUN message | CVE-2021-37706 |
| FULLDISC:20220304 AST-2022-005: pjproject: undefined behavior after freeing a dialog set | CVE-2022-23608 |
| FULLDISC:20220304 AST-2022-006: pjproject: unconstrained malformed multipart SIP message | CVE-2022-21723 |
| FULLDISC:20220314 APPLE-SA-2022-03-14-1 iOS 15.4 and iPadOS 15.4 | CVE-2021-36976 |
| FULLDISC:20220314 APPLE-SA-2022-03-14-2 watchOS 8.5 | CVE-2021-36976 |
| FULLDISC:20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3 | CVE-2021-22945 CVE-2021-22946 CVE-2021-22947 CVE-2021-30918 CVE-2021-36976 CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158 |
| FULLDISC:20220314 APPLE-SA-2022-03-14-7 Xcode 13.3 | CVE-2019-14379 CVE-2021-44228 |
| FULLDISC:20220320 [CVE-2021-42063] SAP Knowledge Warehouse <= 7.50 "SAPIrExtHelp" Reflected XSS | CVE-2021-42063 |
| FULLDISC:20220325 [SYSS-2021-058] Razer Synapse - Local Privilege Escalation | CVE-2021-44226 |
| FULLDISC:20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download & Denial of Service in Siemens A8000 PLC | CVE-2021-45034 CVE-2022-27480 |
| FULLDISC:20220422 CVE-2021-40680: Artica Proxy VMWare Appliance 4.30.000000 <=[SP273] Rev.1 | CVE-2021-40680 |
| FULLDISC:20220504 Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver JAVA | CVE-2021-33670 |
| FULLDISC:20220516 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5 | CVE-2015-4142 CVE-2022-23308 |
| FULLDISC:20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4 | CVE-2018-25032 CVE-2021-44224 CVE-2021-44790 CVE-2021-45444 CVE-2022-0778 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23308 |
| FULLDISC:20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 | CVE-2018-25032 CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-44224 CVE-2021-44790 CVE-2021-45444 CVE-2022-0128 CVE-2022-0778 CVE-2022-22589 CVE-2022-22665 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23308 |
| FULLDISC:20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina | CVE-2018-25032 CVE-2021-44224 CVE-2021-44790 CVE-2021-45444 CVE-2022-0778 CVE-2022-22589 CVE-2022-22665 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23308 |
| FULLDISC:20220516 APPLE-SA-2022-05-16-5 watchOS 8.6 | CVE-2022-23308 |
| FULLDISC:20220516 APPLE-SA-2022-05-16-6 tvOS 15.5 | CVE-2022-23308 |
| FULLDISC:20220516 APPLE-SA-2022-05-16-8 Xcode 13.4 | CVE-2022-24765 |
| FULLDISC:20220518 LiquidFiles - 3.4.15 - Stored XSS - CVE-2021-30140 | CVE-2021-30140 |
| FULLDISC:20220518 PHPIPAM 1.4.4 - CVE-2021-46426 | CVE-2021-46426 |
| FULLDISC:20220518 SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP Application Server, ABAP and ABAP Platform (Different Software Components) | CVE-2020-26808 CVE-2020-26832 CVE-2020-6318 CVE-2021-21465 CVE-2021-21466 CVE-2021-21468 CVE-2021-21473 CVE-2021-33678 |
| FULLDISC:20220603 Re: Three vulnerabilities found in MikroTik's RouterOS | CVE-2021-36613 CVE-2021-36614 |
| FULLDISC:20220603 SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3 | CVE-2020-12501 |
| FULLDISC:20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh | CVE-2022-26531 CVE-2022-26532 |
| FULLDISC:20220610 Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855 | CVE-2022-29854 CVE-2022-29855 |
| FULLDISC:20220610 XML External Entity (XXE) vulnerability in the WSO2 Management Console | CVE-2021-42646 |
| FULLDISC:20220610 [SYSS-2022-001]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384) | CVE-2022-28384 |
| FULLDISC:20220610 [SYSS-2022-002]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382) | CVE-2022-28382 |
| FULLDISC:20220610 [SYSS-2022-003]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383) | CVE-2022-28383 |
| FULLDISC:20220610 [SYSS-2022-004]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Expected Behavior Violation (CWE-440) (CVE-2022-28386) | CVE-2022-28386 |
| FULLDISC:20220610 [SYSS-2022-005]: Verbatim Store 'n' Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384) | CVE-2022-28384 |
| FULLDISC:20220610 [SYSS-2022-006]: Verbatim Store 'n' Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382) | CVE-2022-28382 |
| FULLDISC:20220610 [SYSS-2022-007]: Verbatim Store 'n' Go Secure Portable HDD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383) | CVE-2022-28383 |
| FULLDISC:20220610 [SYSS-2022-008]: Verbatim Store 'n' Go Secure Portable HDD - Expected Behavior Violation (CWE-440) (CVE-2022-28386) | CVE-2022-28386 |
| FULLDISC:20220610 [SYSS-2022-009]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387) | CVE-2022-28387 |
| FULLDISC:20220610 [SYSS-2022-010]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382) | CVE-2022-28382 |
| FULLDISC:20220610 [SYSS-2022-011]: Verbatim Executive Fingerprint Secure SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383) | CVE-2022-28383 |
| FULLDISC:20220610 [SYSS-2022-013]: Verbatim Executive Fingerprint Secure SSD - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385) | CVE-2022-28385 |
| FULLDISC:20220610 [SYSS-2022-014]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387) | CVE-2022-28387 |
| FULLDISC:20220610 [SYSS-2022-015]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382) | CVE-2022-28382 |
| FULLDISC:20220610 [SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383) | CVE-2022-28383 |
| FULLDISC:20220610 [SYSS-2022-017]: Verbatim Fingerprint Secure Portable Hard Drive - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385) | CVE-2022-28385 |
| FULLDISC:20220610 [SYSS-2022-024]: Lepin EP-KP001 - Violation of Secure Design Principles (CWE-657) (CVE-2022-29948) | CVE-2022-29948 |
| FULLDISC:20220614 SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect | CVE-2022-29034 |
| FULLDISC:20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series | CVE-2015-0235 CVE-2015-9261 CVE-2017-16544 |
| FULLDISC:20220621 # Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0) | CVE-2022-24396 |
| FULLDISC:20220621 Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring) | CVE-2022-24399 |
| FULLDISC:20220621 Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad | CVE-2022-26101 |
| FULLDISC:20220621 Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) | CVE-2022-22547 |
| FULLDISC:20220621 Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) | CVE-2022-27657 |
| FULLDISC:20220630 BigBlueButton - Stored XSS in username (CVE-2022-31064) | CVE-2022-31064 |
| FULLDISC:20220718 Re: AnyDesk Public Exploit Disclosure - Arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine | CVE-2022-32450 |
| FULLDISC:20220718 SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS | CVE-2022-28888 |
| FULLDISC:20220721 APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6 | CVE-2022-26768 CVE-2022-26981 |
| FULLDISC:20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5 | CVE-2022-24070 CVE-2022-26981 |
| FULLDISC:20220721 APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8 | CVE-2022-0156 CVE-2022-0158 CVE-2022-26704 |
| FULLDISC:20220721 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina | CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2022-0128 CVE-2022-26704 |
| FULLDISC:20220721 APPLE-SA-2022-07-20-5 tvOS 15.6 | CVE-2022-26981 |
| FULLDISC:20220721 APPLE-SA-2022-07-20-6 watchOS 8.7 | CVE-2022-26981 |
| FULLDISC:20220721 Open-Xchange Security Advisory 2022-07-21 | CVE-2021-38374 CVE-2021-42550 CVE-2021-44228 |
| FULLDISC:20220815 Re: typeorm CVE-2022-33171 | CVE-2022-33171 |
| FULLDISC:20220831 APPLE-SA-2022-08-31-1 iOS 12.5.6 | CVE-2022-32893 CVE-2022-32894 |
| FULLDISC:20220912 Multiple vulnerabilities discovered in Qualys Cloud Agent | CVE-2022-29549 CVE-2022-29550 |
| FULLDISC:20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter | CVE-2022-27668 |
| FULLDISC:20220915 SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP SAPControl Web Service Interface (sapuxuserchk) | CVE-2022-29614 |
| FULLDISC:20221003 Wordpress plugin - WPvivid Backup - CVE-2022-2863. | CVE-2022-2863 |
| FULLDISC:20221008 [SYSS-2022-043]: Verbatim Store 'n' Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384) | CVE-2022-28384 |
| FULLDISC:20221008 [SYSS-2022-044]: Verbatim Store 'n' Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382) | CVE-2022-28382 |
| FULLDISC:20221008 [SYSS-2022-045]: Verbatim Store 'n' Go Secure Portable SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383) | CVE-2022-28383 |
| FULLDISC:20221008 [SYSS-2022-046]: Verbatim Store 'n' Go Secure Portable SSD - Expected Behavior Violation (CWE-440) (CVE-2022-28386) | CVE-2022-28386 |
| FULLDISC:20221016 Re: over 2000 packages depend on abort()ing libgmp | CVE-2021-43618 |
| FULLDISC:20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13 | CVE-2021-36690 CVE-2021-39537 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1720 CVE-2022-1725 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-29458 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32864 CVE-2022-32883 CVE-2022-32912 |
| FULLDISC:20221030 APPLE-SA-2022-10-27-11 tvOS 16 | CVE-2021-36690 CVE-2022-32864 CVE-2022-32912 |
| FULLDISC:20221030 APPLE-SA-2022-10-27-13 watchOS 9 | CVE-2021-36690 CVE-2022-32854 CVE-2022-32864 CVE-2022-32883 CVE-2022-32893 CVE-2022-32894 CVE-2022-32912 |
| FULLDISC:20221030 APPLE-SA-2022-10-27-14 Additional information for APPLE-SA-2022-09-12-5 Safari 16 | CVE-2022-32868 CVE-2022-32912 |
| FULLDISC:20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16 | CVE-2021-36690 CVE-2022-26744 CVE-2022-32795 CVE-2022-32854 CVE-2022-32864 CVE-2022-32868 CVE-2022-32872 CVE-2022-32883 CVE-2022-32912 CVE-2022-32917 |
| FULLDISC:20221030 APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7 | CVE-2022-32795 CVE-2022-32854 CVE-2022-32864 CVE-2022-32868 CVE-2022-32872 CVE-2022-32883 CVE-2022-32912 CVE-2022-32917 |
| FULLDISC:20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 | CVE-2021-36690 CVE-2021-39537 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1720 CVE-2022-1725 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-29458 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32864 CVE-2022-32883 CVE-2022-32912 |
| FULLDISC:20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 | CVE-2021-39537 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-32864 CVE-2022-32883 CVE-2022-32917 |
| FULLDISC:20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7 | CVE-2021-39537 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-32854 CVE-2022-32864 CVE-2022-32883 CVE-2022-32894 CVE-2022-32917 |
| FULLDISC:20221030 Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973) | CVE-2022-41973 CVE-2022-41974 |
| FULLDISC:20221030 wolfssl before 5.5.1: CVE-2022-39173 Buffer overflow when refining cipher suites | CVE-2022-39173 |
| FULLDISC:20221107 APPLE-SA-2022-11-01-1 Xcode 14.1 | CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 |
| FULLDISC:20221115 SEC Consult SA-20221110-0 :: HTML Injection in BMC Remedy ITSM-Suite | CVE-2022-26088 |
| FULLDISC:20221115 SEC Consult SA-20221114-0 :: Path Traversal Vulnerability in Payara Platform | CVE-2021-41381 CVE-2022-45129 |
| FULLDISC:20221129 CyberDanube Security Research 20221124-0 | Authenticated Command Injection Hirschmann BAT-C2 | CVE-2022-40282 |
| FULLDISC:20221208 Intel Data Center Manager <= 5.1 Local Privileges Escalation | CVE-2021-44228 |
| FULLDISC:20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) | CVE-2021-3995 CVE-2021-3996 CVE-2021-44731 CVE-2022-41973 CVE-2022-41974 |
| FULLDISC:20221208 SEC Consult SA-20221201-0 :: Replay attacks & Displaying arbitrary contents in Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol (electronic shelf labels) | CVE-2022-45914 |
| FULLDISC:20221208 SEC Consult SA-20221206-0 :: Multiple critical vulnerabilities in ILIAS eLearning platform | CVE-2022-45915 CVE-2022-45916 CVE-2022-45917 CVE-2022-45918 |
| FULLDISC:20221208 [CVE-2022-21225] Intel Data Center Manager Console <= 4.1 "getRoomRackData" Authenticated (Guest+) SQL Injection | CVE-2022-21225 |
| FULLDISC:20221213 SEC Consult SA-20221213-0 :: Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) in SAP Host Agent (saposcol) | CVE-2022-35295 |
| FULLDISC:20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2 | CVE-2022-32943 CVE-2022-42837 CVE-2022-42840 CVE-2022-42842 CVE-2022-42844 CVE-2022-42845 CVE-2022-42846 CVE-2022-42848 CVE-2022-42850 CVE-2022-42851 CVE-2022-42855 CVE-2022-42859 CVE-2022-42861 CVE-2022-42862 CVE-2022-46690 CVE-2022-46693 CVE-2022-46694 CVE-2022-46701 CVE-2022-46702 |
| FULLDISC:20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2 | CVE-2022-40303 CVE-2022-40304 CVE-2022-42837 CVE-2022-42840 CVE-2022-42846 CVE-2022-42848 CVE-2022-42855 CVE-2022-42861 CVE-2022-46694 |
| FULLDISC:20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1 | CVE-2022-24836 CVE-2022-29181 CVE-2022-32942 CVE-2022-32943 CVE-2022-42837 CVE-2022-42840 CVE-2022-42841 CVE-2022-42842 CVE-2022-42845 CVE-2022-42847 CVE-2022-42853 CVE-2022-42854 CVE-2022-42855 CVE-2022-42859 CVE-2022-42861 CVE-2022-42862 CVE-2022-46690 CVE-2022-46693 CVE-2022-46697 CVE-2022-46701 |
| FULLDISC:20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2 | CVE-2022-32942 CVE-2022-40303 CVE-2022-40304 CVE-2022-42821 CVE-2022-42840 CVE-2022-42841 CVE-2022-42842 CVE-2022-42845 CVE-2022-42854 CVE-2022-42855 CVE-2022-42861 |
| FULLDISC:20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2 | CVE-2022-32942 CVE-2022-40303 CVE-2022-40304 CVE-2022-42821 CVE-2022-42840 CVE-2022-42841 CVE-2022-42842 CVE-2022-42845 |
| FULLDISC:20221220 APPLE-SA-2022-12-13-7 tvOS 16.2 | CVE-2022-40303 CVE-2022-40304 CVE-2022-42842 CVE-2022-42845 CVE-2022-42848 CVE-2022-42851 CVE-2022-42855 CVE-2022-46690 CVE-2022-46693 CVE-2022-46694 CVE-2022-46701 |
| FULLDISC:20221220 APPLE-SA-2022-12-13-8 watchOS 9.2 | CVE-2022-40303 CVE-2022-40304 CVE-2022-42837 CVE-2022-42842 CVE-2022-42845 CVE-2022-42859 CVE-2022-46690 CVE-2022-46693 CVE-2022-46694 |
| FULLDISC:20221220 SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT) | CVE-2021-34427 |
| FULLDISC:20230106 Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877 | CVE-2022-44877 |
| FULLDISC:20230119 SEC Consult SA-20230117-0 :: Pre-authenticated Remote Code Execution in cs.exe (@OpenText Content Server component of OpenText Extended ECM) | CVE-2022-45923 |
| FULLDISC:20230119 SEC Consult SA-20230117-1 :: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint in @OpenText Content Server component of OpenText Extended ECM | CVE-2022-45927 |
| FULLDISC:20230119 SEC Consult SA-20230117-2 :: Multiple post-authentication vulnerabilities including RCE in @OpenText Content Server component of OpenText Extended ECM | CVE-2022-45922 CVE-2022-45924 CVE-2022-45925 CVE-2022-45926 CVE-2022-45928 |
| FULLDISC:20230119 wolfSSL 5.3.0: Denial-of-service | CVE-2022-38153 |
| FULLDISC:20230119 wolfSSL before 5.5.0: Denial-of-service with session resumption | CVE-2022-38152 |
| FULLDISC:20230119 wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS | CVE-2022-42905 |
| FULLDISC:20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2 | CVE-2022-32221 CVE-2022-35260 CVE-2022-3705 CVE-2022-42915 CVE-2022-42916 |
| FULLDISC:20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3 | CVE-2022-32221 CVE-2022-32915 CVE-2022-35252 CVE-2022-35260 CVE-2022-42915 CVE-2022-42916 |
| FULLDISC:20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3 | CVE-2022-35252 |
| FULLDISC:20230123 Re: HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm | CVE-2023-24039 CVE-2023-24040 |
| FULLDISC:20230126 [SYSS-2022-047] Razer Synapse - Local Privilege Escalation | CVE-2021-44226 |
| FULLDISC:20230130 Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL | CVE-2022-38756 |
| FULLDISC:20230214 OXAS-ADV-2022-0002: OX App Suite Security Advisory | CVE-2022-42889 |
| FULLDISC:20230216 Remote Code Execution in Kardex MLOG | CVE-2023-22855 |
| FULLDISC:20230227 [NetworkSEC NWSSA] CVE-2023-26602: ASUS ASMB8 iKVM RCE and SSH Root Access | CVE-2023-26602 |
| FULLDISC:20230227 [NetworkSEC NWSSA] CVE-2023-26609: ABUS Security Camera LFI, RCE and SSH Root | CVE-2023-26609 |
| FULLDISC:20230302 SEC Consult SA-20230228-0 :: OS Command Injectionin Barracuda CloudGen WAN | CVE-2023-26213 |
| FULLDISC:20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3 | CVE-2022-43552 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 CVE-2023-0512 |
| FULLDISC:20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4 | CVE-2023-0433 CVE-2023-0512 |
| FULLDISC:20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5 | CVE-2022-26702 CVE-2023-0433 CVE-2023-0512 |
| FULLDISC:20230330 RSA NetWitness EDR Agent / Incorrect Access Control - Code Execution / CVE-2022-47529 | CVE-2022-47529 |
| FULLDISC:20230418 [CVE-2023-22620] SecurePoint UTM <= 12.2.5 "spcgi.cgi" sessionId Information Disclosure Allowing Device Takeover | CVE-2023-22620 |
| FULLDISC:20230418 [CVE-2023-22897] SecurePoint UTM <= 12.2.5 "spcgi.cgi" Remote Memory Contents Information Disclosure | CVE-2023-22897 |
| FULLDISC:20230424 Security vulnerabilities in Telit Cinterion IoT (formerly Thales) devices | CVE-2020-15858 |
| FULLDISC:20230428 Piwigo - CVE-2023-26876 | CVE-2023-26876 |
| FULLDISC:20230508 SCHUTZWERK-SA-2023-001: SQL Injection in Spryker Commerce OS | CVE-2022-28888 CVE-2023-27568 |
| FULLDISC:20230511 CyberDanube Security Research 20230511-0 | Multiple Vulnerabilities in Advantech EKI-15XX Series | CVE-2023-2573 CVE-2023-2574 CVE-2023-2575 |
| FULLDISC:20230529 SEC Consult SA-20230516-0 :: Multiple Vulnerabilities in Serenity and StartSharp Software | CVE-2023-31285 CVE-2023-31286 CVE-2023-31287 |
| FULLDISC:20230530 CVE-2022-48335 - Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90) | CVE-2015-6639 CVE-2015-6647 |
| FULLDISC:20230530 SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer | CVE-2023-33255 |
| FULLDISC:20230530 [RT-SA-2023-003] Pydio Cells: Unauthorised Role Assignments | CVE-2023-32749 |
| FULLDISC:20230607 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863 | CVE-2005-1513 CVE-2023-33863 CVE-2023-33864 CVE-2023-33865 |
| FULLDISC:20230707 SEC Consult SA-20230703-0 :: Multiple Vulnerabilities including Unauthenticated RCE in Siemens A8000 | CVE-2023-28489 CVE-2023-33919 CVE-2023-33920 CVE-2023-33921 |
| FULLDISC:20230707 ServiceNow Account Takeover to Full Admin Compromise | CVE-2022-43684 |
| FULLDISC:20230719 CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent | CVE-2010-3856 CVE-2016-10009 |
| FULLDISC:20230719 [RT-SA-2023-001] Session Token Enumeration in RWS WorldServer | CVE-2023-38357 |
| FULLDISC:20230721 [SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335) | CVE-2023-38335 |
| FULLDISC:20230721 [SYSS-2023-006]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38334) | CVE-2023-38334 |
| FULLDISC:20230724 APPLE-SA-2023-07-24-1 Safari 16.6 | CVE-2023-20593 CVE-2023-28130 CVE-2023-3269 CVE-2023-34434 CVE-2023-35088 CVE-2023-36542 CVE-2023-37895 CVE-2023-3817 CVE-2023-38334 CVE-2023-38335 CVE-2023-38435 CVE-2023-38633 CVE-2023-39508 |
| FULLDISC:20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5 | CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 |
| FULLDISC:20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8 | CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 |
| FULLDISC:20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9 | CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 |
| FULLDISC:20230801 CVE-2023-28130 - Hostname injection leads to Remote Code Execution RCE (Authenticated) | CVE-2023-28130 |
| FULLDISC:20230811 St. Poelten UAS | Multiple Vulnerabilities in Phoenix Contact TC Cloud Client / TC Router / Cloud Client | CVE-2023-3526 CVE-2023-3569 |
| FULLDISC:20230811 St. Poelten UAS | Multiple XSS in Advantech EKI 15XX Series | CVE-2023-4202 CVE-2023-4203 |
| FULLDISC:20230815 Missing Immutable Root of Trust in Hardware (CWE-1326) / CVE-2023-22955 | CVE-2023-22955 |
| FULLDISC:20230815 Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22956 | CVE-2023-22956 |
| FULLDISC:20230815 Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22957 | CVE-2023-22957 |
| FULLDISC:20230817 KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit | CVE-2023-22809 |
| FULLDISC:20230823 [KIS-2023-05] SugarCRM <= 12.2.0 (Notes) Unrestricted File Upload Vulnerability | CVE-2023-35808 |
| FULLDISC:20230823 [KIS-2023-06] SugarCRM <= 12.2.0 (updateGeocodeStatus) Bean Manipulation Vulnerability | CVE-2023-35809 |
| FULLDISC:20230823 [KIS-2023-07] SugarCRM <= 12.2.0 (Docusign_GlobalSettings) PHP Object Injection Vulnerability | CVE-2023-35810 |
| FULLDISC:20230823 [KIS-2023-08] SugarCRM <= 12.2.0 Two SQL Injection Vulnerabilities | CVE-2023-35811 |
| FULLDISC:20230823 [KIS-2023-09] CrafterCMS <= 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities | CVE-2023-4136 |
| FULLDISC:20230904 Vulnerabilities in Internet Radio auna IR-160 SE (UIProto) | CVE-2019-13473 CVE-2019-13474 |
| FULLDISC:20230908 APPLE-SA-2023-09-07-2 iOS 16.6.1 and iPadOS 16.6.1 | CVE-2023-41061 |
| FULLDISC:20230908 APPLE-SA-2023-09-07-3 watchOS 9.6.2 | CVE-2023-41061 |
| FULLDISC:20230918 SEC Consult SA-20230829-0 :: Reflected Cross-Site Scripting (XSS) in PTC - Codebeamer (ALM Solution) | CVE-2023-4296 |
| FULLDISC:20230918 [SYSS-2023-002] Razer Synapse - Local Privilege Escalation | CVE-2021-44226 CVE-2022-47631 CVE-2022-47632 |
| FULLDISC:20231002 APPLE-SA-09-26-2023-1 Safari 17 | CVE-2023-35074 CVE-2023-40417 CVE-2023-40451 CVE-2023-41074 |
| FULLDISC:20231002 APPLE-SA-09-26-2023-2 macOS Sonoma 14 | CVE-2023-23495 CVE-2023-29497 CVE-2023-32361 CVE-2023-32377 CVE-2023-32396 CVE-2023-32421 CVE-2023-35074 CVE-2023-35984 CVE-2023-35990 CVE-2023-37448 CVE-2023-38586 CVE-2023-38596 CVE-2023-38615 CVE-2023-39233 CVE-2023-39434 CVE-2023-40384 CVE-2023-40386 CVE-2023-40388 CVE-2023-40391 CVE-2023-40395 CVE-2023-40399 CVE-2023-40400 CVE-2023-40402 CVE-2023-40403 CVE-2023-40406 CVE-2023-40407 CVE-2023-40410 CVE-2023-40417 CVE-2023-40420 CVE-2023-40422 CVE-2023-40424 CVE-2023-40426 CVE-2023-40427 CVE-2023-40429 CVE-2023-40432 CVE-2023-40434 CVE-2023-40436 CVE-2023-40441 CVE-2023-40448 CVE-2023-40450 CVE-2023-40452 CVE-2023-40454 CVE-2023-40455 CVE-2023-40541 CVE-2023-41063 CVE-2023-41065 CVE-2023-41066 CVE-2023-41067 CVE-2023-41070 CVE-2023-41073 CVE-2023-41074 CVE-2023-41078 CVE-2023-41079 CVE-2023-41968 CVE-2023-41979 CVE-2023-41980 CVE-2023-41981 CVE-2023-41984 CVE-2023-41986 CVE-2023-41995 |
| FULLDISC:20231002 APPLE-SA-09-26-2023-3 Additional information for APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7 | CVE-2023-35990 CVE-2023-40395 CVE-2023-40403 CVE-2023-40420 CVE-2023-40448 CVE-2023-40454 CVE-2023-41063 CVE-2023-41068 CVE-2023-41070 CVE-2023-41073 CVE-2023-41232 CVE-2023-41981 CVE-2023-41984 |
| FULLDISC:20231002 APPLE-SA-09-26-2023-4 Additional information for APPLE-SA-2023-09-21-6 macOS Ventura 13.6 | CVE-2023-40403 CVE-2023-40406 CVE-2023-40409 CVE-2023-40412 CVE-2023-40420 CVE-2023-40427 CVE-2023-40452 CVE-2023-41063 CVE-2023-41070 CVE-2023-41073 CVE-2023-41968 CVE-2023-41981 CVE-2023-41996 |
| FULLDISC:20231002 APPLE-SA-09-26-2023-5 Additional information for APPLE-SA-2023-09-21-7 macOS Monterey 12.7 | CVE-2023-40395 CVE-2023-40403 CVE-2023-40406 CVE-2023-40409 CVE-2023-40412 CVE-2023-40420 CVE-2023-40427 CVE-2023-40452 CVE-2023-41073 CVE-2023-41968 |
| FULLDISC:20231002 APPLE-SA-09-26-2023-6 Xcode 15 | CVE-2023-32396 CVE-2023-40391 CVE-2023-40435 |
| FULLDISC:20231002 APPLE-SA-09-26-2023-7 iOS 17 and iPadOS 17 | CVE-2023-32361 CVE-2023-32396 CVE-2023-35074 CVE-2023-35984 CVE-2023-35990 CVE-2023-38596 CVE-2023-39434 CVE-2023-40384 CVE-2023-40391 CVE-2023-40395 CVE-2023-40399 CVE-2023-40400 CVE-2023-40403 CVE-2023-40409 CVE-2023-40412 CVE-2023-40417 CVE-2023-40419 CVE-2023-40420 CVE-2023-40424 CVE-2023-40427 CVE-2023-40428 CVE-2023-40429 CVE-2023-40431 CVE-2023-40432 CVE-2023-40434 CVE-2023-40441 CVE-2023-40443 CVE-2023-40452 CVE-2023-40456 CVE-2023-40520 CVE-2023-41063 CVE-2023-41065 CVE-2023-41068 CVE-2023-41070 CVE-2023-41073 CVE-2023-41074 CVE-2023-41174 CVE-2023-41968 CVE-2023-41980 CVE-2023-41981 CVE-2023-41986 CVE-2023-41995 |
| FULLDISC:20231002 APPLE-SA-09-26-2023-8 watchOS 10 | CVE-2023-32361 CVE-2023-32396 CVE-2023-35074 CVE-2023-35984 CVE-2023-35990 CVE-2023-38596 CVE-2023-39434 CVE-2023-40395 CVE-2023-40399 CVE-2023-40400 CVE-2023-40403 CVE-2023-40409 CVE-2023-40410 CVE-2023-40412 CVE-2023-40417 CVE-2023-40418 CVE-2023-40419 CVE-2023-40420 CVE-2023-40424 CVE-2023-40427 CVE-2023-40429 CVE-2023-40432 CVE-2023-40452 CVE-2023-40456 CVE-2023-40520 CVE-2023-41065 CVE-2023-41068 CVE-2023-41070 CVE-2023-41073 CVE-2023-41074 CVE-2023-41174 CVE-2023-41968 CVE-2023-41981 |
| FULLDISC:20231002 APPLE-SA-09-26-2023-9 tvOS 17 | CVE-2023-32361 CVE-2023-32396 CVE-2023-35074 CVE-2023-35984 CVE-2023-38596 CVE-2023-40384 CVE-2023-40391 CVE-2023-40395 CVE-2023-40399 CVE-2023-40400 CVE-2023-40403 CVE-2023-40409 CVE-2023-40412 CVE-2023-40419 CVE-2023-40420 CVE-2023-40427 CVE-2023-40429 CVE-2023-40432 CVE-2023-40452 CVE-2023-40456 CVE-2023-40520 CVE-2023-41063 CVE-2023-41065 CVE-2023-41068 CVE-2023-41073 CVE-2023-41074 CVE-2023-41174 CVE-2023-41968 CVE-2023-41981 |
| FULLDISC:20231005 APPLE-SA-2023-10-04-1 iOS 17.0.3 and iPadOS 17.0.3 | CVE-2023-5217 |
| FULLDISC:20231005 CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so | CVE-2019-19726 |
| FULLDISC:20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch) | CVE-2020-6215 |
| FULLDISC:20231016 APPLE-SA-10-10-2023-1 iOS 16.7.1 and iPadOS 16.7.1 | CVE-2023-5217 |
| FULLDISC:20231016 Defense in depth -- the Microsoft way (part 86): shipping rotten software to billions of unsuspecting customers | CVE-2023-38039 |
| FULLDISC:20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days. | CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620 |
| FULLDISC:20231025 APPLE-SA-10-25-2023-1 iOS 17.1 and iPadOS 17.1 | CVE-2023-40408 CVE-2023-40413 CVE-2023-40416 CVE-2023-40423 CVE-2023-40445 CVE-2023-40447 CVE-2023-40449 CVE-2023-41072 CVE-2023-41254 CVE-2023-41976 CVE-2023-41982 CVE-2023-41983 CVE-2023-41988 CVE-2023-41997 CVE-2023-42841 CVE-2023-42845 CVE-2023-42846 CVE-2023-42847 CVE-2023-42849 CVE-2023-42852 CVE-2023-42857 |
| FULLDISC:20231025 APPLE-SA-10-25-2023-2 iOS 16.7.2 and iPadOS 16.7.2 | CVE-2023-32359 CVE-2023-40408 CVE-2023-40413 CVE-2023-40416 CVE-2023-40423 CVE-2023-40447 CVE-2023-40449 CVE-2023-41254 CVE-2023-41976 CVE-2023-41977 CVE-2023-41982 CVE-2023-41983 CVE-2023-41997 CVE-2023-42841 CVE-2023-42846 CVE-2023-42849 CVE-2023-42852 |
| FULLDISC:20231025 APPLE-SA-10-25-2023-3 iOS 15.8 and iPadOS 15.8 | CVE-2023-32434 |
| FULLDISC:20231025 APPLE-SA-10-25-2023-4 macOS Sonoma 14.1 | CVE-2023-30774 CVE-2023-38403 CVE-2023-40404 CVE-2023-40405 CVE-2023-40408 CVE-2023-40413 CVE-2023-40416 CVE-2023-40421 CVE-2023-40423 CVE-2023-40444 CVE-2023-40447 CVE-2023-40449 CVE-2023-41072 CVE-2023-41254 CVE-2023-41975 CVE-2023-41976 CVE-2023-41977 CVE-2023-41982 CVE-2023-41983 CVE-2023-41988 CVE-2023-41989 CVE-2023-41997 CVE-2023-42438 CVE-2023-42841 CVE-2023-42842 CVE-2023-42844 CVE-2023-42845 CVE-2023-42847 CVE-2023-42849 CVE-2023-42850 CVE-2023-42852 CVE-2023-42854 CVE-2023-42856 CVE-2023-42857 CVE-2023-42861 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4736 CVE-2023-4738 CVE-2023-4750 CVE-2023-4751 CVE-2023-4752 CVE-2023-4781 |
| FULLDISC:20231025 APPLE-SA-10-25-2023-5 macOS Ventura 13.6.1 | CVE-2023-38403 CVE-2023-40401 CVE-2023-40413 CVE-2023-40416 CVE-2023-40421 CVE-2023-40423 CVE-2023-40449 CVE-2023-41077 CVE-2023-41254 CVE-2023-41975 CVE-2023-42841 CVE-2023-42844 CVE-2023-42849 CVE-2023-42854 CVE-2023-42856 |
| FULLDISC:20231025 APPLE-SA-10-25-2023-6 macOS Monterey 12.7.1 | CVE-2023-40413 CVE-2023-40416 CVE-2023-40421 CVE-2023-40423 CVE-2023-40425 CVE-2023-40449 CVE-2023-41975 CVE-2023-42844 CVE-2023-42849 CVE-2023-42854 CVE-2023-42856 |
| FULLDISC:20231025 APPLE-SA-10-25-2023-7 tvOS 17.1 | CVE-2023-40447 CVE-2023-41976 CVE-2023-42846 CVE-2023-42852 |
| FULLDISC:20231025 APPLE-SA-10-25-2023-8 watchOS 10.1 | CVE-2023-40408 CVE-2023-40413 CVE-2023-40447 CVE-2023-41254 CVE-2023-41976 CVE-2023-41982 CVE-2023-41988 CVE-2023-41997 CVE-2023-42846 CVE-2023-42849 CVE-2023-42852 |
| FULLDISC:20231025 APPLE-SA-10-25-2023-9 Safari 17.1 | CVE-2023-40447 CVE-2023-41976 CVE-2023-41983 CVE-2023-42852 |
| FULLDISC:20231027 LKX-2023-001 VinChin VMWare Backup | CVE-2023-45498 CVE-2023-45499 |
| FULLDISC:20231112 HNS-2023-03 - HN Security Advisory - Multiple vulnerabilities in Zephyr RTOS | CVE-2023-3725 CVE-2023-4257 CVE-2023-4259 CVE-2023-4260 CVE-2023-4262 CVE-2023-4263 CVE-2023-4264 CVE-2023-4265 CVE-2023-5139 CVE-2023-5184 CVE-2023-5753 |
| FULLDISC:20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro | CVE-2006-1078 CVE-2006-1079 CVE-2007-0664 CVE-2009-4491 CVE-2023-47250 CVE-2023-47251 |
| FULLDISC:20231127 SEC Consult SA-20231123 :: Uninstall Key Caching in Fortra Digital Guardian Agent Uninstaller | CVE-2023-6253 |
| FULLDISC:20231127 [CVE-2023-46383, CVE-2023-46384, CVE-2023-46385] Multiple vulnerabilities in Loytec products (2) | CVE-2023-46383 CVE-2023-46384 CVE-2023-46385 |
| FULLDISC:20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3) | CVE-2023-46386 CVE-2023-46387 CVE-2023-46388 CVE-2023-46389 |
| FULLDISC:20231127 [SYSS-2023-019] SmartNode SN200 - Unauthenticated OS Command Injection | CVE-2023-41109 |
| FULLDISC:20231212 APPLE-SA-11-30-2023-1 Safari 17.1.2 | CVE-2023-42916 CVE-2023-42917 |
| FULLDISC:20231212 APPLE-SA-11-30-2023-2 iOS 17.1.2 and iPadOS 17.1.2 | CVE-2023-42916 CVE-2023-42917 |
| FULLDISC:20231212 APPLE-SA-11-30-2023-3 macOS Sonoma 14.1.2 | CVE-2023-42916 CVE-2023-42917 |
| FULLDISC:20231212 APPLE-SA-12-11-2023-1 Safari 17.2 | CVE-2023-42883 CVE-2023-42890 |
| FULLDISC:20231212 APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2 | CVE-2023-42883 CVE-2023-42884 CVE-2023-42890 CVE-2023-42897 CVE-2023-42898 CVE-2023-42899 CVE-2023-42914 CVE-2023-42919 CVE-2023-42922 CVE-2023-42923 CVE-2023-42927 CVE-2023-45866 |
| FULLDISC:20231212 APPLE-SA-12-11-2023-3 iOS 16.7.3 and iPadOS 16.7.3 | CVE-2023-42883 CVE-2023-42884 CVE-2023-42899 CVE-2023-42914 CVE-2023-42916 CVE-2023-42917 CVE-2023-42919 CVE-2023-42922 |
| FULLDISC:20231212 APPLE-SA-12-11-2023-4 macOS Sonoma 14.2 | CVE-2020-19185 CVE-2020-19186 CVE-2020-19187 CVE-2020-19188 CVE-2020-19189 CVE-2020-19190 CVE-2023-42842 CVE-2023-42874 CVE-2023-42882 CVE-2023-42883 CVE-2023-42884 CVE-2023-42886 CVE-2023-42890 CVE-2023-42891 CVE-2023-42894 CVE-2023-42898 CVE-2023-42899 CVE-2023-42900 CVE-2023-42901 CVE-2023-42902 CVE-2023-42903 CVE-2023-42904 CVE-2023-42905 CVE-2023-42906 CVE-2023-42907 CVE-2023-42908 CVE-2023-42909 CVE-2023-42910 CVE-2023-42911 CVE-2023-42912 CVE-2023-42914 CVE-2023-42919 CVE-2023-42922 CVE-2023-42924 CVE-2023-42926 CVE-2023-42927 CVE-2023-42932 CVE-2023-45866 CVE-2023-5344 |
| FULLDISC:20231212 APPLE-SA-12-11-2023-5 macOS Ventura 13.6.3 | CVE-2020-19185 CVE-2020-19186 CVE-2020-19187 CVE-2020-19188 CVE-2020-19189 CVE-2020-19190 CVE-2023-42884 CVE-2023-42886 CVE-2023-42891 CVE-2023-42894 CVE-2023-42899 CVE-2023-42914 CVE-2023-42919 CVE-2023-42922 CVE-2023-42924 CVE-2023-42932 CVE-2023-5344 |
| FULLDISC:20231212 APPLE-SA-12-11-2023-6 macOS Monterey 12.7.2 | CVE-2020-19185 CVE-2020-19186 CVE-2020-19187 CVE-2020-19188 CVE-2020-19189 CVE-2020-19190 CVE-2023-42886 CVE-2023-42891 CVE-2023-42894 CVE-2023-42899 CVE-2023-42914 CVE-2023-42919 CVE-2023-42922 CVE-2023-42932 CVE-2023-5344 |
| FULLDISC:20231212 APPLE-SA-12-11-2023-7 tvOS 17.2 | CVE-2023-42883 CVE-2023-42884 CVE-2023-42890 CVE-2023-42898 CVE-2023-42899 CVE-2023-42914 CVE-2023-42916 CVE-2023-42917 |
| FULLDISC:20231212 APPLE-SA-12-11-2023-8 watchOS 10.2 | CVE-2023-42883 CVE-2023-42890 CVE-2023-42898 CVE-2023-42899 CVE-2023-42914 CVE-2023-42916 CVE-2023-42917 CVE-2023-42919 CVE-2023-42927 |
| FULLDISC:20231212 HNS-2023-04 - HN Security Advisory - Buffer overflow vulnerabilities with long path names in TinyDir | CVE-2023-49287 |
| FULLDISC:20231212 SEC Consult SA-20231205 :: Argument injection leading to unauthenticated RCE and authentication bypass in Atos Unify OpenScape Session Border Controller (SBC), Branch, BCF | CVE-2023-6269 |
| FULLDISC:20231212 SEC Consult SA-20231211-0 :: Local Privilege Escalation via MSI installer in PDF24 Creator | CVE-2023-49147 |
| FULLDISC:20231212 [KIS-2023-13] ISPConfig <= 3.2.11 (language_edit.php) PHP Code Injection Vulnerability | CVE-2023-46818 |
| FULLDISC:20231219 APPLE-SA-12-19-2023-1 macOS Sonoma 14.2.1 | CVE-2023-42940 |
| FULLDISC:20231219 Disclosure of CVE-2023-50917: RCE Vulnerability in MajorDoM | CVE-2023-50917 |
| FULLDISC:20231219 [ES2023-01] Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation | CVE-2023-49786 |
| FULLDISC:20231219 [KIS-2023-14] PKP-WAL <= 3.4.0-3 (NativeImportExportPlugin) Remote Code Execution Vulnerability | CVE-2023-47271 |
| FULLDISC:20240114 CyberDanube Security Research 20240109-0 | Multiple Vulnerabilities in JetNet Series | CVE-2023-5347 CVE-2023-5376 |
| FULLDISC:20240126 APPLE-SA-01-22-2024-1 Safari 17.3 | CVE-2024-23206 CVE-2024-23211 CVE-2024-23213 |
| FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | CVE-2024-23203 CVE-2024-23204 CVE-2024-23206 CVE-2024-23207 CVE-2024-23208 CVE-2024-23210 CVE-2024-23211 CVE-2024-23212 CVE-2024-23213 CVE-2024-23214 CVE-2024-23215 CVE-2024-23217 CVE-2024-23218 CVE-2024-23219 CVE-2024-23223 |
| FULLDISC:20240126 APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5 | CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-42888 CVE-2023-42915 CVE-2023-42937 CVE-2024-23206 CVE-2024-23211 CVE-2024-23212 CVE-2024-23213 CVE-2024-23214 |
| FULLDISC:20240126 APPLE-SA-01-22-2024-4 iOS 15.8.1 and iPadOS 15.8.1 | CVE-2023-42916 CVE-2023-42917 |
| FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | CVE-2024-23203 CVE-2024-23204 CVE-2024-23206 CVE-2024-23207 CVE-2024-23208 CVE-2024-23209 CVE-2024-23210 CVE-2024-23211 CVE-2024-23212 CVE-2024-23213 CVE-2024-23214 CVE-2024-23215 CVE-2024-23217 CVE-2024-23218 CVE-2024-23223 CVE-2024-23224 |
| FULLDISC:20240126 APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4 | CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-40528 CVE-2023-42887 CVE-2023-42888 CVE-2023-42915 CVE-2023-42935 CVE-2023-42937 CVE-2024-23207 CVE-2024-23212 CVE-2024-23224 |
| FULLDISC:20240126 APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3 | CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-42888 CVE-2023-42915 CVE-2023-42937 CVE-2024-23207 CVE-2024-23212 |
| FULLDISC:20240126 APPLE-SA-01-22-2024-8 watchOS 10.3 | CVE-2024-23204 CVE-2024-23206 CVE-2024-23207 CVE-2024-23208 CVE-2024-23210 CVE-2024-23211 CVE-2024-23212 CVE-2024-23213 CVE-2024-23215 CVE-2024-23217 CVE-2024-23218 CVE-2024-23223 |
| FULLDISC:20240126 APPLE-SA-01-22-2024-9 tvOS 17.3 | CVE-2024-23206 CVE-2024-23208 CVE-2024-23210 CVE-2024-23212 CVE-2024-23213 CVE-2024-23215 CVE-2024-23218 CVE-2024-23223 |
| FULLDISC:20240126 Multiple Vulnerabilities in Reprise License Manager 15.1 (CVE-2023-43183, CVE-2023-44031) | CVE-2023-43183 CVE-2023-44031 |
| FULLDISC:20240126 [Full Disclosure] CVE-2024-22901: Default MYSQL Credentials in Vinchin Backup & Recovery v7.2 and Earlier | CVE-2022-35866 |
| FULLDISC:20240126 [SBA-ADV-20200707-01] CVE-2020-36771: CloudLinux CageFS 7.1.1-1 or below Token Disclosure | CVE-2020-36771 |
| FULLDISC:20240126 [SBA-ADV-20200707-02] CVE-2020-36772: CloudLinux CageFS 7.0.8-2 or below Insufficiently Restricted Proxy Command | CVE-2020-36772 |
| FULLDISC:20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() | CVE-2021-3156 CVE-2022-39046 |
| FULLDISC:20240213 Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004) Variables | CVE-2024-23749 CVE-2024-25003 CVE-2024-25004 |
| FULLDISC:20240213 Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input (CVE-2024-23749) | CVE-2024-23749 CVE-2024-25003 CVE-2024-25004 |
| FULLDISC:20240213 IBM i Access Client Solutions / Remote Credential Theft / CVE-2024-22318 | CVE-2024-22318 |
| FULLDISC:20240213 SEC Consult SA-20240212-0 :: Multiple Stored Cross-Site Scripting vulnerabilities in Statamic CMS | CVE-2024-24570 |
| FULLDISC:20240220 Re: Buffer Overflow in graphviz via via a crafted config6a file | CVE-2023-46045 |
| FULLDISC:20240220 SEC Consult SA-20240220-0 :: Multiple Stored Cross-Site Scripting Vulnerabilities in OpenOLAT (Frentix GmbH) | CVE-2024-25973 CVE-2024-25974 |
| FULLDISC:20240302 JetStream Smart Switch - TL-SG2210P v5.0/ Improper Access Control / CVE-2023-43318 | CVE-2023-43318 |
| FULLDISC:20240302 Multilaser Router - Access Control Bypass through Cookie Manipulation - CVE-2023-38946 | CVE-2023-38946 |
| FULLDISC:20240302 Multilaser Router - Access Control Bypass through URL Manipulation - CVE-2023-38945 | CVE-2021-31152 CVE-2023-38945 |
| FULLDISC:20240302 SEC Consult SA-20240226-0 :: Local Privilege Escalation via DLL Hijacking in Qognify VMS Client Viewer | CVE-2023-49114 |
| FULLDISC:20240305 KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability | CVE-2024-2053 |
| FULLDISC:20240305 KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability | CVE-2024-2054 |
| FULLDISC:20240305 KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability | CVE-2024-2055 |
| FULLDISC:20240305 KL-001-2024-004: Artica Proxy Loopback Services Remotely Accessible Unauthenticated | CVE-2024-2056 |
| FULLDISC:20240313 APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4 | CVE-2024-23225 CVE-2024-23243 CVE-2024-23256 CVE-2024-23296 |
| FULLDISC:20240313 APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6 | CVE-2024-23225 |
| FULLDISC:20240313 APPLE-SA-03-07-2024-1 Safari 17.4 | CVE-2024-23252 CVE-2024-23254 CVE-2024-23263 CVE-2024-23273 CVE-2024-23280 |
| FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | CVE-2022-42816 CVE-2022-48554 CVE-2023-42853 CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 CVE-2024-0258 CVE-2024-23205 CVE-2024-23216 CVE-2024-23225 CVE-2024-23227 CVE-2024-23230 CVE-2024-23231 CVE-2024-23232 CVE-2024-23233 CVE-2024-23234 CVE-2024-23235 CVE-2024-23238 CVE-2024-23239 CVE-2024-23241 CVE-2024-23242 CVE-2024-23244 CVE-2024-23245 CVE-2024-23246 CVE-2024-23247 CVE-2024-23248 CVE-2024-23249 CVE-2024-23250 CVE-2024-23252 CVE-2024-23253 CVE-2024-23254 CVE-2024-23255 CVE-2024-23257 CVE-2024-23258 CVE-2024-23259 CVE-2024-23260 CVE-2024-23263 CVE-2024-23264 CVE-2024-23265 CVE-2024-23266 CVE-2024-23267 CVE-2024-23268 CVE-2024-23269 CVE-2024-23270 CVE-2024-23272 CVE-2024-23273 CVE-2024-23274 CVE-2024-23275 CVE-2024-23276 CVE-2024-23277 CVE-2024-23278 CVE-2024-23279 CVE-2024-23280 CVE-2024-23281 CVE-2024-23283 CVE-2024-23285 CVE-2024-23286 CVE-2024-23287 CVE-2024-23288 CVE-2024-23289 CVE-2024-23290 CVE-2024-23291 CVE-2024-23292 CVE-2024-23293 CVE-2024-23294 CVE-2024-23296 |
| FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | CVE-2023-28826 CVE-2024-23201 CVE-2024-23203 CVE-2024-23204 CVE-2024-23216 CVE-2024-23217 CVE-2024-23218 CVE-2024-23225 CVE-2024-23227 CVE-2024-23230 CVE-2024-23231 CVE-2024-23234 CVE-2024-23245 CVE-2024-23247 CVE-2024-23257 CVE-2024-23264 CVE-2024-23265 CVE-2024-23266 CVE-2024-23267 CVE-2024-23268 CVE-2024-23269 CVE-2024-23270 CVE-2024-23272 CVE-2024-23274 CVE-2024-23275 CVE-2024-23276 CVE-2024-23278 CVE-2024-23283 CVE-2024-23286 |
| FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | CVE-2023-28826 CVE-2024-23201 CVE-2024-23204 CVE-2024-23216 CVE-2024-23218 CVE-2024-23225 CVE-2024-23227 CVE-2024-23230 CVE-2024-23234 CVE-2024-23244 CVE-2024-23245 CVE-2024-23247 CVE-2024-23257 CVE-2024-23264 CVE-2024-23265 CVE-2024-23266 CVE-2024-23267 CVE-2024-23268 CVE-2024-23269 CVE-2024-23270 CVE-2024-23272 CVE-2024-23274 CVE-2024-23275 CVE-2024-23276 CVE-2024-23283 CVE-2024-23286 |
| FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | CVE-2022-48554 CVE-2024-0258 CVE-2024-23225 CVE-2024-23231 CVE-2024-23235 CVE-2024-23239 CVE-2024-23246 CVE-2024-23250 CVE-2024-23254 CVE-2024-23263 CVE-2024-23265 CVE-2024-23278 CVE-2024-23280 CVE-2024-23286 CVE-2024-23287 CVE-2024-23288 CVE-2024-23289 CVE-2024-23290 CVE-2024-23291 CVE-2024-23293 CVE-2024-23296 CVE-2024-23297 |
| FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | CVE-2022-48554 CVE-2024-0258 CVE-2024-23225 CVE-2024-23235 CVE-2024-23239 CVE-2024-23241 CVE-2024-23246 CVE-2024-23250 CVE-2024-23254 CVE-2024-23263 CVE-2024-23264 CVE-2024-23265 CVE-2024-23270 CVE-2024-23278 CVE-2024-23280 CVE-2024-23286 CVE-2024-23288 CVE-2024-23290 CVE-2024-23291 CVE-2024-23293 CVE-2024-23296 CVE-2024-23297 |
| FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | CVE-2024-23220 CVE-2024-23225 CVE-2024-23235 CVE-2024-23246 CVE-2024-23254 CVE-2024-23257 CVE-2024-23258 CVE-2024-23262 CVE-2024-23263 CVE-2024-23264 CVE-2024-23265 CVE-2024-23286 CVE-2024-23295 CVE-2024-23296 |
| FULLDISC:20240313 APPLE-SA-03-12-2024-1 GarageBand 10.4.11 | CVE-2024-23300 |
| FULLDISC:20240313 SEC Consult SA-20240307-0 :: Local Privilege Escalation via writable files in Checkmk Agent (CVE-2024-0670) | CVE-2024-0670 |
| FULLDISC:20240313 StimulusReflex CVE-2024-28121 | CVE-2024-28121 |
| FULLDISC:20240313 [Full Disclosure] CVE-2024-25228: Unpatched Command Injection in Vinchin Backup & Recovery Versions 7.2 and Earlier | CVE-2024-25228 |
| FULLDISC:CORE-2013-0303 - D-Link IP Cameras Multiple Vulnerabilities | CVE-2013-1599 |
| FULLDISC:FULLDISC 20190813 TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability | CVE-2019-14422 |
| FULLDISC:FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09 | CVE-2019-14225 CVE-2019-14226 |
| FULLDISC:FULLDISC: 20200929 CVE-2020-24721: Corona Exposure Notifications API: risk of coercion/data leakage [vs] | CVE-2020-24721 |
| FULLDISC:FULLDISC: 20201218 Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-8995] | CVE-2020-8995 |
| FULLDISC:FULLDISC: 20201218 Programi Bilanc - Build 007 Release 014 31.01.2020 - Multiple SQL Injections [CVE-2020-11717] | CVE-2020-11717 |
| FULLDISC:FULLDISC: 20210709 Novus Managment System Vulnerabilities (CVE-2021-34820, CVE-2021-38421) | CVE-2021-34821 |
| FULLDISC:Full Disclosure | CVE-2020-25106 |
| FULLDISC:[CVE-2012-6297] DD-WRT v24-sp2 Command Injection | CVE-2012-6297 |
