National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 126,482 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-18910

The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.

Published: November 22, 2019; 05:15:11 PM -05:00
(not available)
CVE-2019-18909

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.

Published: November 22, 2019; 05:15:11 PM -05:00
(not available)
CVE-2019-16287

An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.

Published: November 22, 2019; 05:15:11 PM -05:00
(not available)
CVE-2019-16286

An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.

Published: November 22, 2019; 05:15:11 PM -05:00
(not available)
CVE-2019-16285

If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.

Published: November 22, 2019; 05:15:11 PM -05:00
(not available)
CVE-2019-15593

GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.

Published: November 22, 2019; 05:15:11 PM -05:00
(not available)
CVE-2019-18622

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

Published: November 22, 2019; 04:15:10 PM -05:00
(not available)
CVE-2019-13566

An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. A buffer overflow allows attackers to cause a denial of service and possibly execute arbitrary code via an IP address with a long hostname.

Published: November 22, 2019; 04:15:10 PM -05:00
(not available)
CVE-2019-3654

Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator.

Published: November 22, 2019; 03:15:11 PM -05:00
(not available)
CVE-2019-19240

Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response.

Published: November 22, 2019; 02:15:12 PM -05:00
(not available)
CVE-2019-16763

In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if pannellum.htm was hosted on a domain that shared cookies with the targeted site's user authentication; an <iframe> could then be embedded on the attacker's site using pannellum.htm from the targeted site, which would allow the attacker to potentially access information from the targeted site as the authenticated user (or worse if the targeted site did not have adequate CSRF protections) if the user clicked on a hot spot in the attacker's embedded panorama viewer. This was patched in version 2.5.5.

Published: November 22, 2019; 02:15:12 PM -05:00
(not available)
CVE-2014-6311

generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.

Published: November 22, 2019; 02:15:12 PM -05:00
(not available)
CVE-2014-6310

Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.

Published: November 22, 2019; 02:15:12 PM -05:00
(not available)
CVE-2014-2214

Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php

Published: November 22, 2019; 02:15:12 PM -05:00
(not available)
CVE-2014-2213

Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php.

Published: November 22, 2019; 02:15:11 PM -05:00
(not available)
CVE-2014-1238

Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialog.aspx in Gael Q-Pulse 0.6 and earlier.

Published: November 22, 2019; 02:15:11 PM -05:00
(not available)
CVE-2013-6879

The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation path in an error message.

Published: November 22, 2019; 02:15:11 PM -05:00
(not available)
CVE-2013-6878

Cross-site scripting (XSS) vulnerability in the Mijosoft MijoSearch component 2.0.4 and earlier for Joomla! allows remote attackers to inject arbitrary web script or HTML via the query parameter to component/mijosearch/search.

Published: November 22, 2019; 02:15:11 PM -05:00
(not available)
CVE-2013-6239

Cross-site scripting (XSS) vulnerability in the photo gallery model in Exis Contexis before 2.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter in a detail action.

Published: November 22, 2019; 02:15:11 PM -05:00
(not available)
CVE-2013-6234

Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload."

Published: November 22, 2019; 02:15:11 PM -05:00
(not available)