| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8775 | Cri | 0.64 | 9.8 | 0.01 | May 4, 2017 | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. | ||
| CVE-2017-8774 | Cri | 0.64 | 9.8 | 0.01 | May 4, 2017 | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. | ||
| CVE-2017-8773 | Cri | 0.64 | 9.8 | 0.02 | May 4, 2017 | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This… | ||
| CVE-2017-7229 | Cri | 0.59 | 9.1 | 0.01 | May 3, 2017 | PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this… | ||
| CVE-2017-7432 | Cri | 0.64 | 9.8 | 0.02 | May 3, 2017 | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. | ||
| CVE-2017-7476 | Cri | 0.64 | 9.8 | 0.04 | May 2, 2017 | Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. | ||
| CVE-2017-6551 | Cri | 0.64 | 9.8 | 0.04 | May 2, 2017 | Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes. | ||
| CVE-2017-5689 | Cri | 0.86 | 9.8 | 0.92 | KEV | May 2, 2017 | An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged… | |
| CVE-2016-5006 | Cri | 0.64 | 9.8 | 0.01 | May 2, 2017 | The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors. | ||
| CVE-2016-10243 | Cri | 0.64 | 9.8 | 0.07 | May 2, 2017 | TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | ||
| CVE-2017-8399 | Cri | 0.64 | 9.8 | 0.03 | May 1, 2017 | PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." | ||
| CVE-2016-8649 | Cri | 0.59 | 9.1 | 0.03 | May 1, 2017 | lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls. | ||
| CVE-2017-8378 | Cri | 0.64 | 9.8 | 0.02 | May 1, 2017 | Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size. | ||
| CVE-2017-6520 | Cri | 0.59 | 9.1 | 0.02 | May 1, 2017 | The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive… | ||
| CVE-2017-6519 | Cri | 0.59 | 9.1 | 0.03 | May 1, 2017 | avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially… | ||
| CVE-2017-8366 | Cri | 0.64 | 9.8 | 0.02 | Apr 30, 2017 | The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilter. | ||
| CVE-2017-8359 | Cri | 0.64 | 9.8 | 0.02 | Apr 30, 2017 | Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. | ||
| CVE-2017-8358 | Cri | 0.64 | 9.8 | 0.02 | Apr 30, 2017 | LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. | ||
| CVE-2017-6553 | Cri | 0.70 | 9.8 | 0.42 | Apr 29, 2017 | Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon. | ||
| CVE-2017-7945 | Cri | 0.64 | 9.8 | 0.02 | Apr 29, 2017 | The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to… | ||
| CVE-2016-8584 | Cri | 0.64 | 9.8 | 0.06 | Apr 28, 2017 | Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. | ||
| CVE-2017-2142 | Cri | 0.64 | 9.8 | 0.03 | Apr 28, 2017 | Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2017-2096 | Cri | 0.64 | 9.8 | 0.06 | Apr 28, 2017 | smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2017-7895 | Cri | 0.65 | 9.8 | 0.11 | Apr 28, 2017 | The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to… | ||
| CVE-2017-8305 | Cri | 0.64 | 9.8 | 0.01 | Apr 27, 2017 | The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer overflow. UDFclient's strlcpy is used only on systems with a C library (e.g., glibc) that lacks its own strlcpy. | ||
| CVE-2017-8307 | Cri | 0.64 | 9.8 | 0.02 | Apr 27, 2017 | In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is… | ||
| CVE-2017-8297 | Cri | 0.64 | 9.8 | 0.03 | Apr 27, 2017 | A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). | ||
| CVE-2017-5135 | Cri | 0.64 | 9.1 | 0.17 | Apr 27, 2017 | Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the… | ||
| CVE-2017-3066 | Cri | 0.86 | 9.8 | 0.91 | KEV | Apr 27, 2017 | Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution. | |
| CVE-2017-8289 | Cri | 0.64 | 9.8 | 0.02 | Apr 27, 2017 | Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attackers, to cause a denial of service or possibly have unspecified other impact via… | ||
| CVE-2017-8287 | Cri | 0.64 | 9.8 | 0.03 | Apr 27, 2017 | FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. | ||
| CVE-2017-8283 | Cri | 0.64 | 9.8 | 0.05 | Apr 26, 2017 | dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by… | ||
| CVE-2017-8225 | Cri | 0.68 | 9.8 | 0.18 | Apr 25, 2017 | On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI. | ||
| CVE-2017-8224 | Cri | 0.67 | 9.8 | 0.09 | Apr 25, 2017 | Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET. | ||
| CVE-2017-8220 | Cri | 0.67 | 9.9 | 0.36 | Apr 25, 2017 | TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data. | ||
| CVE-2017-8218 | Cri | 0.64 | 9.8 | 0.02 | Apr 25, 2017 | vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password. | ||
| CVE-2017-8110 | Cri | 0.65 | 10.0 | 0.01 | Apr 25, 2017 | www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php. | ||
| CVE-2017-3623 | Cri | 0.70 | 10.0 | 0.22 | Apr 24, 2017 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise… | ||
| CVE-2017-3553 | Cri | 0.65 | 9.9 | 0.02 | Apr 24, 2017 | Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). The supported version that is affected is 11.1.2.3.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise… | ||
| CVE-2017-3549 | Cri | 0.63 | 9.1 | 0.16 | Apr 24, 2017 | Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated… | ||
| CVE-2017-3510 | Cri | 0.63 | 9.6 | 0.02 | Apr 24, 2017 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple… | ||
| CVE-2017-3508 | Cri | 0.59 | 9.1 | 0.02 | Apr 24, 2017 | Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged… | ||
| CVE-2017-3503 | Cri | 0.65 | 9.9 | 0.02 | Apr 24, 2017 | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable"… | ||
| CVE-2017-3234 | Cri | 0.64 | 9.8 | 0.02 | Apr 24, 2017 | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via SFT to… | ||
| CVE-2016-6903 | Cri | 0.65 | 9.9 | 0.05 | Apr 24, 2017 | lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | ||
| CVE-2016-6902 | Cri | 0.65 | 9.9 | 0.05 | Apr 24, 2017 | lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | ||
| CVE-2011-3428 | Cri | 0.64 | 9.8 | 0.02 | Apr 24, 2017 | Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code. | ||
| CVE-2017-8105 | Cri | 0.64 | 9.8 | 0.04 | Apr 24, 2017 | FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. | ||
| CVE-2015-7568 | Cri | 0.67 | 9.8 | 0.04 | Apr 24, 2017 | SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. | ||
| CVE-2015-7247 | Cri | 0.68 | 9.8 | 0.10 | Apr 24, 2017 | D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. |
- risk 0.64cvss 9.8epss 0.01
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.
- risk 0.64cvss 9.8epss 0.01
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.
- risk 0.64cvss 9.8epss 0.02
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This…
- risk 0.59cvss 9.1epss 0.01
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this…
- risk 0.64cvss 9.8epss 0.02
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.
- risk 0.64cvss 9.8epss 0.04
Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c.
- risk 0.64cvss 9.8epss 0.04
Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.
- risk 0.86cvss 9.8epss 0.92
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged…
- risk 0.64cvss 9.8epss 0.01
The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors.
- risk 0.64cvss 9.8epss 0.07
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
- risk 0.64cvss 9.8epss 0.03
PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."
- risk 0.59cvss 9.1epss 0.03
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
- risk 0.64cvss 9.8epss 0.02
Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.
- risk 0.59cvss 9.1epss 0.02
The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive…
- risk 0.59cvss 9.1epss 0.03
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially…
- risk 0.64cvss 9.8epss 0.02
The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilter.
- risk 0.64cvss 9.8epss 0.02
Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.
- risk 0.64cvss 9.8epss 0.02
LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx.
- risk 0.70cvss 9.8epss 0.42
Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon.
- risk 0.64cvss 9.8epss 0.02
The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to…
- risk 0.64cvss 9.8epss 0.06
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.
- risk 0.64cvss 9.8epss 0.03
Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.06
smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.65cvss 9.8epss 0.11
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to…
- risk 0.64cvss 9.8epss 0.01
The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer overflow. UDFclient's strlcpy is used only on systems with a C library (e.g., glibc) that lacks its own strlcpy.
- risk 0.64cvss 9.8epss 0.02
In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is…
- risk 0.64cvss 9.8epss 0.03
A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component).
- risk 0.64cvss 9.1epss 0.17
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the…
- risk 0.86cvss 9.8epss 0.91
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attackers, to cause a denial of service or possibly have unspecified other impact via…
- risk 0.64cvss 9.8epss 0.03
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
- risk 0.64cvss 9.8epss 0.05
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by…
- risk 0.68cvss 9.8epss 0.18
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.
- risk 0.67cvss 9.8epss 0.09
Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.
- risk 0.67cvss 9.9epss 0.36
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.
- risk 0.64cvss 9.8epss 0.02
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.
- risk 0.65cvss 10.0epss 0.01
www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.
- risk 0.70cvss 10.0epss 0.22
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise…
- risk 0.65cvss 9.9epss 0.02
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). The supported version that is affected is 11.1.2.3.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise…
- risk 0.63cvss 9.1epss 0.16
Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated…
- risk 0.63cvss 9.6epss 0.02
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple…
- risk 0.59cvss 9.1epss 0.02
Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged…
- risk 0.65cvss 9.9epss 0.02
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable"…
- risk 0.64cvss 9.8epss 0.02
Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via SFT to…
- risk 0.65cvss 9.9epss 0.05
lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.
- risk 0.65cvss 9.9epss 0.05
lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.
- risk 0.64cvss 9.8epss 0.02
Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.04
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.
- risk 0.67cvss 9.8epss 0.04
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
- risk 0.68cvss 9.8epss 0.10
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.