VYPR

CVEs

31,277 total · page 451 of 626

  • CVE-2019-20046CriFeb 14, 2020
    risk 0.64cvss 9.8epss 0.02

    The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. The affected product does not require adequate authentication, which may allow an attacker to read sensitive information or execute arbitrary code. This is…

  • CVE-2013-7287CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.01

    MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.

  • CVE-2013-7173CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.02

    Belkin n750 routers have a buffer overflow.

  • CVE-2013-7098CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.02

    OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.

  • CVE-2013-6362CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.01

    Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.

  • CVE-2013-1401CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.05

    Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll.

  • CVE-2013-1400CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.03

    Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action.

  • CVE-2014-4198CriFeb 13, 2020
    risk 0.59cvss 9.1epss 0.01

    A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function.

  • CVE-2014-4170CriFeb 13, 2020
    risk 0.68cvss 9.8epss 0.14

    A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.

  • CVE-2014-3919CriFeb 13, 2020
    risk 0.61cvss 9.3epss 0.01

    A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information.

  • CVE-2020-8803CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.03

    SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.

  • CVE-2020-8802CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.03

    SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.

  • CVE-2020-8614CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188.

  • CVE-2020-3763CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write.

  • CVE-2020-3762CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.03

    Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write.

  • CVE-2020-3760CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.07

    Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-3754CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-3752CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-3751CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-3750CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-3749CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-3746CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-3745CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-3743CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-3742CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-3740CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-8962CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.02

    A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint.

  • CVE-2020-8953CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.01

    OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).

  • CVE-2020-8964CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.04

    TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi…

  • CVE-2020-8963CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.03

    TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel…

  • CVE-2020-7209CriFeb 13, 2020
    risk 0.75cvss 9.8epss 0.99

    LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.

  • CVE-2020-8955CriFeb 12, 2020
    risk 0.00cvss 9.8epss 0.04

    irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).

  • CVE-2011-4908CriFeb 12, 2020
    risk 0.71cvss 9.8epss 0.56

    TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.

  • CVE-2011-4906CriFeb 12, 2020
    risk 0.67cvss 9.8epss 0.10

    Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.

  • CVE-2013-3725CriFeb 12, 2020
    risk 0.64cvss 9.8epss 0.02

    Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.

  • CVE-2013-6236CriFeb 12, 2020
    risk 0.68cvss 9.8epss 0.10

    IZON IP 2.0.2: hard-coded password vulnerability

  • CVE-2015-5617CriFeb 12, 2020
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.

  • CVE-2013-7381CriFeb 12, 2020
    risk 0.57cvss 9.8epss 0.03

    libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.

  • CVE-2013-2010CriFeb 12, 2020
    risk 0.73cvss 9.8epss 0.74

    WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability

  • CVE-2013-7378CriFeb 12, 2020
    risk 0.57cvss 9.8epss 0.03

    scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.

  • CVE-2014-9390CriFeb 12, 2020
    risk 0.65cvss 9.8epss 0.63

    Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all…

  • CVE-2014-2595CriFeb 12, 2020
    risk 0.68cvss 9.8epss 0.17

    Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.

  • CVE-2014-0234CriFeb 12, 2020
    risk 0.64cvss 9.8epss 0.04

    The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before…

  • CVE-2012-1124CriFeb 11, 2020
    risk 0.67cvss 9.8epss 0.04

    SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.

  • CVE-2014-9753CriFeb 11, 2020
    risk 0.57cvss 9.8epss 0.03

    confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter.

  • CVE-2013-3684CriFeb 11, 2020
    risk 0.68cvss 9.8epss 0.19

    NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload

  • CVE-2013-2057CriFeb 11, 2020
    risk 0.64cvss 9.8epss 0.02

    YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability

  • CVE-2013-1607CriFeb 11, 2020
    risk 0.64cvss 9.8epss 0.03

    Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability

  • CVE-2013-1359CriFeb 11, 2020
    risk 0.74cvss 9.8epss 0.89

    An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA…

  • CVE-2013-0803CriFeb 11, 2020
    risk 0.73cvss 9.8epss 0.75

    A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.