| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-20046 | Cri | 0.64 | 9.8 | 0.02 | Feb 14, 2020 | The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. The affected product does not require adequate authentication, which may allow an attacker to read sensitive information or execute arbitrary code. This is… | ||
| CVE-2013-7287 | Cri | 0.64 | 9.8 | 0.01 | Feb 13, 2020 | MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. | ||
| CVE-2013-7173 | Cri | 0.64 | 9.8 | 0.02 | Feb 13, 2020 | Belkin n750 routers have a buffer overflow. | ||
| CVE-2013-7098 | Cri | 0.64 | 9.8 | 0.02 | Feb 13, 2020 | OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. | ||
| CVE-2013-6362 | Cri | 0.64 | 9.8 | 0.01 | Feb 13, 2020 | Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. | ||
| CVE-2013-1401 | Cri | 0.64 | 9.8 | 0.05 | Feb 13, 2020 | Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll. | ||
| CVE-2013-1400 | Cri | 0.64 | 9.8 | 0.03 | Feb 13, 2020 | Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action. | ||
| CVE-2014-4198 | Cri | 0.59 | 9.1 | 0.01 | Feb 13, 2020 | A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function. | ||
| CVE-2014-4170 | Cri | 0.68 | 9.8 | 0.14 | Feb 13, 2020 | A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information. | ||
| CVE-2014-3919 | Cri | 0.61 | 9.3 | 0.01 | Feb 13, 2020 | A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. | ||
| CVE-2020-8803 | Cri | 0.64 | 9.8 | 0.03 | Feb 13, 2020 | SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. | ||
| CVE-2020-8802 | Cri | 0.64 | 9.8 | 0.03 | Feb 13, 2020 | SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. | ||
| CVE-2020-8614 | Cri | 0.64 | 9.8 | 0.03 | Feb 13, 2020 | An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188. | ||
| CVE-2020-3763 | Cri | 0.64 | 9.8 | 0.04 | Feb 13, 2020 | Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write. | ||
| CVE-2020-3762 | Cri | 0.64 | 9.8 | 0.03 | Feb 13, 2020 | Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write. | ||
| CVE-2020-3760 | Cri | 0.64 | 9.8 | 0.07 | Feb 13, 2020 | Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-3754 | Cri | 0.64 | 9.8 | 0.05 | Feb 13, 2020 | Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-3752 | Cri | 0.64 | 9.8 | 0.05 | Feb 13, 2020 | Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-3751 | Cri | 0.64 | 9.8 | 0.05 | Feb 13, 2020 | Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-3750 | Cri | 0.64 | 9.8 | 0.05 | Feb 13, 2020 | Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-3749 | Cri | 0.64 | 9.8 | 0.05 | Feb 13, 2020 | Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-3746 | Cri | 0.64 | 9.8 | 0.05 | Feb 13, 2020 | Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-3745 | Cri | 0.64 | 9.8 | 0.05 | Feb 13, 2020 | Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-3743 | Cri | 0.64 | 9.8 | 0.05 | Feb 13, 2020 | Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-3742 | Cri | 0.64 | 9.8 | 0.06 | Feb 13, 2020 | Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-3740 | Cri | 0.64 | 9.8 | 0.05 | Feb 13, 2020 | Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-8962 | Cri | 0.64 | 9.8 | 0.02 | Feb 13, 2020 | A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint. | ||
| CVE-2020-8953 | Cri | 0.64 | 9.8 | 0.01 | Feb 13, 2020 | OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication). | ||
| CVE-2020-8964 | Cri | 0.64 | 9.8 | 0.04 | Feb 13, 2020 | TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi… | ||
| CVE-2020-8963 | Cri | 0.64 | 9.8 | 0.03 | Feb 13, 2020 | TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel… | ||
| CVE-2020-7209 | Cri | 0.75 | 9.8 | 0.99 | Feb 13, 2020 | LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. | ||
| CVE-2020-8955 | Cri | 0.00 | 9.8 | 0.04 | Feb 12, 2020 | irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode). | ||
| CVE-2011-4908 | Cri | 0.71 | 9.8 | 0.56 | Feb 12, 2020 | TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. | ||
| CVE-2011-4906 | Cri | 0.67 | 9.8 | 0.10 | Feb 12, 2020 | Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. | ||
| CVE-2013-3725 | Cri | 0.64 | 9.8 | 0.02 | Feb 12, 2020 | Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. | ||
| CVE-2013-6236 | Cri | 0.68 | 9.8 | 0.10 | Feb 12, 2020 | IZON IP 2.0.2: hard-coded password vulnerability | ||
| CVE-2015-5617 | Cri | 0.64 | 9.8 | 0.02 | Feb 12, 2020 | SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter. | ||
| CVE-2013-7381 | — | Cri | 0.57 | 9.8 | 0.03 | Feb 12, 2020 | libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. | |
| CVE-2013-2010 | Cri | 0.73 | 9.8 | 0.74 | Feb 12, 2020 | WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability | ||
| CVE-2013-7378 | — | Cri | 0.57 | 9.8 | 0.03 | Feb 12, 2020 | scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. | |
| CVE-2014-9390 | — | Cri | 0.65 | 9.8 | 0.63 | Feb 12, 2020 | Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all… | |
| CVE-2014-2595 | Cri | 0.68 | 9.8 | 0.17 | Feb 12, 2020 | Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. | ||
| CVE-2014-0234 | Cri | 0.64 | 9.8 | 0.04 | Feb 12, 2020 | The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before… | ||
| CVE-2012-1124 | Cri | 0.67 | 9.8 | 0.04 | Feb 11, 2020 | SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. | ||
| CVE-2014-9753 | Cri | 0.57 | 9.8 | 0.03 | Feb 11, 2020 | confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. | ||
| CVE-2013-3684 | Cri | 0.68 | 9.8 | 0.19 | Feb 11, 2020 | NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload | ||
| CVE-2013-2057 | Cri | 0.64 | 9.8 | 0.02 | Feb 11, 2020 | YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability | ||
| CVE-2013-1607 | — | Cri | 0.64 | 9.8 | 0.03 | Feb 11, 2020 | Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability | |
| CVE-2013-1359 | Cri | 0.74 | 9.8 | 0.89 | Feb 11, 2020 | An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA… | ||
| CVE-2013-0803 | Cri | 0.73 | 9.8 | 0.75 | Feb 11, 2020 | A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. |
- risk 0.64cvss 9.8epss 0.02
The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. The affected product does not require adequate authentication, which may allow an attacker to read sensitive information or execute arbitrary code. This is…
- risk 0.64cvss 9.8epss 0.01
MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.
- risk 0.64cvss 9.8epss 0.02
Belkin n750 routers have a buffer overflow.
- risk 0.64cvss 9.8epss 0.02
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.
- risk 0.64cvss 9.8epss 0.01
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.
- risk 0.64cvss 9.8epss 0.05
Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll.
- risk 0.64cvss 9.8epss 0.03
Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action.
- risk 0.59cvss 9.1epss 0.01
A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function.
- risk 0.68cvss 9.8epss 0.14
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.
- risk 0.61cvss 9.3epss 0.01
A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information.
- risk 0.64cvss 9.8epss 0.03
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
- risk 0.64cvss 9.8epss 0.03
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188.
- risk 0.64cvss 9.8epss 0.04
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write.
- risk 0.64cvss 9.8epss 0.03
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write.
- risk 0.64cvss 9.8epss 0.07
Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.05
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.64cvss 9.8epss 0.05
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.64cvss 9.8epss 0.05
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.64cvss 9.8epss 0.05
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.64cvss 9.8epss 0.05
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.64cvss 9.8epss 0.05
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.64cvss 9.8epss 0.05
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.64cvss 9.8epss 0.05
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.64cvss 9.8epss 0.06
Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.64cvss 9.8epss 0.05
Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint.
- risk 0.64cvss 9.8epss 0.01
OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
- risk 0.64cvss 9.8epss 0.04
TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi…
- risk 0.64cvss 9.8epss 0.03
TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel…
- risk 0.75cvss 9.8epss 0.99
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
- risk 0.00cvss 9.8epss 0.04
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).
- risk 0.71cvss 9.8epss 0.56
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
- risk 0.67cvss 9.8epss 0.10
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.
- risk 0.64cvss 9.8epss 0.02
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.
- risk 0.68cvss 9.8epss 0.10
IZON IP 2.0.2: hard-coded password vulnerability
- risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.
- risk 0.57cvss 9.8epss 0.03
libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.
- risk 0.73cvss 9.8epss 0.74
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
- risk 0.57cvss 9.8epss 0.03
scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.
- risk 0.65cvss 9.8epss 0.63
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all…
- risk 0.68cvss 9.8epss 0.17
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.
- risk 0.64cvss 9.8epss 0.04
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before…
- risk 0.67cvss 9.8epss 0.04
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.
- risk 0.57cvss 9.8epss 0.03
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter.
- risk 0.68cvss 9.8epss 0.19
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload
- risk 0.64cvss 9.8epss 0.02
YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability
- risk 0.64cvss 9.8epss 0.03
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability
- risk 0.74cvss 9.8epss 0.89
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA…
- risk 0.73cvss 9.8epss 0.75
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.