CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1.
Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/.
Security_gateway, Gaia, Capsule_docs, Capsule_docs_standalone_client, Capsule_workspace, Check_point, Check_point_integrity_client, Check_point_vpn, Check_point_vpn-1_pro, Connectra_ngx
2018-10-11
N/A
N/A
TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response.
admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."
5400r_firmware, 5400r, 3810_firmware, 3810, 2920_firmware, 2920, 2930_firmware, 2930, 2530_firmware, 2530
2018-10-11
N/A
N/A
Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
2017-09-29
N/A
N/A
Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat Software IMAP ActiveX control (ChilkatMail2.ChilkatMailMan2.1) allows remote attackers to execute arbitrary programs via the LoadXmlEmail method.
Availscript_article_script, Availscript_classmate_script, Availscript_jobs_portal_script, Availscript_photo_album, Jobs_portal_script
2017-09-29
N/A
N/A
Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unspecified directory.
Total_protection, Data_loss_prevention_endpoint, True_key, Endpoint_security, Client_proxy, Active_response, Active_virus_defense, Active_virusscan, Advanced_threat_defense, Agent
2017-08-17
N/A
N/A
McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies.
Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php.