VYPR

CVEs

31,277 total · page 454 of 626

  • CVE-2019-20217CriJan 29, 2020
    risk 0.64cvss 9.8epss 0.04

    D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function,…

  • CVE-2019-20216CriJan 29, 2020
    risk 0.64cvss 9.8epss 0.04

    D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function,…

  • CVE-2019-20215CriJan 29, 2020
    risk 0.73cvss 9.8epss 0.75

    D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which…

  • CVE-2013-3214CriJan 28, 2020
    risk 0.73cvss 9.8epss 0.85

    vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.

  • CVE-2013-3071CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.02

    NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.

  • CVE-2013-2748CriJan 28, 2020
    risk 0.68cvss 9.8epss 0.13

    Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system.

  • CVE-2013-1599CriJan 28, 2020
    risk 0.70cvss 9.8epss 0.40

    A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L…

  • CVE-2020-4207CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.05

    IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker…

  • CVE-2015-8011CriJan 28, 2020
    risk 0.57cvss 9.8epss 0.05

    Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.

  • CVE-2020-8086CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.02

    The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.

  • CVE-2013-4864CriJan 28, 2020
    risk 0.67cvss 9.8epss 0.06

    MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.

  • CVE-2014-2914CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.03

    fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt.

  • CVE-2014-2898CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.03

    wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.

  • CVE-2014-2897CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.03

    The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.

  • CVE-2014-2896CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.03

    The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.

  • CVE-2013-2060CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.06

    The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.

  • CVE-2014-3445CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.05

    backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.

  • CVE-2013-2571CriJan 28, 2020
    risk 0.68cvss 9.8epss 0.16

    Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.

  • CVE-2013-1437CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.03

    Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.

  • CVE-2019-5464CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.03

    A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.

  • CVE-2019-15585CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.02

    Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account.

  • CVE-2019-8257CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…

  • CVE-2019-7131CriJan 28, 2020
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2013-2612CriJan 27, 2020
    risk 0.64cvss 9.8epss 0.03

    Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI.

  • CVE-2020-8088CriJan 27, 2020
    risk 0.64cvss 9.8epss 0.01

    panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.

  • CVE-2020-8087CriJan 27, 2020
    risk 0.64cvss 9.8epss 0.06

    SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by…

  • CVE-2014-8563CriJan 27, 2020
    risk 0.64cvss 9.8epss 0.03

    Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.

  • CVE-2014-8741CriJan 27, 2020
    risk 0.73cvss 9.8epss 0.77

    Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.

  • CVE-2013-7390CriJan 27, 2020
    risk 0.73cvss 9.8epss 0.75

    Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the…

  • CVE-2019-19825CriJan 27, 2020
    risk 0.66cvss 9.8epss 0.30

    On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The…

  • CVE-2019-17096CriJan 27, 2020
    risk 0.59cvss 9.0epss 0.02

    A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.

  • CVE-2013-4441CriJan 27, 2020
    risk 0.64cvss 9.8epss 0.02

    The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

  • CVE-2015-0244CriJan 27, 2020
    risk 0.57cvss 9.8epss 0.04

    PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter…

  • CVE-2019-20433CriJan 27, 2020
    risk 0.52cvss 9.1epss 0.02

    libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.

  • CVE-2013-4462CriJan 27, 2020
    risk 0.59cvss 9.1epss 0.03

    WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability

  • CVE-2013-3493CriJan 27, 2020
    risk 0.64cvss 9.8epss 0.02

    XnView 2.03 has an integer overflow vulnerability

  • CVE-2013-3492CriJan 27, 2020
    risk 0.64cvss 9.8epss 0.02

    XnView 2.03 has a stack-based buffer overflow vulnerability

  • CVE-2013-3486CriJan 27, 2020
    risk 0.63cvss 9.6epss 0.02

    IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability

  • CVE-2012-1495CriJan 27, 2020
    risk 0.73cvss 9.8epss 0.80

    install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.

  • CVE-2019-20427CriJan 27, 2020
    risk 0.64cvss 9.8epss 0.05

    In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a…

  • CVE-2020-8001CriJan 27, 2020
    risk 0.64cvss 9.8epss 0.02

    The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account.

  • CVE-2020-8000CriJan 27, 2020
    risk 0.64cvss 9.8epss 0.02

    Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account.

  • CVE-2020-7999CriJan 27, 2020
    risk 0.64cvss 9.8epss 0.01

    The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY.

  • CVE-2020-7995CriJan 26, 2020
    risk 0.64cvss 9.8epss 0.05

    The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.

  • CVE-2019-16029CriJan 26, 2020
    risk 0.59cvss 9.1epss 0.01

    A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of…

  • CVE-2020-7981CriJan 25, 2020
    risk 0.57cvss 9.8epss 0.01

    sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.

  • CVE-2020-7980CriJan 25, 2020
    risk 0.73cvss 9.8epss 0.83

    Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.

  • CVE-2013-1744CriJan 25, 2020
    risk 0.67cvss 9.8epss 0.05

    IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.

  • CVE-2019-5183CriJan 25, 2020
    risk 0.59cvss 9.0epss 0.02

    An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a…

  • CVE-2019-1353CriJan 24, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none…