NIST National Vulnerability Database

  • CVE-2011-2684
    foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs. ... Read more ...
    Source: NIST NVDPublished on 2017-10-23
  • CVE-2011-4334
    edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter. ... Read more ...
    Source: NIST NVDPublished on 2017-10-23
  • CVE-2017-13772
    Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm. ... Read more ...
    Source: NIST NVDPublished on 2017-10-23
  • CVE-2015-6839
    The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag. ... Read more ...
    Source: NIST NVDPublished on 2017-10-23
  • CVE-2012-4568
    Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. ... Read more ...
    Source: NIST NVDPublished on 2017-10-23
  • CVE-2015-2878
    Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request ... Read more ...
    Source: NIST NVDPublished on 2017-10-23
  • CVE-2012-4570
    SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. ... Read more ...
    Source: NIST NVDPublished on 2017-10-23
  • CVE-2012-4567
    Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.ClassUI.php or (2) out/out.DocumentNotify.php. ... Read more ...
    Source: NIST NVDPublished on 2017-10-23
  • CVE-2015-5533
    SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. ... Read more ...
    Source: NIST NVDPublished on 2017-10-23
  • CVE-2013-7377
    The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe. ... Read more ...
    Source: NIST NVDPublished on 2017-10-23