dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file.
CVE-2008-4947 - dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file. ...
15 years ago
CVE-2006-4947 - Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output." Drupal ...
7 years ago
CVE-2011-4947 - Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the ...
7 years ago
CVE-2012-4947 - Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages. ...
7 years ago
CVE-2013-4947 - Unspecified vulnerability in the update and build database page in Sawmill before 8.6.3 allows remote attackers to have unknown impact and attack vectors. ...
7 years ago
CVE-2014-4947 - Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors. ...
7 years ago
CVE-2009-4947 - SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter. ...
6 years ago
CVE-2015-4947 - Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows ...
6 years ago
CVE-2018-4947 - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current ...
4 years ago
CVE-2017-4947 - VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the ...
5 months ago
CVE-2007-4947 - Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the ptinclude parameter to (1) help1.php, (2) help2.php, (3) help3.php, (4) help4.php, (5) help5.php, (6) ...
16 years ago
CVE-2010-4947 - Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. ...
12 years ago
CVE-2016-4947 - Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete. ...
8 years ago
CVE-2023-4947 - The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated ...
1 year ago
CVE-2024-4947 - Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) ...
3 months ago
CVE-2019-4947 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none ...
1 year ago
CVE-2008-1378 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2360, CVE-2008-2361, CVE-2008-2362. Reason: This candidate has been withdrawn by its CNA. It was SPLIT into separate candidates before publication. Notes: All CVE users should ...
55 years ago Tenable.com
CVE-2008-2617 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2615 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2621 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2622 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2616 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2618 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago