VYPR

CVEs

101,972 total · page 1558 of 2,040

  • CVE-2019-18850HigDec 4, 2019
    risk 0.49cvss 7.5epss 0.01

    TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY".

  • CVE-2013-7325HigDec 3, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.

  • CVE-2019-5164HigDec 3, 2019
    risk 0.51cvss 7.8epss 0.01

    An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network…

  • CVE-2019-5163HigDec 3, 2019
    risk 0.49cvss 7.5epss 0.02

    An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to…

  • CVE-2019-5133HigDec 3, 2019
    risk 0.57cvss 8.8epss 0.03

    An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the…

  • CVE-2019-5132HigDec 3, 2019
    risk 0.57cvss 8.8epss 0.04

    An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed…

  • CVE-2019-5112HigDec 3, 2019
    risk 0.57cvss 8.8epss 0.02

    Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web…

  • CVE-2019-5111HigDec 3, 2019
    risk 0.57cvss 8.8epss 0.01

    Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web…

  • CVE-2019-5110HigDec 3, 2019
    risk 0.57cvss 8.8epss 0.01

    Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability,…

  • CVE-2019-5109HigDec 3, 2019
    risk 0.57cvss 8.8epss 0.01

    Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability,…

  • CVE-2019-5097HigDec 3, 2019
    risk 0.52cvss 7.5epss 0.45

    A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be…

  • CVE-2019-5083HigDec 3, 2019
    risk 0.57cvss 8.8epss 0.04

    An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a…

  • CVE-2019-5076HigDec 3, 2019
    risk 0.57cvss 8.8epss 0.04

    An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed…

  • CVE-2016-1000104HigDec 3, 2019
    risk 0.57cvss 8.8epss 0.02

    A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

  • CVE-2019-19543HigDec 3, 2019
    risk 0.00cvss 7.8epss 0.00

    In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.

  • CVE-2019-9689HigDec 3, 2019
    risk 0.49cvss 7.5epss 0.01

    process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates.

  • CVE-2019-19458HigDec 3, 2019
    risk 0.56cvss 8.6epss 0.03

    SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.

  • CVE-2019-19383HigDec 3, 2019
    risk 0.57cvss 8.8epss 0.03

    freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled).

  • CVE-2019-19382HigDec 3, 2019
    risk 0.51cvss 7.8epss 0.00

    Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation.

  • CVE-2019-10013HigDec 3, 2019
    risk 0.49cvss 7.5epss 0.02

    The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake message, because the result…

  • CVE-2019-7366HigDec 3, 2019
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.

  • CVE-2019-7365HigDec 3, 2019
    risk 0.51cvss 7.8epss 0.00

    DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.

  • CVE-2019-4130HigDec 3, 2019
    risk 0.57cvss 8.8epss 0.02

    IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280.

  • CVE-2013-2228HigDec 3, 2019
    risk 0.53cvss 8.1epss 0.02

    SaltStack RSA Key Generation allows remote users to decrypt communications

  • CVE-2013-2106HigDec 3, 2019
    risk 0.49cvss 7.5epss 0.02

    webauth before 4.6.1 has authentication credential disclosure

  • CVE-2013-2103HigDec 3, 2019
    risk 0.53cvss 8.1epss 0.01

    OpenShift cartridge allows remote URL retrieval

  • CVE-2019-19316HigDec 2, 2019
    risk 0.42cvss 7.5epss 0.01

    When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.

  • CVE-2012-5562HigDec 2, 2019
    risk 0.56cvss 8.6epss 0.01

    A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties.

  • CVE-2014-9356HigDec 2, 2019
    risk 0.56cvss 8.6epss 0.05

    Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

  • CVE-2013-4410HigDec 2, 2019
    risk 0.49cvss 7.5epss 0.02

    ReviewBoard: has an access-control problem in REST API

  • CVE-2012-4576HigDec 2, 2019
    risk 0.51cvss 7.8epss 0.00

    FreeBSD: Input Validation Flaw allows local users to gain elevated privileges

  • CVE-2012-4480HigDec 2, 2019
    risk 0.51cvss 7.8epss 0.00

    mom creates world-writable pid files in /var/run

  • CVE-2012-4428HigDec 2, 2019
    risk 0.50cvss 7.5epss 0.10

    openslp: SLPIntersectStringList()' Function has a DoS vulnerability

  • CVE-2019-19020HigDec 2, 2019
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires…

  • CVE-2019-19019HigDec 2, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as…

  • CVE-2019-19017HigDec 2, 2019
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.

  • CVE-2019-19016HigDec 2, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance…

  • CVE-2019-19014HigDec 2, 2019
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access.

  • CVE-2019-12393HigDec 2, 2019
    risk 0.49cvss 7.5epss 0.01

    Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.

  • CVE-2019-12391HigDec 2, 2019
    risk 0.49cvss 7.5epss 0.01

    The Anviz Management System for access control has insufficient logging for device events such as door open requests.

  • CVE-2019-12389HigDec 2, 2019
    risk 0.49cvss 7.5epss 0.02

    Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010.

  • CVE-2019-12388HigDec 2, 2019
    risk 0.49cvss 7.5epss 0.01

    Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010.

  • CVE-2019-15628HigDec 2, 2019
    risk 0.51cvss 7.8epss 0.01

    Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.

  • CVE-2019-19490HigDec 2, 2019
    risk 0.47cvss 7.3epss 0.00

    LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe.

  • CVE-2019-19469HigDec 1, 2019
    risk 0.57cvss 8.8epss 0.01

    In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials.

  • CVE-2019-19468HigNov 30, 2019
    risk 0.51cvss 7.8epss 0.02

    Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 corrupt entry.

  • CVE-2013-7484HigNov 30, 2019
    risk 0.49cvss 7.5epss 0.01

    Zabbix before 5.0 represents passwords in the users table with unsalted MD5.

  • CVE-2019-19396HigNov 29, 2019
    risk 0.49cvss 7.5epss 0.01

    illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences.

  • CVE-2019-5268HigNov 29, 2019
    risk 0.53cvss 8.1epss 0.00

    Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories.

  • CVE-2015-3406HigNov 29, 2019
    risk 0.42cvss 7.5epss 0.02

    The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.