CVE-2016-3696

This is an entry in the Common Vulnerability Index under number CVE-2016-3696. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2016-3696

Description: The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2013-7074

This is an entry in the Common Vulnerability Index under number CVE-2013-7074. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2013-7074

Description: Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.

Continue Reading …

CVE-2005-0095

This is an entry in the Common Vulnerability Index under number CVE-2005-0095. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2005-0095

Description: The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid’s home router and invalid WCCP_I_SEE_YOU cache numbers.

Continue Reading …

CVE-2005-0695

This is an entry in the Common Vulnerability Index under number CVE-2005-0695. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2005-0695

Description: The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner’s e-mail address by providing a portion of the domain name to the “login ID”

Continue Reading …

CVE-2017-10979

This is an entry in the Common Vulnerability Index under number CVE-2017-10979. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-10979

Description: An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows “Write overflow in rad_coalesce()” – this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.

Continue Reading …

CVE-2016-1226

This is an entry in the Common Vulnerability Index under number CVE-2016-1226. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2016-1226

Description: Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Continue Reading …

CVE-2014-4572

This is an entry in the Common Vulnerability Index under number CVE-2014-4572. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2014-4572

Description: Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) bvcurl parameter.

Continue Reading …

CVE-2002-0800

This is an entry in the Common Vulnerability Index under number CVE-2002-0800. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2002-0800

Description: BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded ‘%’ character at the end.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2008-4628

This is an entry in the Common Vulnerability Index under number CVE-2008-4628. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2008-4628

Description: SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2008-3191

This is an entry in the Common Vulnerability Index under number CVE-2008-3191. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2008-3191

Description: Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City,

Continue Reading …