vulnerabilities and exploits

6.8
CVSSv2
CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects...

10
CVSSv2
CVE-2008-6761

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting...

China-on-siteFlexcustomer0.0.6
7.5
CVSSv2
CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php....

4.3
CVSSv2
CVE-2016-7210

atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from...

5
CVSSv2
CVE-2004-1560

Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow....

MicrosoftSql Server
9
CVSSv2
CVE-2017-6742

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause...

CiscoIos Xe
4.3
CVSSv2
CVE-2006-0846

Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views...

9.3
CVSSv2
CVE-2016-1945

The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive....

7.5
CVSSv2
CVE-2002-0902

Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting...

Phpbb GroupPhpbb
7.5
CVSSv2
CVE-2017-5863

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control....