VYPR

CVEs

11,223 total · page 193 of 225

  • CVE-2015-7272CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.03

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.

  • CVE-2015-7271CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.03

    Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.

  • CVE-2015-7264CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.01

    The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.

  • CVE-2015-2888CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.02

    Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.

  • CVE-2015-2887CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.01

    iBaby M3S has a password of admin for the backdoor admin account.

  • CVE-2015-2885CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.01

    Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.

  • CVE-2015-2882CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.02

    Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448…

  • CVE-2015-2881CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.02

    Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.

  • CVE-2017-7614CriApr 9, 2017
    risk 0.64cvss 9.8epss 0.04

    elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have…

  • CVE-2017-0561CriApr 7, 2017
    risk 0.69cvss 9.8epss 0.30

    A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC.…

  • CVE-2007-6760CriApr 7, 2017
    risk 0.64cvss 9.8epss 0.02

    Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.

  • CVE-2007-6759CriApr 7, 2017
    risk 0.64cvss 9.8epss 0.02

    Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.

  • CVE-2017-7581CriApr 7, 2017
    risk 0.71cvss 9.8epss 0.48

    SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.

  • CVE-2017-7577CriApr 7, 2017
    risk 0.66cvss 9.8epss 0.29

    XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.

  • CVE-2017-7576CriApr 6, 2017
    risk 0.64cvss 9.8epss 0.01

    DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET.…

  • CVE-2017-7575CriApr 6, 2017
    risk 0.64cvss 9.8epss 0.04

    Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded,…

  • CVE-2017-7574CriApr 6, 2017
    risk 0.64cvss 9.8epss 0.01

    Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a…

  • CVE-2016-8735CriKEVApr 6, 2017
    risk 0.76cvss 9.8epss 0.90

    Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated…

  • CVE-2016-6809CriApr 6, 2017
    risk 0.57cvss 9.8epss 0.08

    Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

  • CVE-2015-8965CriApr 6, 2017
    risk 0.64cvss 9.8epss 0.03

    Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in…

  • CVE-2017-3834CriApr 6, 2017
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default…

  • CVE-2017-7237CriApr 6, 2017
    risk 0.67cvss 9.8epss 0.07

    The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a…

  • CVE-2017-0305CriApr 6, 2017
    risk 0.64cvss 9.8epss 0.04

    F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the…

  • CVE-2017-7450CriApr 5, 2017
    risk 0.64cvss 9.8epss 0.01

    AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time.

  • CVE-2016-10229CriApr 4, 2017
    risk 0.58cvss 9.8epss 0.13

    udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

  • CVE-2017-7410CriApr 3, 2017
    risk 0.64cvss 9.8epss 0.03

    Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.

  • CVE-2017-7402CriApr 3, 2017
    risk 0.67cvss 9.8epss 0.05

    Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.

  • CVE-2017-5642CriApr 3, 2017
    risk 0.64cvss 9.8epss 0.02

    During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.

  • CVE-2014-3928CriApr 3, 2017
    risk 0.64cvss 9.8epss 0.02

    Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials.

  • CVE-2014-3927CriApr 3, 2017
    risk 0.64cvss 9.8epss 0.04

    mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code.

  • CVE-2017-5949CriApr 3, 2017
    risk 0.64cvss 9.8epss 0.02

    JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers…

  • CVE-2016-10312CriApr 3, 2017
    risk 0.64cvss 9.8epss 0.03

    Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages.

  • CVE-2014-9693CriApr 2, 2017
    risk 0.64cvss 9.8epss 0.01

    Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2…

  • CVE-2017-2477CriApr 2, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

  • CVE-2017-2434CriApr 2, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center.

  • CVE-2017-2428CriApr 2, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2…

  • CVE-2017-2423CriApr 2, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a…

  • CVE-2017-2402CriApr 2, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions…

  • CVE-2016-6111CriMar 31, 2017
    risk 0.59cvss 9.1epss 0.02

    IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all…

  • CVE-2017-3010CriMar 31, 2017
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution.

  • CVE-2014-5009CriMar 31, 2017
    risk 0.57cvss 9.8epss 0.05

    Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.

  • CVE-2014-5008CriMar 31, 2017
    risk 0.64cvss 9.8epss 0.04

    Snoopy allows remote attackers to execute arbitrary commands.

  • CVE-2014-3931CriKEVMar 31, 2017
    risk 0.78cvss 9.8epss 0.27

    fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.

  • CVE-2008-7313CriMar 31, 2017
    risk 0.64cvss 9.8epss 0.05

    The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.

  • CVE-2017-6182CriMar 30, 2017
    risk 0.68cvss 9.8epss 0.17

    In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.

  • CVE-2014-9826CriMar 30, 2017
    risk 0.64cvss 9.8epss 0.04

    ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.

  • CVE-2017-7324CriMar 30, 2017
    risk 0.64cvss 9.8epss 0.02

    setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.

  • CVE-2017-7321CriMar 30, 2017
    risk 0.64cvss 9.8epss 0.02

    setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.

  • CVE-2017-7318CriMar 30, 2017
    risk 0.64cvss 9.8epss 0.04

    Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.

  • CVE-2016-10309CriMar 30, 2017
    risk 0.64cvss 9.8epss 0.02

    In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser.