VYPR

CVEs

101,975 total · page 1574 of 2,040

  • CVE-2019-14927HigOct 28, 2019
    risk 0.55cvss 7.5epss 0.42

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such…

  • CVE-2019-16663HigOct 28, 2019
    risk 0.64cvss 8.8epss 0.85

    An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.

  • CVE-2019-5508HigOct 25, 2019
    risk 0.49cvss 7.5epss 0.01

    Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS).

  • CVE-2019-17145HigOct 25, 2019
    risk 0.58cvss 8.8epss 0.05

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-17144HigOct 25, 2019
    risk 0.58cvss 8.8epss 0.05

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-17142HigOct 25, 2019
    risk 0.58cvss 8.8epss 0.06

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-17141HigOct 25, 2019
    risk 0.58cvss 8.8epss 0.05

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-17140HigOct 25, 2019
    risk 0.58cvss 8.8epss 0.05

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-17139HigOct 25, 2019
    risk 0.58cvss 8.8epss 0.06

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-5123HigOct 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php.

  • CVE-2019-5122HigOct 25, 2019
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php.

  • CVE-2019-5121HigOct 25, 2019
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php

  • CVE-2019-5120HigOct 25, 2019
    risk 0.57cvss 8.8epss 0.01

    An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially…

  • CVE-2019-5119HigOct 25, 2019
    risk 0.57cvss 8.8epss 0.01

    An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially…

  • CVE-2019-5117HigOct 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability,…

  • CVE-2019-5116HigOct 25, 2019
    risk 0.57cvss 8.8epss 0.01

    An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially…

  • CVE-2019-13549HigOct 25, 2019
    risk 0.49cvss 7.5epss 0.01

    Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning…

  • CVE-2019-4399HigOct 25, 2019
    risk 0.49cvss 7.5epss 0.01

    IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260.

  • CVE-2019-4036HigOct 25, 2019
    risk 0.49cvss 7.5epss 0.01

    IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.

  • CVE-2013-4848HigOct 25, 2019
    risk 0.57cvss 8.8epss 0.01

    TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities.

  • CVE-2019-8087HigOct 25, 2019
    risk 0.49cvss 7.5epss 0.04

    Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-8086HigOct 25, 2019
    risk 0.51cvss 7.5epss 0.24

    Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2013-4855HigOct 25, 2019
    risk 0.57cvss 8.8epss 0.02

    D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.

  • CVE-2019-8082HigOct 25, 2019
    risk 0.49cvss 7.5epss 0.03

    Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-8081HigOct 25, 2019
    risk 0.49cvss 7.5epss 0.03

    Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-17596HigOct 24, 2019
    risk 0.42cvss 7.5epss 0.05

    Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

  • CVE-2019-18417HigOct 24, 2019
    risk 0.57cvss 8.8epss 0.02

    Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.

  • CVE-2019-18414HigOct 24, 2019
    risk 0.57cvss 8.8epss 0.00

    Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a…

  • CVE-2019-12095HigOct 24, 2019
    risk 0.57cvss 8.8epss 0.01

    Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.

  • CVE-2019-5013HigOct 24, 2019
    risk 0.51cvss 7.8epss 0.01

    An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access…

  • CVE-2019-5012HigOct 24, 2019
    risk 0.51cvss 7.8epss 0.01

    An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this…

  • CVE-2019-11021HigOct 24, 2019
    risk 0.47cvss 7.2epss 0.02

    admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: "While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's…

  • CVE-2019-18201HigOct 24, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on sensitive data such as passwords.

  • CVE-2019-6692HigOct 24, 2019
    risk 0.51cvss 7.8epss 0.01

    A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL.

  • CVE-2019-18409HigOct 24, 2019
    risk 0.51cvss 7.8epss 0.00

    The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the…

  • CVE-2019-18408HigOct 24, 2019
    risk 0.42cvss 7.5epss 0.04

    archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.

  • CVE-2019-15703HigOct 24, 2019
    risk 0.49cvss 7.5epss 0.01

    An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA…

  • CVE-2019-18213HigOct 23, 2019
    risk 0.50cvss 8.8epss 0.02

    XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM…

  • CVE-2019-8238HigOct 23, 2019
    risk 0.49cvss 7.5epss 0.05

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a Path Traversal…

  • CVE-2019-18385HigOct 23, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.

  • CVE-2019-18383HigOct 23, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.

  • CVE-2019-18382HigOct 23, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open.

  • CVE-2019-18371HigOct 23, 2019
    risk 0.53cvss 7.5epss 0.56

    An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability,…

  • CVE-2014-2304HigOct 23, 2019
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed…

  • CVE-2002-2439HigOct 23, 2019
    risk 0.51cvss 7.8epss 0.01

    Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.

  • CVE-2019-17093HigOct 23, 2019
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense…

  • CVE-2013-7333HigOct 23, 2019
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access…

  • CVE-2019-11283HigOct 23, 2019
    risk 0.57cvss 8.8epss 0.01

    Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of…

  • CVE-2019-18280HigOct 23, 2019
    risk 0.57cvss 8.8epss 0.00

    Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User…

  • CVE-2019-18278HigOct 23, 2019
    risk 0.51cvss 7.8epss 0.00

    When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no…