CVE-2017-15883
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.
Source: CVE-2017-15883
CVE-2014-5069
Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs.
Source: CVE-2014-5069
CVE-2014-5071
SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username.
Source: CVE-2014-5071
CVE-2014-1859
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.
Source: CVE-2014-1859
CVE-2014-3607
DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Source: CVE-2014-3607
CVE-2014-2071
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method.
Source: CVE-2014-2071
CVE-2015-2319
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
Source: CVE-2015-2319
CVE-2018-5280
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.
Source: CVE-2018-5280
CVE-2018-5259
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.
Source: CVE-2018-5259
CVE-2018-5282
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document.
Source: CVE-2018-5282