Export limit exceeded: 11157 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11157 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7907 | 1 Schneider-electric | 1 Wonderware Historian Client | 2025-04-20 | N/A |
| An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network. | ||||
| CVE-2017-7909 | 1 Advantech B\+b Smartworx | 2 Mesr901, Mesr901 Firmware | 2025-04-20 | N/A |
| A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages. | ||||
| CVE-2017-7266 | 1 Netflix | 1 Security Monkey | 2025-04-20 | N/A |
| Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header. | ||||
| CVE-2017-7234 | 1 Djangoproject | 1 Django | 2025-04-20 | N/A |
| A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability. | ||||
| CVE-2017-7233 | 2 Djangoproject, Redhat | 4 Django, Openstack, Satellite and 1 more | 2025-04-20 | N/A |
| Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. | ||||
| CVE-2017-6529 | 1 Dnatools | 1 Dnalims | 2025-04-20 | N/A |
| An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter. | ||||
| CVE-2017-6348 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices. | ||||
| CVE-2017-6344 | 1 Grails | 1 Pdf Plugin | 2025-04-20 | N/A |
| XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document. | ||||
| CVE-2017-5662 | 2 Apache, Redhat | 5 Batik, Jboss Amq, Jboss Bpms and 2 more | 2025-04-20 | N/A |
| In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. | ||||
| CVE-2017-5661 | 1 Apache | 1 Formatting Objects Processor | 2025-04-20 | N/A |
| In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. | ||||
| CVE-2017-5648 | 2 Apache, Redhat | 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-20 | N/A |
| While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. | ||||
| CVE-2017-5634 | 1 Norwegian-air | 1 Norwegian Air Kiosk | 2025-04-20 | N/A |
| The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog. | ||||
| CVE-2017-5615 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2025-04-20 | N/A |
| cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location. | ||||
| CVE-2017-5614 | 1 Cpanel | 1 Cpanel | 2025-04-20 | 6.1 Medium |
| Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | ||||
| CVE-2017-5594 | 1 Pagekit | 1 Pagekit | 2025-04-20 | 7.5 High |
| An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01. | ||||
| CVE-2017-5571 | 1 Flexerasoftware | 1 Flexnet Publisher | 2025-04-20 | N/A |
| Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2017-5474 | 1 S9y | 1 Serendipity | 2025-04-20 | N/A |
| Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. | ||||
| CVE-2017-3548 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-04-20 | N/A |
| Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). | ||||
| CVE-2017-3528 | 1 Oracle | 1 Applications Framework | 2025-04-20 | N/A |
| Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). | ||||
| CVE-2017-3840 | 1 Cisco | 1 Secure Access Control System | 2025-04-20 | N/A |
| A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.8(2.5). | ||||