| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-17512 | Cri | 0.59 | 9.1 | 0.02 | Oct 16, 2019 | There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces. | ||
| CVE-2019-16700 | — | Cri | 0.64 | 9.8 | 0.03 | Oct 16, 2019 | The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since… | |
| CVE-2019-16699 | — | Cri | 0.64 | 9.8 | 0.02 | Oct 16, 2019 | The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution. | |
| CVE-2019-15260 | Cri | 0.64 | 9.8 | 0.03 | Oct 16, 2019 | A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected… | ||
| CVE-2019-3025 | Cri | 0.63 | 9.0 | 0.14 | Oct 16, 2019 | Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality… | ||
| CVE-2019-3020 | Cri | 0.61 | 9.3 | 0.02 | Oct 16, 2019 | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 15.1.0-15.2.18, 16.1.0-16.2.18, 17.1.0-17.12.14 and 18.1.0-18.8.11. Easily exploitable… | ||
| CVE-2019-2904 | Cri | 0.65 | 9.8 | 0.14 | Oct 16, 2019 | Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via… | ||
| CVE-2019-17662 | Cri | 0.74 | 9.8 | 0.97 | Oct 16, 2019 | ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be… | ||
| CVE-2019-6334 | Cri | 0.64 | 9.8 | 0.04 | Oct 16, 2019 | HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code. | ||
| CVE-2019-10458 | Cri | 0.65 | 9.9 | 0.02 | Oct 16, 2019 | Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | ||
| CVE-2019-17626 | — | Cri | 0.65 | 9.8 | 0.10 | Oct 16, 2019 | ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. | |
| CVE-2019-17625 | — | Cri | 0.59 | 9.0 | 0.03 | Oct 16, 2019 | There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for… | |
| CVE-2016-11014 | Cri | 0.64 | 9.8 | 0.03 | Oct 16, 2019 | NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. | ||
| CVE-2019-17613 | Cri | 0.64 | 9.8 | 0.03 | Oct 15, 2019 | qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as… | ||
| CVE-2019-17395 | Cri | 0.64 | 9.8 | 0.01 | Oct 15, 2019 | In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||
| CVE-2019-17602 | Cri | 0.70 | 9.8 | 0.82 | Oct 15, 2019 | An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated. | ||
| CVE-2019-17601 | Cri | 0.64 | 9.8 | 0.03 | Oct 15, 2019 | In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued. | ||
| CVE-2019-17398 | Cri | 0.64 | 9.8 | 0.01 | Oct 15, 2019 | In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat. | ||
| CVE-2019-17396 | Cri | 0.64 | 9.8 | 0.01 | Oct 15, 2019 | In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||
| CVE-2019-17394 | Cri | 0.64 | 9.8 | 0.01 | Oct 15, 2019 | In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||
| CVE-2019-17355 | Cri | 0.64 | 9.8 | 0.01 | Oct 15, 2019 | In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||
| CVE-2019-17397 | Cri | 0.64 | 9.8 | 0.01 | Oct 15, 2019 | In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||
| CVE-2019-10760 | — | Cri | 0.58 | 9.9 | 0.03 | Oct 15, 2019 | safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. | |
| CVE-2019-10759 | — | Cri | 0.64 | 9.9 | 0.02 | Oct 15, 2019 | safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. | |
| CVE-2019-17600 | Cri | 0.64 | 9.8 | 0.01 | Oct 15, 2019 | Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled. | ||
| CVE-2019-17195 | — | Cri | 0.65 | 9.8 | 0.11 | Oct 15, 2019 | Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. | |
| CVE-2019-12941 | Cri | 0.64 | 9.8 | 0.02 | Oct 14, 2019 | AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash… | ||
| CVE-2017-14948 | Cri | 0.64 | 9.8 | 0.05 | Oct 14, 2019 | Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could… | ||
| CVE-2019-16278 | Cri | 0.87 | 9.8 | 0.99 | KEV | Oct 14, 2019 | Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. | |
| CVE-2019-17580 | Cri | 0.64 | 9.8 | 0.01 | Oct 14, 2019 | tonyy dormsystem through 1.3 allows SQL Injection in admin.php. | ||
| CVE-2019-17574 | Cri | 0.53 | 9.1 | 0.09 | Oct 14, 2019 | An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of… | ||
| CVE-2019-17553 | Cri | 0.64 | 9.8 | 0.02 | Oct 14, 2019 | An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI. | ||
| CVE-2019-17552 | Cri | 0.64 | 9.8 | 0.01 | Oct 14, 2019 | An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload. | ||
| CVE-2019-17408 | Cri | 0.64 | 9.8 | 0.04 | Oct 14, 2019 | parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr. | ||
| CVE-2019-17545 | Cri | 0.57 | 9.8 | 0.03 | Oct 14, 2019 | GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | ||
| CVE-2019-17544 | Cri | 0.52 | 9.1 | 0.03 | Oct 14, 2019 | libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. | ||
| CVE-2019-17542 | Cri | 0.57 | 9.8 | 0.02 | Oct 14, 2019 | FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. | ||
| CVE-2019-17539 | Cri | 0.57 | 9.8 | 0.02 | Oct 14, 2019 | In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. | ||
| CVE-2019-17531 | — | Cri | 0.57 | 9.8 | 0.05 | Oct 12, 2019 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the… | |
| CVE-2019-17510 | Cri | 0.64 | 9.8 | 0.04 | Oct 11, 2019 | D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php. | ||
| CVE-2019-17509 | Cri | 0.64 | 9.8 | 0.03 | Oct 11, 2019 | D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php. | ||
| CVE-2019-17508 | Cri | 0.68 | 9.8 | 0.16 | Oct 11, 2019 | On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. | ||
| CVE-2019-17506 | Cri | 0.68 | 9.8 | 0.57 | Oct 11, 2019 | There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with… | ||
| CVE-2018-21027 | Cri | 0.00 | 9.8 | 0.02 | Oct 11, 2019 | Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled. | ||
| CVE-2019-17059 | Cri | 0.64 | 9.8 | 0.07 | Oct 11, 2019 | A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles. | ||
| CVE-2019-17495 | — | Cri | 0.57 | 9.8 | 0.06 | Oct 10, 2019 | A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product… | |
| CVE-2019-9533 | Cri | 0.64 | 9.8 | 0.02 | Oct 10, 2019 | The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device. | ||
| CVE-2019-9531 | Cri | 0.64 | 9.8 | 0.03 | Oct 10, 2019 | The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide… | ||
| CVE-2019-11526 | Cri | 0.64 | 9.8 | 0.02 | Oct 10, 2019 | An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations. | ||
| CVE-2019-17455 | Cri | 0.64 | 9.8 | 0.03 | Oct 10, 2019 | Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. |
- risk 0.59cvss 9.1epss 0.02
There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces.
- risk 0.64cvss 9.8epss 0.03
The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since…
- risk 0.64cvss 9.8epss 0.02
The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.
- risk 0.64cvss 9.8epss 0.03
A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected…
- risk 0.63cvss 9.0epss 0.14
Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality…
- risk 0.61cvss 9.3epss 0.02
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 15.1.0-15.2.18, 16.1.0-16.2.18, 17.1.0-17.12.14 and 18.1.0-18.8.11. Easily exploitable…
- risk 0.65cvss 9.8epss 0.14
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…
- risk 0.74cvss 9.8epss 0.97
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be…
- risk 0.64cvss 9.8epss 0.04
HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code.
- risk 0.65cvss 9.9epss 0.02
Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
- risk 0.65cvss 9.8epss 0.10
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
- risk 0.59cvss 9.0epss 0.03
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for…
- risk 0.64cvss 9.8epss 0.03
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.
- risk 0.64cvss 9.8epss 0.03
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as…
- risk 0.64cvss 9.8epss 0.01
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
- risk 0.70cvss 9.8epss 0.82
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
- risk 0.64cvss 9.8epss 0.03
In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued.
- risk 0.64cvss 9.8epss 0.01
In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat.
- risk 0.64cvss 9.8epss 0.01
In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
- risk 0.64cvss 9.8epss 0.01
In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
- risk 0.64cvss 9.8epss 0.01
In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
- risk 0.64cvss 9.8epss 0.01
In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
- risk 0.58cvss 9.9epss 0.03
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
- risk 0.64cvss 9.9epss 0.02
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
- risk 0.64cvss 9.8epss 0.01
Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.
- risk 0.65cvss 9.8epss 0.11
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
- risk 0.64cvss 9.8epss 0.02
AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash…
- risk 0.64cvss 9.8epss 0.05
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could…
- risk 0.87cvss 9.8epss 0.99
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
- risk 0.64cvss 9.8epss 0.01
tonyy dormsystem through 1.3 allows SQL Injection in admin.php.
- risk 0.53cvss 9.1epss 0.09
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload.
- risk 0.64cvss 9.8epss 0.04
parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr.
- risk 0.57cvss 9.8epss 0.03
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
- risk 0.52cvss 9.1epss 0.03
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.
- risk 0.57cvss 9.8epss 0.02
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
- risk 0.57cvss 9.8epss 0.02
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
- risk 0.57cvss 9.8epss 0.05
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the…
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.
- risk 0.64cvss 9.8epss 0.03
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php.
- risk 0.68cvss 9.8epss 0.16
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.
- risk 0.68cvss 9.8epss 0.57
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with…
- risk 0.00cvss 9.8epss 0.02
Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled.
- risk 0.64cvss 9.8epss 0.07
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.
- risk 0.57cvss 9.8epss 0.06
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product…
- risk 0.64cvss 9.8epss 0.02
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
- risk 0.64cvss 9.8epss 0.03
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.
- risk 0.64cvss 9.8epss 0.03
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.