CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3) admineventdetails.php, (4) admineventlist.php, (5) adminuserslist.php, (6) adminleaderslist.php, (7) admindatabase.php, and possibly (8) index.php.
Business_cards_designer, E-smart_cart, Php_jobwebsite_pro, Pre_ads_portal, Pre_classified_listings, Pre_classified_listings_asp, Pre_e-learning_portal, Pre_job_board, Pre_online_tests_generator, Pre_podcast_portal
2017-09-29
N/A
N/A
homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not require administrative authentication, which allows remote attackers to have an unspecified impact via a direct request.
Business_cards_designer, E-smart_cart, Php_jobwebsite_pro, Pre_ads_portal, Pre_classified_listings, Pre_classified_listings_asp, Pre_e-learning_portal, Pre_job_board, Pre_online_tests_generator, Pre_podcast_portal
2017-09-29
N/A
N/A
Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) homeadmin/adminhome.php and (2) homeadmin/signinform.php.
admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie.
2018-10-11
N/A
N/A
World in Conflict (WIC) 1.008 and earlier allows remote attackers to cause a denial of service (access violation and crash) via a zero-byte data block to TCP port 48000, which triggers a NULL pointer dereference.
Battlefield_2, Battlefield_2142, Crysis, Karotz_smart_rabbit, Karotz_smart_rabbit_firmware, Need_for_speed_network, Origin, Origin_client
2018-10-11
N/A
N/A
The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference.
4602sw_ip_phone, 9608, 9608_firmware, 9608g, 9608g_firmware, 9611g, 9611g_firmware, 9621g, 9621g_firmware, 9641g
2017-08-17
N/A
N/A
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."
4602sw_ip_phone, 9608, 9608_firmware, 9608g, 9608g_firmware, 9611g, 9611g_firmware, 9621g, 9621g_firmware, 9641g
2017-08-17
N/A
N/A
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."
4602sw_ip_phone, 9608, 9608_firmware, 9608g, 9608g_firmware, 9611g, 9611g_firmware, 9621g, 9621g_firmware, 9641g
2017-08-17
N/A
N/A
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."
4602sw_ip_phone, 9608, 9608_firmware, 9608g, 9608g_firmware, 9611g, 9611g_firmware, 9621g, 9621g_firmware, 9641g
2017-08-17
N/A
N/A
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."