CVE-2016-6592
A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user’s system, will cause the Norton Download Manager component to load the remote user’s DLL instead of the intended DLL and execute arbitrary code when the Norton Download Manager component is run by the target user.
Source: CVE-2016-6592
CVE-2018-1002104
Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.
Source: CVE-2018-1002104
CVE-2011-3183
A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier.
Source: CVE-2011-3183
CVE-2011-3202
A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.
Source: CVE-2011-3202
CVE-2011-2706
A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71.
Source: CVE-2011-2706
CVE-2011-2933
An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.
Source: CVE-2011-2933
CVE-2011-2934
A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.
Source: CVE-2011-2934
CVE-2019-16784
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory.
This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:WindowsTemp).
In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade).
Source: CVE-2019-16784
CVE-2011-3203
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.
Source: CVE-2011-3203
CVE-2019-13722
Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: CVE-2019-13722