| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10863 | Hig | 0.57 | 8.8 | 0.01 | Aug 8, 2019 | Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure. | ||
| CVE-2016-10862 | Hig | 0.57 | 8.8 | 0.01 | Aug 8, 2019 | Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page. | ||
| CVE-2015-9292 | Hig | 0.57 | 8.8 | 0.01 | Aug 8, 2019 | 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). | ||
| CVE-2019-14773 | Hig | 0.49 | 7.5 | 0.02 | Aug 8, 2019 | admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion. | ||
| CVE-2019-14681 | Hig | 0.57 | 8.8 | 0.01 | Aug 8, 2019 | The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF. | ||
| CVE-2019-14693 | Hig | 0.56 | 8.5 | 0.04 | Aug 8, 2019 | Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||
| CVE-2019-12959 | Hig | 0.57 | 8.8 | 0.03 | Aug 8, 2019 | Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. | ||
| CVE-2019-5238 | Hig | 0.51 | 7.8 | 0.01 | Aug 8, 2019 | Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information. | ||
| CVE-2019-5237 | Hig | 0.51 | 7.8 | 0.01 | Aug 8, 2019 | Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information. | ||
| CVE-2019-13176 | — | Hig | 0.49 | 7.5 | 0.02 | Aug 8, 2019 | An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP,… | |
| CVE-2019-1958 | Hig | 0.57 | 8.8 | 0.01 | Aug 8, 2019 | A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI… | ||
| CVE-2019-1957 | Hig | 0.49 | 7.5 | 0.02 | Aug 8, 2019 | A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport… | ||
| CVE-2019-1955 | Hig | 0.49 | 7.5 | 0.01 | Aug 8, 2019 | A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input… | ||
| CVE-2019-1944 | Hig | 0.47 | 7.3 | 0.00 | Aug 7, 2019 | Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information… | ||
| CVE-2019-1934 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2019 | A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient… | ||
| CVE-2019-1929 | Hig | 0.51 | 7.8 | 0.01 | Aug 7, 2019 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly… | ||
| CVE-2019-1928 | Hig | 0.51 | 7.8 | 0.01 | Aug 7, 2019 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly… | ||
| CVE-2019-1927 | Hig | 0.51 | 7.8 | 0.01 | Aug 7, 2019 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly… | ||
| CVE-2019-1926 | Hig | 0.51 | 7.8 | 0.02 | Aug 7, 2019 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly… | ||
| CVE-2019-1924 | Hig | 0.51 | 7.8 | 0.01 | Aug 7, 2019 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly… | ||
| CVE-2019-1918 | Hig | 0.48 | 7.4 | 0.01 | Aug 7, 2019 | A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS)… | ||
| CVE-2019-1925 | Hig | 0.51 | 7.8 | 0.01 | Aug 7, 2019 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly… | ||
| CVE-2019-1910 | Hig | 0.48 | 7.4 | 0.00 | Aug 7, 2019 | A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service… | ||
| CVE-2019-14474 | Hig | 0.49 | 7.5 | 0.02 | Aug 7, 2019 | eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from CVE-2019-9583 or a valid… | ||
| CVE-2019-14749 | Hig | 0.61 | 8.8 | 0.10 | Aug 7, 2019 | An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields… | ||
| CVE-2019-10099 | — | Hig | 0.49 | 7.5 | 0.01 | Aug 7, 2019 | Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in… | |
| CVE-2019-14745 | Hig | 0.00 | 7.8 | 0.04 | Aug 7, 2019 | In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of… | ||
| CVE-2019-14744 | Hig | 0.51 | 7.8 | 0.04 | Aug 7, 2019 | In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon… | ||
| CVE-2019-14432 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2019 | Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application.… | ||
| CVE-2019-10386 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2019 | A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through… | ||
| CVE-2019-10381 | Hig | 0.49 | 7.5 | 0.01 | Aug 7, 2019 | Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | ||
| CVE-2019-10380 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2019 | Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | ||
| CVE-2019-10371 | Hig | 0.42 | 7.5 | 0.01 | Aug 7, 2019 | A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | ||
| CVE-2019-10368 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2019 | A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using… | ||
| CVE-2018-14383 | Hig | 0.49 | 7.5 | 0.01 | Aug 7, 2019 | The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7 | ||
| CVE-2016-5431 | — | Hig | 0.42 | 7.5 | 0.01 | Aug 7, 2019 | The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens. | |
| CVE-2018-20959 | Hig | 0.53 | 8.1 | 0.01 | Aug 7, 2019 | Jura E8 devices lack Bluetooth connection security. | ||
| CVE-2016-10812 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2019 | In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117). | ||
| CVE-2016-10811 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2019 | In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116). | ||
| CVE-2016-10810 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2019 | In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115). | ||
| CVE-2016-10809 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2019 | In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114). | ||
| CVE-2016-10808 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2019 | In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113). | ||
| CVE-2016-10805 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2019 | cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109). | ||
| CVE-2016-10804 | Hig | 0.53 | 8.1 | 0.01 | Aug 7, 2019 | The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58). | ||
| CVE-2016-10803 | Hig | 0.49 | 7.5 | 0.01 | Aug 7, 2019 | cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). | ||
| CVE-2016-10802 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2019 | cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142). | ||
| CVE-2016-10801 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2019 | cPanel before 58.0.4 has improper session handling for shared users (SEC-139). | ||
| CVE-2016-10800 | Hig | 0.51 | 7.8 | 0.01 | Aug 7, 2019 | cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138). | ||
| CVE-2019-1914 | Hig | 0.52 | 7.2 | 0.25 | Aug 7, 2019 | A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could… | ||
| CVE-2019-14734 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2019 | AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp. |
- risk 0.57cvss 8.8epss 0.01
Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure.
- risk 0.57cvss 8.8epss 0.01
Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page.
- risk 0.57cvss 8.8epss 0.01
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).
- risk 0.49cvss 7.5epss 0.02
admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.
- risk 0.57cvss 8.8epss 0.01
The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF.
- risk 0.56cvss 8.5epss 0.04
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
- risk 0.57cvss 8.8epss 0.03
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.
- risk 0.51cvss 7.8epss 0.01
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.
- risk 0.51cvss 7.8epss 0.01
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP,…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport…
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input…
- risk 0.47cvss 7.3epss 0.00
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient…
- risk 0.51cvss 7.8epss 0.01
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly…
- risk 0.51cvss 7.8epss 0.01
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly…
- risk 0.51cvss 7.8epss 0.01
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly…
- risk 0.51cvss 7.8epss 0.02
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly…
- risk 0.51cvss 7.8epss 0.01
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS)…
- risk 0.51cvss 7.8epss 0.01
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly…
- risk 0.48cvss 7.4epss 0.00
A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service…
- risk 0.49cvss 7.5epss 0.02
eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from CVE-2019-9583 or a valid…
- risk 0.61cvss 8.8epss 0.10
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields…
- risk 0.49cvss 7.5epss 0.01
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in…
- risk 0.00cvss 7.8epss 0.04
In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of…
- risk 0.51cvss 7.8epss 0.04
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon…
- risk 0.57cvss 8.8epss 0.02
Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application.…
- risk 0.57cvss 8.8epss 0.01
A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through…
- risk 0.49cvss 7.5epss 0.01
Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
- risk 0.57cvss 8.8epss 0.02
Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
- risk 0.42cvss 7.5epss 0.01
A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
- risk 0.57cvss 8.8epss 0.01
A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using…
- risk 0.49cvss 7.5epss 0.01
The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7
- risk 0.42cvss 7.5epss 0.01
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.
- risk 0.53cvss 8.1epss 0.01
Jura E8 devices lack Bluetooth connection security.
- risk 0.57cvss 8.8epss 0.01
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
- risk 0.57cvss 8.8epss 0.01
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
- risk 0.57cvss 8.8epss 0.01
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
- risk 0.57cvss 8.8epss 0.01
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
- risk 0.57cvss 8.8epss 0.01
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
- risk 0.57cvss 8.8epss 0.01
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).
- risk 0.53cvss 8.1epss 0.01
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).
- risk 0.49cvss 7.5epss 0.01
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).
- risk 0.57cvss 8.8epss 0.01
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
- risk 0.57cvss 8.8epss 0.01
cPanel before 58.0.4 has improper session handling for shared users (SEC-139).
- risk 0.51cvss 7.8epss 0.01
cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).
- risk 0.52cvss 7.2epss 0.25
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could…
- risk 0.57cvss 8.8epss 0.02
AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp.