VYPR

CVEs

11,223 total · page 185 of 225

  • CVE-2017-4997CriJun 29, 2017
    risk 0.64cvss 9.8epss 0.04

    EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.

  • CVE-2017-10672CriJun 29, 2017
    risk 0.64cvss 9.8epss 0.08

    Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

  • CVE-2016-0959CriJun 27, 2017
    risk 0.64cvss 9.8epss 0.05

    Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before…

  • CVE-2015-1778CriJun 27, 2017
    risk 0.64cvss 9.8epss 0.03

    The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.

  • CVE-2017-9830CriJun 27, 2017
    risk 0.64cvss 9.8epss 0.06

    Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.

  • CVE-2017-9841CriKEVJun 27, 2017
    risk 0.80cvss 9.8epss 1.00

    Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the…

  • CVE-2017-6326CriJun 26, 2017
    risk 0.74cvss 10.0epss 0.73

    The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.

  • CVE-2017-9615CriJun 26, 2017
    risk 0.64cvss 9.8epss 0.01

    Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.

  • CVE-2017-9466CriJun 26, 2017
    risk 0.64cvss 9.8epss 0.00

    The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the…

  • CVE-2017-9848CriJun 24, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element.

  • CVE-2017-9828CriJun 23, 2017
    risk 0.70cvss 9.8epss 0.82

    '/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK…

  • CVE-2017-9772CriJun 23, 2017
    risk 0.64cvss 9.8epss 0.04

    Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.

  • CVE-2017-2781CriJun 22, 2017
    risk 0.64cvss 9.8epss 0.02

    An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this…

  • CVE-2017-2780CriJun 22, 2017
    risk 0.64cvss 9.8epss 0.02

    An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this…

  • CVE-2015-9098CriJun 22, 2017
    risk 0.68cvss 9.8epss 0.14

    In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these…

  • CVE-2017-9424CriJun 22, 2017
    risk 0.64cvss 9.8epss 0.03

    IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization.

  • CVE-2012-6706CriJun 22, 2017
    risk 0.65cvss 9.8epss 0.10

    A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a…

  • CVE-2017-9807CriJun 22, 2017
    risk 0.64cvss 9.8epss 0.05

    An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute…

  • CVE-2017-4990CriJun 21, 2017
    risk 0.64cvss 9.8epss 0.03

    In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute…

  • CVE-2017-4989CriJun 21, 2017
    risk 0.64cvss 9.8epss 0.03

    In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view…

  • CVE-2017-6050CriJun 21, 2017
    risk 0.64cvss 9.8epss 0.04

    A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.

  • CVE-2016-8731CriJun 21, 2017
    risk 0.64cvss 9.8epss 0.03

    Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device.

  • CVE-2017-2805CriJun 21, 2017
    risk 0.66cvss 9.8epss 0.26

    An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data on the stack frame. An…

  • CVE-2017-9771CriJun 21, 2017
    risk 0.64cvss 9.8epss 0.01

    install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.

  • CVE-2017-3098CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.07

    Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.

  • CVE-2017-3097CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.07

    Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3096CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.06

    Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character code mapping module. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3095CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.06

    Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing engine. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3094CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.06

    Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF processing engine. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3093CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.06

    Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the bitmap representation module. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3092CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.09

    Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of editor control library functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3090CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.09

    Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of browser related library extensions in the installer plugin. A successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3089CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.06

    Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF imaging model. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3088CriJun 20, 2017
    risk 0.65cvss 10.0epss 0.06

    Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime engine. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3086CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.07

    Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3084CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.09

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3083CriJun 20, 2017
    risk 0.65cvss 9.8epss 0.14

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3082CriJun 20, 2017
    risk 0.65cvss 9.8epss 0.12

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the LocaleID class. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3081CriJun 20, 2017
    risk 0.65cvss 9.8epss 0.14

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3079CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.07

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3078CriJun 20, 2017
    risk 0.69cvss 9.8epss 0.31

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3077CriJun 20, 2017
    risk 0.68cvss 9.8epss 0.22

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3076CriJun 20, 2017
    risk 0.69cvss 9.8epss 0.25

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3075CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.09

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-7679CriJun 20, 2017
    risk 0.67cvss 9.8epss 0.39

    In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

  • CVE-2017-3169CriJun 20, 2017
    risk 0.65cvss 9.8epss 0.20

    In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

  • CVE-2017-3167CriJun 20, 2017
    risk 0.65cvss 9.8epss 0.20

    In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

  • CVE-2017-3216CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.05

    WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a…

  • CVE-2017-1000378CriJun 19, 2017
    risk 0.64cvss 9.8epss 0.04

    The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack…

  • CVE-2017-1000375CriJun 19, 2017
    risk 0.68cvss 9.8epss 0.19

    NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.