CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1251 CVE-2017-15065 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on ASUS CM-32 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from ASUS.
1252 CVE-2017-15066 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various AVM FRITZ!Box devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from AVM.
1253 CVE-2017-15067 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Compal devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Compal.
1254 CVE-2017-15068 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Comcast branded devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Comcast.
1255 CVE-2017-15069 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Hitron devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Hitron.
1256 CVE-2017-15070 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Linksys devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Linksys.
1257 CVE-2017-15071 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on NETGEAR C6300, CM400, CM700, and CMD31T devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from NETGEAR.
1258 CVE-2017-15072 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Quantenna devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Quantenna.
1259 CVE-2017-15073 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on Samsung Home Media Server devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Samsung.
1260 CVE-2017-15074 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on SMC D3G2408 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from SMC.
1261 CVE-2017-15075 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Technicolor (formerly branded as Cisco) devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Technicolor.
1262 CVE-2017-15076 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** The Intel Puma 5, 6, and 7 chips, as used on Telstra branded NETGEAR C6300BD devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Telstra. NOTE: NETGEAR states "This vulnerability does not affect the following products: C6300BD-Telstra."
1263 CVE-2017-15077 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on UPC branded Compal CH7465-LG devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports, a related issue to CVE-2017-15067. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from UPC.
1264 CVE-2017-15078 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on Virgin Media branded Arris TG2492 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports, a related issue to CVE-2017-15064. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Virgin Media.
1265 CVE-2017-16011 2018-06-04 2018-06-04
0.0
None ??? ??? ??? ??? ??? ???
jQuery is a javascript library for DOM manipulation. jQuery's main method in affected versions (>=1.7.1 <=1.8.3) contains an unreliable way of detecting whether the input to the `jQuery(strInput)` function is intended to be a selector or HTML.
1266 CVE-2017-16012 Exec Code 2018-06-04 2018-06-04
0.0
None ??? ??? ??? ??? ??? ???
Jquery is a javascript library for DOM traversal and manipulation, event handling, animation, and Ajax. When text/javascript responses are received from cross-origin ajax requests not containing the option `dataType`, the result is executed in `jQuery.globalEval` potentially allowing an attacker to execute arbitrary code on the origin. This affects Jquery >=1.4.0 <=1.11.3 || >=1.12.4 <=2.2.4.
1267 CVE-2017-20098 XSS 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely.
1268 CVE-2017-20099 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely.
1269 CVE-2017-20100 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
1270 CVE-2017-20101 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely.
1271 CVE-2017-20102 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
1272 CVE-2017-20103 Sql 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected component.
1273 CVE-2017-20104 Sql 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads to sql injection (Time). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component.
1274 CVE-2017-20105 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component.
1275 CVE-2017-20106 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
1276 CVE-2017-20107 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component.
1277 CVE-2017-20108 XSS 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely.
1278 CVE-2017-20109 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
1279 CVE-2017-20110 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure (Credentials). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
1280 CVE-2017-20111 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability, which was classified as critical, was found in Teleopti WFM 7.1.0. This affects an unknown part of the component Administration. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
1281 CVE-2017-20112 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component.
1282 CVE-2017-20113 XSS 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
1283 CVE-2017-20114 XSS 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
1284 CVE-2017-20115 XSS 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
1285 CVE-2017-20116 XSS 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
1286 CVE-2017-20117 XSS 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
1287 CVE-2017-20118 XSS 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
1288 CVE-2017-20119 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
1289 CVE-2017-20120 CSRF 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
1290 CVE-2017-20121 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
1291 CVE-2017-20122 XSS 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src="http://1"; on onerror="$(’p').text(’Hacked’)" /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
1292 CVE-2017-20123 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.
1293 CVE-2017-20124 Sql 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
1294 CVE-2017-20125 Sql 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
1295 CVE-2017-1000449 Overflow 2018-01-02 2018-01-02
0.0
None ??? ??? ??? ??? ??? ???
BitThunder 0.9.2 stable is vulnerable to a buffer overflow in dtb_reverse.c file resulting in information disclosure
1296 CVE-2018-1471 2018-04-27 2018-04-27
0.0
None ??? ??? ??? ??? ??? ???
IBM BigFix Platform 9.2 and 9.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 140689.
1297 CVE-2018-3617 2018-05-10 2018-05-25
0.0
None ??? ??? ??? ??? ??? ???
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U2.1 do not properly ensure constant execution time.
1298 CVE-2018-5191 CSRF 2018-01-03 2018-01-03
0.0
None ??? ??? ??? ??? ??? ???
/usr/local/www/csrf/csrf-magic.php in the WebGUI in pfSense before 2.4.2-RELEASE allows Clickjacking on the CSRF error page because the error detection occurs before an X-Frame-Options header is set.
1299 CVE-2018-7106 2018-09-27 2018-10-02
0.0
None ??? ??? ??? ??? ??? ???
A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to disclose sensitive information.
1300 CVE-2018-7207 +Info 2018-02-17 2018-02-17
0.0
None ??? ??? ??? ??? ??? ???
National Payments Corporation of India (NPCI) Bharat Interface for Money (aka BHIM) 1.4.1 sends messages to undocumented telephone numbers in conjunction with logout/login actions, which allows remote attackers to obtain sensitive information.
Total number of vulnerabilities : 2011   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 (This Page)27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.