| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2262 | Hig | 0.49 | 7.5 | 0.02 | Nov 4, 2019 | Cryptocat strophe.js before 2.0.22 has information disclosure | ||
| CVE-2013-2261 | Hig | 0.53 | 7.5 | 0.12 | Nov 4, 2019 | Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure | ||
| CVE-2019-18680 | Hig | 0.42 | 7.5 | 0.04 | Nov 4, 2019 | An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0. | ||
| CVE-2019-0350 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 2019 | SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service | ||
| CVE-2018-19031 | Hig | 0.57 | 8.8 | 0.02 | Nov 4, 2019 | A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897. | ||
| CVE-2013-4100 | Hig | 0.49 | 7.5 | 0.02 | Nov 4, 2019 | Cryptocat before 2.0.22 has Remote Denial of Service via username | ||
| CVE-2013-4412 | Hig | 0.49 | 7.5 | 0.03 | Nov 4, 2019 | slim has NULL pointer dereference when using crypt() method from glibc 2.17 | ||
| CVE-2019-18665 | Hig | 0.50 | 7.5 | 0.15 | Nov 2, 2019 | The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion. | ||
| CVE-2019-18661 | Hig | 0.49 | 7.5 | 0.02 | Nov 2, 2019 | Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console. | ||
| CVE-2005-2352 | Hig | 0.53 | 8.1 | 0.01 | Nov 1, 2019 | I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. | ||
| CVE-2013-0165 | Hig | 0.48 | 7.3 | 0.01 | Nov 1, 2019 | cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. | ||
| CVE-2013-4367 | Hig | 0.44 | 7.8 | 0.00 | Nov 1, 2019 | ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. | ||
| CVE-2013-2227 | Hig | 0.53 | 7.5 | 0.13 | Nov 1, 2019 | GLPI 0.83.7 has Local File Inclusion in common.tabs.php. | ||
| CVE-2019-15588 | Hig | 0.47 | 7.2 | 0.06 | Nov 1, 2019 | There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability. | ||
| CVE-2012-2979 | Hig | 0.49 | 7.5 | 0.02 | Nov 1, 2019 | FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. | ||
| CVE-2013-4751 | — | Hig | 0.53 | 8.1 | 0.01 | Nov 1, 2019 | php-symfony2-Validator has loss of information during serialization | |
| CVE-2013-2600 | Hig | 0.49 | 7.5 | 0.02 | Nov 1, 2019 | MiniUPnPd has information disclosure use of snprintf() | ||
| CVE-2019-18230 | Hig | 0.49 | 7.5 | 0.01 | Oct 31, 2019 | Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. | ||
| CVE-2019-18228 | Hig | 0.49 | 7.5 | 0.02 | Oct 31, 2019 | Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service. | ||
| CVE-2019-18227 | Hig | 0.49 | 7.5 | 0.03 | Oct 31, 2019 | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data. | ||
| CVE-2019-16906 | Hig | 0.49 | 7.5 | 0.02 | Oct 31, 2019 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These… | ||
| CVE-2019-16675 | Hig | 0.51 | 7.8 | 0.03 | Oct 31, 2019 | An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original… | ||
| CVE-2019-5043 | Hig | 0.49 | 7.5 | 0.01 | Oct 31, 2019 | An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this… | ||
| CVE-2019-5030 | Hig | 0.57 | 8.8 | 0.03 | Oct 31, 2019 | A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the… | ||
| CVE-2019-5010 | Hig | 0.50 | 7.5 | 0.21 | Oct 31, 2019 | An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS… | ||
| CVE-2018-4064 | Hig | 0.47 | 7.1 | 0.16 | Oct 31, 2019 | An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user… | ||
| CVE-2018-4002 | Hig | 0.49 | 7.5 | 0.02 | Oct 31, 2019 | An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually… | ||
| CVE-2018-3983 | Hig | 0.51 | 7.8 | 0.01 | Oct 31, 2019 | An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the… | ||
| CVE-2013-2075 | Hig | 0.57 | 8.8 | 0.02 | Oct 31, 2019 | Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of… | ||
| CVE-2012-6122 | Hig | 0.49 | 7.5 | 0.02 | Oct 31, 2019 | Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. | ||
| CVE-2019-5150 | Hig | 0.58 | 8.9 | 0.02 | Oct 31, 2019 | An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion,… | ||
| CVE-2019-18396 | Hig | 0.51 | 7.2 | 0.16 | Oct 31, 2019 | An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to… | ||
| CVE-2019-15710 | Hig | 0.47 | 7.2 | 0.02 | Oct 31, 2019 | An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands. | ||
| CVE-2013-2024 | Hig | 0.58 | 8.8 | 0.05 | Oct 31, 2019 | OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. | ||
| CVE-2013-2012 | Hig | 0.40 | 7.3 | 0.00 | Oct 31, 2019 | autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. | ||
| CVE-2019-12612 | Hig | 0.51 | 7.8 | 0.00 | Oct 31, 2019 | An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and… | ||
| CVE-2019-3421 | Hig | 0.52 | 8.0 | 0.01 | Oct 31, 2019 | The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system. | ||
| CVE-2019-18368 | Hig | 0.48 | 7.3 | 0.01 | Oct 31, 2019 | In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. | ||
| CVE-2019-18423 | Hig | 0.57 | 8.8 | 0.02 | Oct 31, 2019 | An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame.… | ||
| CVE-2019-18422 | Hig | 0.57 | 8.8 | 0.02 | Oct 31, 2019 | An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system… | ||
| CVE-2019-18421 | Hig | 0.49 | 7.5 | 0.02 | Oct 31, 2019 | An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for… | ||
| CVE-2010-0747 | Hig | 0.51 | 7.8 | 0.00 | Oct 30, 2019 | drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. | ||
| CVE-2010-0737 | Hig | 0.52 | 8.0 | 0.01 | Oct 30, 2019 | A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. | ||
| CVE-2019-18635 | Hig | 0.42 | 7.5 | 0.02 | Oct 30, 2019 | An issue was discovered in Mooltipass Moolticute through v0.42.1 and v0.42.x-testing through v0.42.5-testing. There is a NULL pointer dereference in MPDevice_win.cpp. | ||
| CVE-2019-17323 | Hig | 0.57 | 8.8 | 0.02 | Oct 30, 2019 | ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | ||
| CVE-2013-1391 | Hig | 0.58 | 7.5 | 0.76 | Oct 30, 2019 | Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration. | ||
| CVE-2019-18206 | Hig | 0.57 | 8.8 | 0.00 | Oct 30, 2019 | A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload. | ||
| CVE-2019-18204 | Hig | 0.57 | 8.8 | 0.02 | Oct 30, 2019 | Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution. | ||
| CVE-2018-16417 | Hig | 0.49 | 7.5 | 0.03 | Oct 30, 2019 | Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. | ||
| CVE-2019-15682 | Hig | 0.49 | 7.5 | 0.01 | Oct 30, 2019 | RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5 |
- risk 0.49cvss 7.5epss 0.02
Cryptocat strophe.js before 2.0.22 has information disclosure
- risk 0.53cvss 7.5epss 0.12
Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure
- risk 0.42cvss 7.5epss 0.04
An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.
- risk 0.49cvss 7.5epss 0.01
SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service
- risk 0.57cvss 8.8epss 0.02
A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897.
- risk 0.49cvss 7.5epss 0.02
Cryptocat before 2.0.22 has Remote Denial of Service via username
- risk 0.49cvss 7.5epss 0.03
slim has NULL pointer dereference when using crypt() method from glibc 2.17
- risk 0.50cvss 7.5epss 0.15
The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.
- risk 0.49cvss 7.5epss 0.02
Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console.
- risk 0.53cvss 8.1epss 0.01
I race condition in Temp files was found in gs-gpl before 8.56 addons scripts.
- risk 0.48cvss 7.3epss 0.01
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
- risk 0.44cvss 7.8epss 0.00
ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.
- risk 0.53cvss 7.5epss 0.13
GLPI 0.83.7 has Local File Inclusion in common.tabs.php.
- risk 0.47cvss 7.2epss 0.06
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.
- risk 0.49cvss 7.5epss 0.02
FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server.
- risk 0.53cvss 8.1epss 0.01
php-symfony2-Validator has loss of information during serialization
- risk 0.49cvss 7.5epss 0.02
MiniUPnPd has information disclosure use of snprintf()
- risk 0.49cvss 7.5epss 0.01
Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP.
- risk 0.49cvss 7.5epss 0.02
Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service.
- risk 0.49cvss 7.5epss 0.03
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These…
- risk 0.51cvss 7.8epss 0.03
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original…
- risk 0.49cvss 7.5epss 0.01
An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this…
- risk 0.57cvss 8.8epss 0.03
A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the…
- risk 0.50cvss 7.5epss 0.21
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS…
- risk 0.47cvss 7.1epss 0.16
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user…
- risk 0.49cvss 7.5epss 0.02
An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually…
- risk 0.51cvss 7.8epss 0.01
An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the…
- risk 0.57cvss 8.8epss 0.02
Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of…
- risk 0.49cvss 7.5epss 0.02
Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.
- risk 0.58cvss 8.9epss 0.02
An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion,…
- risk 0.51cvss 7.2epss 0.16
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to…
- risk 0.47cvss 7.2epss 0.02
An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands.
- risk 0.58cvss 8.8epss 0.05
OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.
- risk 0.40cvss 7.3epss 0.00
autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and…
- risk 0.52cvss 8.0epss 0.01
The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system.
- risk 0.48cvss 7.3epss 0.01
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame.…
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system…
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for…
- risk 0.51cvss 7.8epss 0.00
drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725.
- risk 0.52cvss 8.0epss 0.01
A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user.
- risk 0.42cvss 7.5epss 0.02
An issue was discovered in Mooltipass Moolticute through v0.42.1 and v0.42.x-testing through v0.42.5-testing. There is a NULL pointer dereference in MPDevice_win.cpp.
- risk 0.57cvss 8.8epss 0.02
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
- risk 0.58cvss 7.5epss 0.76
Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.
- risk 0.57cvss 8.8epss 0.00
A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.
- risk 0.57cvss 8.8epss 0.02
Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.
- risk 0.49cvss 7.5epss 0.03
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.
- risk 0.49cvss 7.5epss 0.01
RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5