ReportizFlow
Filtered by vendor
Subscriptions
Total
3740 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3184 | 1 Projectworlds | 1 Online Doctor Appointment Booking System Php And Mysql | 2025-04-15 | 7.3 High |
| A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /patient/profile.php?patientId=1. The manipulation of the argument patientFirstName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-3185 | 1 Projectworlds | 1 Online Doctor Appointment Booking System Php And Mysql | 2025-04-15 | 7.3 High |
| A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been classified as critical. Affected is an unknown function of the file /patient/patientupdateprofile.php. The manipulation of the argument patientFirstName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2022-4170 | 2 Fedoraproject, Rxvt-unicode Project | 3 Extra Packages For Enterprise Linux, Fedora, Rxvt-unicode | 2025-04-14 | 9.8 Critical |
| The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. | ||||
| CVE-2025-2927 | 1 Esafenet | 1 Cdg | 2025-04-14 | 7.3 High |
| A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2016-15004 | 1 Revmakx | 1 Infinitewp Client | 2025-04-14 | 7.3 High |
| A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2015-0116 | 1 Ibm | 1 Leads | 2025-04-12 | N/A |
| IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the addition of links, which makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | ||||
| CVE-2014-8423 | 1 Arris | 1 Vap2500 Firmware | 2025-04-12 | N/A |
| Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors. | ||||
| CVE-2015-1762 | 1 Microsoft | 1 Sql Server | 2025-04-12 | N/A |
| Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability." | ||||
| CVE-2015-0931 | 1 Ektron | 1 Ektron Content Management System | 2025-04-12 | N/A |
| Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue. | ||||
| CVE-2015-1169 | 1 Apereo | 1 Central Authentication Service | 2025-04-12 | N/A |
| Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication. | ||||
| CVE-2015-3205 | 1 Libmimedir Project | 1 Libmimedir | 2025-04-12 | N/A |
| libmimedir allows remote attackers to execute arbitrary code via a VCF file with two NULL bytes at the end of the file, related to "free" function calls in the "lexer's memory clean-up procedure." | ||||
| CVE-2015-3200 | 3 Hp, Lighttpd, Oracle | 3 Virtual Customer Access System, Lighttpd, Solaris | 2025-04-12 | N/A |
| mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. | ||||
| CVE-2016-0881 | 1 Emc | 1 Documentum Xcp | 2025-04-12 | N/A |
| EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request. | ||||
| CVE-2016-2204 | 1 Symantec | 1 Messaging Gateway | 2025-04-12 | N/A |
| The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | ||||
| CVE-2014-8910 | 1 Ibm | 1 Db2 | 2025-04-12 | N/A |
| IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement. | ||||
| CVE-2015-8800 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2025-04-12 | 7.3 High |
| Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access. | ||||
| CVE-2014-7287 | 1 Symantec | 2 Encryption Management Server, Pgp Universal Server | 2025-04-12 | N/A |
| The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header. | ||||
| CVE-2016-5685 | 1 Dell | 4 Idrac7, Idrac7 Firmware, Idrac8 and 1 more | 2025-04-12 | N/A |
| Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | ||||
| CVE-2016-9832 | 1 Pwc | 1 Ace-advanced Business Application Programming | 2025-04-12 | N/A |
| PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report. | ||||
| CVE-2015-0169 | 1 Ibm | 1 Security Siteprotector System | 2025-04-12 | N/A |
| IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors. | ||||