VYPR

CVEs

31,781 total · page 422 of 636

  • CVE-2020-28994CriNov 24, 2020
    risk 0.64cvss 9.8epss 0.01

    A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.

  • CVE-2020-13942CriNov 24, 2020
    risk 0.69cvss 9.8epss 0.68

    It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to…

  • CVE-2020-7378CriNov 24, 2020
    risk 0.59cvss 9.1epss 0.03

    CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was…

  • CVE-2020-4001CriNov 24, 2020
    risk 0.64cvss 9.8epss 0.03

    The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.

  • CVE-2020-29006CriNov 24, 2020
    risk 0.64cvss 9.8epss 0.01

    MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.

  • CVE-2020-25475CriNov 24, 2020
    risk 0.64cvss 9.8epss 0.01

    SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.

  • CVE-2020-15929CriNov 24, 2020
    risk 0.64cvss 9.8epss 0.05

    In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.

  • CVE-2020-28991CriNov 24, 2020
    risk 0.00cvss 9.8epss 0.02

    Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.

  • CVE-2020-4006CriKEVNov 23, 2020
    risk 0.73cvss 9.1epss 0.24

    VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

  • CVE-2020-28984CriNov 23, 2020
    risk 0.64cvss 9.8epss 0.02

    prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.

  • CVE-2020-28360CriNov 23, 2020
    risk 0.57cvss 9.8epss 0.03

    Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack…

  • CVE-2020-28864CriNov 23, 2020
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.

  • CVE-2020-6939CriNov 23, 2020
    risk 0.64cvss 9.8epss 0.02

    Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau…

  • CVE-2020-4854CriNov 23, 2020
    risk 0.64cvss 9.8epss 0.02

    IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.

  • CVE-2020-25189CriNov 21, 2020
    risk 0.64cvss 9.8epss 0.03

    The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).

  • CVE-2020-28877CriNov 20, 2020
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.

  • CVE-2020-25839CriNov 20, 2020
    risk 0.64cvss 9.8epss 0.01

    NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1.

  • CVE-2020-7561CriNov 19, 2020
    risk 0.64cvss 9.8epss 0.03

    A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an…

  • CVE-2020-28212CriNov 19, 2020
    risk 0.64cvss 9.8epss 0.03

    A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.

  • CVE-2020-28951CriNov 19, 2020
    risk 0.64cvss 9.8epss 0.02

    libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.

  • CVE-2020-12495CriNov 19, 2020
    risk 0.59cvss 9.1epss 0.01

    Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write…

  • CVE-2020-11831CriNov 19, 2020
    risk 0.64cvss 9.8epss 0.01

    OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.

  • CVE-2020-11830CriNov 19, 2020
    risk 0.64cvss 9.8epss 0.01

    QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0.

  • CVE-2020-11829CriNov 19, 2020
    risk 0.64cvss 9.8epss 0.01

    Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.

  • CVE-2019-20933CriNov 19, 2020
    risk 0.59cvss 9.8epss 0.31

    InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

  • CVE-2020-3586CriNov 18, 2020
    risk 0.61cvss 9.4epss 0.02

    A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based…

  • CVE-2020-3531CriNov 18, 2020
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls.…

  • CVE-2020-3470CriNov 18, 2020
    risk 0.64cvss 9.8epss 0.05

    Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input.…

  • CVE-2020-28578CriNov 18, 2020
    risk 0.69cvss 9.8epss 0.72

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.

  • CVE-2020-26097CriNov 18, 2020
    risk 0.64cvss 9.8epss 0.02

    The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no…

  • CVE-2020-6016CriNov 18, 2020
    risk 0.00cvss 9.8epss 0.06

    Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption…

  • CVE-2020-28183CriNov 17, 2020
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.

  • CVE-2020-28130CriNov 17, 2020
    risk 0.64cvss 9.8epss 0.06

    An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).

  • CVE-2020-26553CriNov 17, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.

  • CVE-2020-28133CriNov 17, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.

  • CVE-2020-28140CriNov 17, 2020
    risk 0.64cvss 9.8epss 0.02

    SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.

  • CVE-2020-28138CriNov 17, 2020
    risk 0.64cvss 9.8epss 0.02

    SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.

  • CVE-2020-27555CriNov 17, 2020
    risk 0.64cvss 9.8epss 0.03

    Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user.

  • CVE-2020-27130CriNov 17, 2020
    risk 0.64cvss 9.1epss 0.66

    A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could…

  • CVE-2020-11851CriNov 17, 2020
    risk 0.64cvss 9.8epss 0.03

    Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.

  • CVE-2020-27486CriNov 16, 2020
    risk 0.64cvss 9.9epss 0.02

    Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the…

  • CVE-2020-27485CriNov 16, 2020
    risk 0.64cvss 9.9epss 0.02

    Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to…

  • CVE-2020-27484CriNov 16, 2020
    risk 0.64cvss 9.9epss 0.02

    Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to…

  • CVE-2020-27483CriNov 16, 2020
    risk 0.65cvss 9.9epss 0.02

    Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts…

  • CVE-2020-26510CriNov 16, 2020
    risk 0.64cvss 9.8epss 0.02

    Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.

  • CVE-2020-26508CriNov 16, 2020
    risk 0.64cvss 9.8epss 0.01

    The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.

  • CVE-2020-27422CriNov 16, 2020
    risk 0.67cvss 9.8epss 0.08

    In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.

  • CVE-2020-25952CriNov 16, 2020
    risk 0.64cvss 9.8epss 0.04

    SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.

  • CVE-2020-25207CriNov 16, 2020
    risk 0.64cvss 9.8epss 0.04

    JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.

  • CVE-2020-5664CriNov 16, 2020
    risk 0.64cvss 9.8epss 0.03

    Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors.