VYPR

CVEs

31,277 total · page 457 of 626

  • CVE-2020-6162CriJan 10, 2020
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c.

  • CVE-2014-5093CriJan 10, 2020
    risk 0.67cvss 9.8epss 0.04

    Status2k does not remove the install directory allowing credential reset.

  • CVE-2013-7380CriJan 10, 2020
    risk 0.64cvss 9.8epss 0.02

    The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability

  • CVE-2014-5081CriJan 10, 2020
    risk 0.68cvss 9.8epss 0.10

    sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass

  • CVE-2014-4984CriJan 10, 2020
    risk 0.64cvss 9.8epss 0.03

    Déjà Vu Crescendo Sales CRM has remote SQL Injection

  • CVE-2014-4982CriJan 10, 2020
    risk 0.64cvss 9.8epss 0.05

    LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.

  • CVE-2020-6756CriJan 9, 2020
    risk 0.68cvss 9.8epss 0.11

    languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.

  • CVE-2019-20374CriJan 9, 2020
    risk 0.00cvss 9.6epss 0.02

    A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to…

  • CVE-2012-3807CriJan 9, 2020
    risk 0.69cvss 9.8epss 0.32

    Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.

  • CVE-2012-2226CriJan 9, 2020
    risk 0.67cvss 9.8epss 0.07

    Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.

  • CVE-2012-2714CriJan 9, 2020
    risk 0.64cvss 9.8epss 0.03

    The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.

  • CVE-2012-1259CriJan 9, 2020
    risk 0.67cvss 9.8epss 0.04

    Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to…

  • CVE-2019-6330CriJan 9, 2020
    risk 0.64cvss 9.8epss 0.02

    A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.

  • CVE-2019-4651CriJan 9, 2020
    risk 0.64cvss 9.8epss 0.01

    IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962.

  • CVE-2014-3449CriJan 9, 2020
    risk 0.64cvss 9.8epss 0.03

    BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability

  • CVE-2014-3448CriJan 9, 2020
    risk 0.64cvss 9.8epss 0.04

    BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload

  • CVE-2014-2651CriJan 9, 2020
    risk 0.64cvss 9.8epss 0.02

    Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface

  • CVE-2014-2650CriJan 9, 2020
    risk 0.64cvss 9.8epss 0.03

    Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface

  • CVE-2011-5266CriJan 8, 2020
    risk 0.64cvss 9.8epss 0.01

    Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.

  • CVE-2019-9812CriJan 8, 2020
    risk 0.61cvss 9.3epss 0.01

    Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then…

  • CVE-2020-5510CriJan 8, 2020
    risk 0.64cvss 9.8epss 0.02

    PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.

  • CVE-2019-19495CriJan 8, 2020
    risk 0.64cvss 9.8epss 0.04

    The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET…

  • CVE-2019-5082CriJan 8, 2020
    risk 0.64cvss 9.8epss 0.03

    An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can…

  • CVE-2019-20367CriJan 8, 2020
    risk 0.52cvss 9.1epss 0.03

    nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).

  • CVE-2019-10777CriJan 8, 2020
    risk 0.64cvss 9.8epss 0.02

    In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName".

  • CVE-2019-19518CriJan 8, 2020
    risk 0.64cvss 9.8epss 0.03

    CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands.

  • CVE-2019-17076CriJan 8, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data when parsing JSON in several APIs may cause Denial of Service (DoS), remote code execution (RCE), and/or deletion of files on the Jamf Pro server.

  • CVE-2019-10778CriJan 8, 2020
    risk 0.57cvss 9.8epss 0.03

    devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization.

  • CVE-2014-2072CriJan 8, 2020
    risk 0.67cvss 9.8epss 0.07

    Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks

  • CVE-2014-1860CriJan 8, 2020
    risk 0.64cvss 9.8epss 0.04

    Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities

  • CVE-2014-1409CriJan 8, 2020
    risk 0.59cvss 9.1epss 0.04

    MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords

  • CVE-2014-1598CriJan 8, 2020
    risk 0.64cvss 9.8epss 0.01

    centurystar 7.12 ActiveX Control has a Stack Buffer Overflow

  • CVE-2020-6170CriJan 8, 2020
    risk 0.67cvss 9.8epss 0.07

    An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.

  • CVE-2019-20361CriJan 8, 2020
    risk 0.74cvss 9.8epss 0.85

    There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).

  • CVE-2019-17146CriJan 7, 2020
    risk 0.64cvss 9.8epss 0.10

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default.…

  • CVE-2020-5841CriJan 7, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication.

  • CVE-2019-14906CriJan 7, 2020
    risk 0.64cvss 9.8epss 0.02

    A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface…

  • CVE-2020-5307CriJan 7, 2020
    risk 0.65cvss 9.8epss 0.16

    PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and…

  • CVE-2019-10776CriJan 7, 2020
    risk 0.57cvss 9.8epss 0.02

    In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2.

  • CVE-2014-8673CriJan 7, 2020
    risk 0.68cvss 9.8epss 0.12

    Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.

  • CVE-2019-14837CriJan 7, 2020
    risk 0.52cvss 9.1epss 0.02

    A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be…

  • CVE-2013-5122CriJan 7, 2020
    risk 0.64cvss 9.8epss 0.04

    Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access

  • CVE-2015-5951CriJan 6, 2020
    risk 0.65cvss 9.9epss 0.03

    A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.

  • CVE-2019-16273CriJan 6, 2020
    risk 0.64cvss 9.8epss 0.02

    DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing…

  • CVE-2019-16272CriJan 6, 2020
    risk 0.64cvss 9.8epss 0.01

    On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement.

  • CVE-2020-5514CriJan 6, 2020
    risk 0.63cvss 9.1epss 0.44

    Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.

  • CVE-2019-18792CriJan 6, 2020
    risk 0.52cvss 9.1epss 0.03

    An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data)…

  • CVE-2016-11017CriJan 6, 2020
    risk 0.64cvss 9.8epss 0.04

    The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login…

  • CVE-2019-20343CriJan 6, 2020
    risk 0.64cvss 9.8epss 0.02

    The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an…

  • CVE-2020-5519CriJan 6, 2020
    risk 0.57cvss 9.8epss 0.01

    The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen.