Launchpad CVE tracker

A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.

Created on 2017-03-31 and modified 7 hours ago.

Blind SQL injection in the AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.

Created on 2016-12-07 and modified 7 hours ago.

Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.

Created on 2016-12-07 and modified 7 hours ago.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, "The Riddle".

Created on 2016-12-08 and modified 7 hours ago.

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution.

Created on 2016-12-06 and modified 7 hours ago.