| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Nokogiri before 1.5.4 is vulnerable to XXE attacks |
| ZPanel 10.0.1 has insufficient entropy for its password reset process. |
| Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens. |
| quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal |
| FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. |
| An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information. |
| It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used. |
| The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04. |
| Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request. |
| The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem. |
| It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher. |
| TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box. |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. |
| It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. |
| Drupal versions 5.x and 6.x has open redirection |
| python-docutils allows insecure usage of temporary files |
| A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user. |
| An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them. |
| gri before 2.12.18 generates temporary files in an insecure way. |
| Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise. |
