VYPR

CVEs

101,963 total · page 1592 of 2,040

  • CVE-2019-16293HigSep 13, 2019
    risk 0.50cvss 8.8epss 0.02

    The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.

  • CVE-2019-13532HigSep 13, 2019
    risk 0.49cvss 7.5epss 0.03

    CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.

  • CVE-2019-10937HigSep 13, 2019
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device.…

  • CVE-2019-16288HigSep 13, 2019
    risk 0.49cvss 7.5epss 0.01

    On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash.

  • CVE-2019-12516HigSep 13, 2019
    risk 0.57cvss 8.8epss 0.02

    The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI.

  • CVE-2016-10951HigSep 13, 2019
    risk 0.47cvss 7.2epss 0.02

    The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.

  • CVE-2016-10950HigSep 13, 2019
    risk 0.57cvss 8.8epss 0.02

    The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.

  • CVE-2016-10949HigSep 13, 2019
    risk 0.57cvss 8.8epss 0.02

    The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.

  • CVE-2016-10948HigSep 13, 2019
    risk 0.53cvss 8.1epss 0.02

    The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.

  • CVE-2016-10947HigSep 13, 2019
    risk 0.47cvss 7.2epss 0.02

    The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.

  • CVE-2016-10946HigSep 13, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-d3 plugin before 2.4.1 for WordPress has CSRF.

  • CVE-2019-16277HigSep 13, 2019
    risk 0.51cvss 7.8epss 0.01

    PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c.

  • CVE-2017-18614HigSep 13, 2019
    risk 0.53cvss 8.1epss 0.02

    The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.

  • CVE-2016-10945HigSep 13, 2019
    risk 0.57cvss 8.8epss 0.01

    The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.

  • CVE-2016-10944HigSep 13, 2019
    risk 0.57cvss 8.8epss 0.01

    The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.

  • CVE-2016-10943HigSep 13, 2019
    risk 0.47cvss 7.2epss 0.02

    The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.

  • CVE-2016-10940HigSep 13, 2019
    risk 0.47cvss 7.2epss 0.06

    The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.

  • CVE-2016-10939HigSep 13, 2019
    risk 0.47cvss 7.2epss 0.02

    The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter.

  • CVE-2019-13534HigSep 12, 2019
    risk 0.47cvss 7.2epss 0.01

    Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by…

  • CVE-2019-13530HigSep 12, 2019
    risk 0.47cvss 7.2epss 0.01

    Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by…

  • CVE-2019-8076HigSep 12, 2019
    risk 0.51cvss 7.8epss 0.04

    Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

  • CVE-2019-11899HigSep 12, 2019
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator.

  • CVE-2019-11774HigSep 12, 2019
    risk 0.48cvss 7.4epss 0.01

    Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that…

  • CVE-2019-11773HigSep 12, 2019
    risk 0.51cvss 7.8epss 0.00

    Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.

  • CVE-2019-6007HigSep 12, 2019
    risk 0.57cvss 8.8epss 0.02

    Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors.

  • CVE-2019-5996HigSep 12, 2019
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2019-5993HigSep 12, 2019
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2019-5992HigSep 12, 2019
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2019-5991HigSep 12, 2019
    risk 0.49cvss 7.6epss 0.01

    SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2019-5986HigSep 12, 2019
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI…

  • CVE-2019-3638HigSep 12, 2019
    risk 0.53cvss 8.1epss 0.02

    Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to…

  • CVE-2019-10392HigSep 12, 2019
    risk 0.52cvss 8.8epss 0.26

    Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

  • CVE-2019-16250HigSep 11, 2019
    risk 0.49cvss 7.5epss 0.01

    includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence.

  • CVE-2019-5055HigSep 11, 2019
    risk 0.49cvss 7.5epss 0.02

    An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a…

  • CVE-2019-5054HigSep 11, 2019
    risk 0.49cvss 7.5epss 0.03

    An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null…

  • CVE-2019-1303HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID…

  • CVE-2019-1302HigSep 11, 2019
    risk 0.58cvss 8.8epss 0.05

    An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.

  • CVE-2019-1301HigSep 11, 2019
    risk 0.49cvss 7.5epss 0.05

    A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.

  • CVE-2019-1300HigSep 11, 2019
    risk 0.42cvss 7.5epss 0.09

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237,…

  • CVE-2019-1298HigSep 11, 2019
    risk 0.42cvss 7.5epss 0.09

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237,…

  • CVE-2019-1297HigKEVSep 11, 2019
    risk 0.71cvss 8.8epss 0.22

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

  • CVE-2019-1296HigSep 11, 2019
    risk 0.58cvss 8.8epss 0.08

    A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.

  • CVE-2019-1295HigSep 11, 2019
    risk 0.58cvss 8.8epss 0.08

    A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.

  • CVE-2019-1291HigSep 11, 2019
    risk 0.58cvss 8.8epss 0.12

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1290.

  • CVE-2019-1290HigSep 11, 2019
    risk 0.58cvss 8.8epss 0.12

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1291.

  • CVE-2019-1287HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege Vulnerability'.

  • CVE-2019-1285HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256.

  • CVE-2019-1284HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.

  • CVE-2019-1280HigSep 11, 2019
    risk 0.52cvss 7.8epss 0.19

    A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution…

  • CVE-2019-1278HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303.