| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9614 | Cri | 0.69 | 9.8 | 0.67 | Feb 19, 2020 | The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. | ||
| CVE-2014-9613 | Cri | 0.67 | 9.8 | 0.04 | Feb 19, 2020 | Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php. | ||
| CVE-2014-9612 | Cri | 0.67 | 9.8 | 0.05 | Feb 19, 2020 | SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter. | ||
| CVE-2020-6061 | Cri | 0.64 | 9.8 | 0.05 | Feb 19, 2020 | An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this… | ||
| CVE-2020-8441 | Cri | 0.64 | 9.8 | 0.05 | Feb 19, 2020 | JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product. | ||
| CVE-2019-4640 | Cri | 0.64 | 9.8 | 0.01 | Feb 19, 2020 | IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046. | ||
| CVE-2014-2727 | Cri | 0.64 | 9.8 | 0.02 | Feb 19, 2020 | The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. | ||
| CVE-2014-2228 | Cri | 0.64 | 9.8 | 0.03 | Feb 19, 2020 | The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. | ||
| CVE-2016-1000005 | Cri | 0.57 | 9.8 | 0.01 | Feb 19, 2020 | mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between… | ||
| CVE-2016-1000004 | Cri | 0.57 | 9.8 | 0.01 | Feb 19, 2020 | Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). | ||
| CVE-2014-3622 | Cri | 0.64 | 9.8 | 0.03 | Feb 19, 2020 | Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value. | ||
| CVE-2019-20478 | Cri | 0.64 | 9.8 | 0.07 | Feb 19, 2020 | In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases. | ||
| CVE-2019-20477 | — | Cri | 0.64 | 9.8 | 0.05 | Feb 19, 2020 | PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. | |
| CVE-2020-7796 | Cri | 0.76 | 9.8 | 0.85 | KEV | Feb 18, 2020 | Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | |
| CVE-2015-7567 | — | Cri | 0.60 | 9.8 | 0.04 | Feb 18, 2020 | SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter. | |
| CVE-2019-10791 | — | Cri | 0.57 | 9.8 | 0.02 | Feb 18, 2020 | promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization. | |
| CVE-2014-3879 | Cri | 0.64 | 9.8 | 0.03 | Feb 18, 2020 | OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login… | ||
| CVE-2013-6295 | Cri | 0.57 | 9.8 | 0.02 | Feb 18, 2020 | PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | ||
| CVE-2013-3323 | Cri | 0.64 | 9.8 | 0.03 | Feb 18, 2020 | A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | ||
| CVE-2020-7450 | Cri | 0.64 | 9.8 | 0.03 | Feb 18, 2020 | In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable… | ||
| CVE-2019-5613 | Cri | 0.64 | 9.8 | 0.01 | Feb 18, 2020 | In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated. | ||
| CVE-2014-4967 | — | Cri | 0.57 | 9.8 | 0.04 | Feb 18, 2020 | Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing "… | |
| CVE-2014-4966 | — | Cri | 0.57 | 9.8 | 0.04 | Feb 18, 2020 | Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | |
| CVE-2015-6970 | Cri | 0.67 | 9.8 | 0.05 | Feb 18, 2020 | The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml. | ||
| CVE-2014-4651 | Cri | 0.64 | 9.8 | 0.02 | Feb 18, 2020 | It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks. | ||
| CVE-2013-4454 | Cri | 0.59 | 9.1 | 0.04 | Feb 18, 2020 | WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities | ||
| CVE-2015-1425 | Cri | 0.64 | 9.8 | 0.02 | Feb 18, 2020 | JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities | ||
| CVE-2020-8012 | Cri | 0.73 | 9.8 | 0.78 | Feb 18, 2020 | CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code. | ||
| CVE-2020-8010 | Cri | 0.71 | 9.8 | 0.49 | Feb 18, 2020 | CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. | ||
| CVE-2014-8089 | — | Cri | 0.64 | 9.8 | 0.03 | Feb 17, 2020 | SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | |
| CVE-2014-7236 | Cri | 0.67 | 9.1 | 0.56 | Feb 17, 2020 | Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. | ||
| CVE-2014-4981 | Cri | 0.64 | 9.8 | 0.06 | Feb 17, 2020 | LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | ||
| CVE-2020-8768 | Cri | 0.61 | 9.4 | 0.02 | Feb 17, 2020 | An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website… | ||
| CVE-2015-6922 | Cri | 0.66 | 9.8 | 0.82 | Feb 17, 2020 | Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted… | ||
| CVE-2013-3738 | Cri | 0.64 | 9.8 | 0.03 | Feb 17, 2020 | A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. | ||
| CVE-2020-9006 | Cri | 0.64 | 9.8 | 0.09 | Feb 17, 2020 | The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary… | ||
| CVE-2020-8518 | Cri | 0.72 | 9.8 | 0.72 | Feb 17, 2020 | Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | ||
| CVE-2020-8427 | Cri | 0.64 | 9.8 | 0.02 | Feb 17, 2020 | In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass. | ||
| CVE-2020-5531 | Cri | 0.64 | 9.8 | 0.02 | Feb 17, 2020 | Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function… | ||
| CVE-2020-9027 | Cri | 0.64 | 9.8 | 0.03 | Feb 17, 2020 | ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected. | ||
| CVE-2020-9026 | Cri | 0.64 | 9.8 | 0.03 | Feb 17, 2020 | ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected. | ||
| CVE-2020-9024 | Cri | 0.64 | 9.8 | 0.02 | Feb 17, 2020 | Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts. | ||
| CVE-2020-9023 | Cri | 0.64 | 9.8 | 0.01 | Feb 17, 2020 | Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password. | ||
| CVE-2020-9021 | Cri | 0.64 | 9.8 | 0.02 | Feb 17, 2020 | Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. | ||
| CVE-2020-9020 | Cri | 0.64 | 9.8 | 0.03 | Feb 17, 2020 | Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. | ||
| CVE-2020-8129 | — | Cri | 0.64 | 9.8 | 0.03 | Feb 14, 2020 | An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. | |
| CVE-2020-8128 | Cri | 0.64 | 9.8 | 0.03 | Feb 14, 2020 | An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. | ||
| CVE-2019-4392 | Cri | 0.64 | 9.8 | 0.01 | Feb 14, 2020 | HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. | ||
| CVE-2013-4211 | Cri | 0.73 | 9.8 | 0.76 | Feb 14, 2020 | A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code | ||
| CVE-2020-8612 | Cri | 0.59 | 9.0 | 0.02 | Feb 14, 2020 | In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS. |
- risk 0.69cvss 9.8epss 0.67
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.
- risk 0.67cvss 9.8epss 0.04
Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php.
- risk 0.67cvss 9.8epss 0.05
SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter.
- risk 0.64cvss 9.8epss 0.05
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this…
- risk 0.64cvss 9.8epss 0.05
JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product.
- risk 0.64cvss 9.8epss 0.01
IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046.
- risk 0.64cvss 9.8epss 0.02
The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.
- risk 0.64cvss 9.8epss 0.03
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.
- risk 0.57cvss 9.8epss 0.01
mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between…
- risk 0.57cvss 9.8epss 0.01
Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
- risk 0.64cvss 9.8epss 0.03
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
- risk 0.64cvss 9.8epss 0.07
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases.
- risk 0.64cvss 9.8epss 0.05
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
- risk 0.76cvss 9.8epss 0.85
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
- risk 0.60cvss 9.8epss 0.04
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.
- risk 0.57cvss 9.8epss 0.02
promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.
- risk 0.64cvss 9.8epss 0.03
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login…
- risk 0.57cvss 9.8epss 0.02
PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module
- risk 0.64cvss 9.8epss 0.03
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
- risk 0.64cvss 9.8epss 0.03
In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable…
- risk 0.64cvss 9.8epss 0.01
In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated.
- risk 0.57cvss 9.8epss 0.04
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing "…
- risk 0.57cvss 9.8epss 0.04
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.
- risk 0.67cvss 9.8epss 0.05
The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.
- risk 0.64cvss 9.8epss 0.02
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks.
- risk 0.59cvss 9.1epss 0.04
WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities
- risk 0.64cvss 9.8epss 0.02
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities
- risk 0.73cvss 9.8epss 0.78
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
- risk 0.71cvss 9.8epss 0.49
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
- risk 0.67cvss 9.1epss 0.56
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
- risk 0.64cvss 9.8epss 0.06
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters.
- risk 0.61cvss 9.4epss 0.02
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website…
- risk 0.66cvss 9.8epss 0.82
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted…
- risk 0.64cvss 9.8epss 0.03
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.
- risk 0.64cvss 9.8epss 0.09
The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary…
- risk 0.72cvss 9.8epss 0.72
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
- risk 0.64cvss 9.8epss 0.02
In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.
- risk 0.64cvss 9.8epss 0.02
Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function…
- risk 0.64cvss 9.8epss 0.03
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected.
- risk 0.64cvss 9.8epss 0.03
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected.
- risk 0.64cvss 9.8epss 0.02
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts.
- risk 0.64cvss 9.8epss 0.01
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password.
- risk 0.64cvss 9.8epss 0.02
Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter.
- risk 0.64cvss 9.8epss 0.03
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.
- risk 0.64cvss 9.8epss 0.03
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.03
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.01
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system.
- risk 0.73cvss 9.8epss 0.76
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
- risk 0.59cvss 9.0epss 0.02
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS.