VYPR

CVEs

31,277 total · page 470 of 626

  • CVE-2019-17512CriOct 16, 2019
    risk 0.59cvss 9.1epss 0.02

    There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces.

  • CVE-2019-16700CriOct 16, 2019
    risk 0.64cvss 9.8epss 0.03

    The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since…

  • CVE-2019-16699CriOct 16, 2019
    risk 0.64cvss 9.8epss 0.02

    The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.

  • CVE-2019-15260CriOct 16, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected…

  • CVE-2019-3025CriOct 16, 2019
    risk 0.63cvss 9.0epss 0.14

    Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality…

  • CVE-2019-3020CriOct 16, 2019
    risk 0.61cvss 9.3epss 0.02

    Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 15.1.0-15.2.18, 16.1.0-16.2.18, 17.1.0-17.12.14 and 18.1.0-18.8.11. Easily exploitable…

  • CVE-2019-2904CriOct 16, 2019
    risk 0.65cvss 9.8epss 0.14

    Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2019-17662CriOct 16, 2019
    risk 0.74cvss 9.8epss 0.97

    ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be…

  • CVE-2019-6334CriOct 16, 2019
    risk 0.64cvss 9.8epss 0.04

    HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code.

  • CVE-2019-10458CriOct 16, 2019
    risk 0.65cvss 9.9epss 0.02

    Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

  • CVE-2019-17626CriOct 16, 2019
    risk 0.65cvss 9.8epss 0.10

    ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

  • CVE-2019-17625CriOct 16, 2019
    risk 0.59cvss 9.0epss 0.03

    There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for…

  • CVE-2016-11014CriOct 16, 2019
    risk 0.64cvss 9.8epss 0.03

    NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.

  • CVE-2019-17613CriOct 15, 2019
    risk 0.64cvss 9.8epss 0.03

    qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as…

  • CVE-2019-17395CriOct 15, 2019
    risk 0.64cvss 9.8epss 0.01

    In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

  • CVE-2019-17602CriOct 15, 2019
    risk 0.70cvss 9.8epss 0.82

    An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.

  • CVE-2019-17601CriOct 15, 2019
    risk 0.64cvss 9.8epss 0.03

    In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued.

  • CVE-2019-17398CriOct 15, 2019
    risk 0.64cvss 9.8epss 0.01

    In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat.

  • CVE-2019-17396CriOct 15, 2019
    risk 0.64cvss 9.8epss 0.01

    In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

  • CVE-2019-17394CriOct 15, 2019
    risk 0.64cvss 9.8epss 0.01

    In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

  • CVE-2019-17355CriOct 15, 2019
    risk 0.64cvss 9.8epss 0.01

    In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

  • CVE-2019-17397CriOct 15, 2019
    risk 0.64cvss 9.8epss 0.01

    In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

  • CVE-2019-10760CriOct 15, 2019
    risk 0.58cvss 9.9epss 0.03

    safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.

  • CVE-2019-10759CriOct 15, 2019
    risk 0.64cvss 9.9epss 0.02

    safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.

  • CVE-2019-17600CriOct 15, 2019
    risk 0.64cvss 9.8epss 0.01

    Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.

  • CVE-2019-17195CriOct 15, 2019
    risk 0.65cvss 9.8epss 0.11

    Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

  • CVE-2019-12941CriOct 14, 2019
    risk 0.64cvss 9.8epss 0.02

    AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash…

  • CVE-2017-14948CriOct 14, 2019
    risk 0.64cvss 9.8epss 0.05

    Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could…

  • CVE-2019-16278CriKEVOct 14, 2019
    risk 0.87cvss 9.8epss 0.99

    Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.

  • CVE-2019-17580CriOct 14, 2019
    risk 0.64cvss 9.8epss 0.01

    tonyy dormsystem through 1.3 allows SQL Injection in admin.php.

  • CVE-2019-17574CriOct 14, 2019
    risk 0.53cvss 9.1epss 0.09

    An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of…

  • CVE-2019-17553CriOct 14, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI.

  • CVE-2019-17552CriOct 14, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload.

  • CVE-2019-17408CriOct 14, 2019
    risk 0.64cvss 9.8epss 0.04

    parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr.

  • CVE-2019-17545CriOct 14, 2019
    risk 0.57cvss 9.8epss 0.03

    GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

  • CVE-2019-17544CriOct 14, 2019
    risk 0.52cvss 9.1epss 0.03

    libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

  • CVE-2019-17542CriOct 14, 2019
    risk 0.57cvss 9.8epss 0.02

    FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.

  • CVE-2019-17539CriOct 14, 2019
    risk 0.57cvss 9.8epss 0.02

    In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.

  • CVE-2019-17531CriOct 12, 2019
    risk 0.57cvss 9.8epss 0.05

    A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the…

  • CVE-2019-17510CriOct 11, 2019
    risk 0.64cvss 9.8epss 0.04

    D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.

  • CVE-2019-17509CriOct 11, 2019
    risk 0.64cvss 9.8epss 0.03

    D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php.

  • CVE-2019-17508CriOct 11, 2019
    risk 0.68cvss 9.8epss 0.16

    On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.

  • CVE-2019-17506CriOct 11, 2019
    risk 0.68cvss 9.8epss 0.57

    There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with…

  • CVE-2018-21027CriOct 11, 2019
    risk 0.00cvss 9.8epss 0.02

    Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled.

  • CVE-2019-17059CriOct 11, 2019
    risk 0.64cvss 9.8epss 0.07

    A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.

  • CVE-2019-17495CriOct 10, 2019
    risk 0.57cvss 9.8epss 0.06

    A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product…

  • CVE-2019-9533CriOct 10, 2019
    risk 0.64cvss 9.8epss 0.02

    The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.

  • CVE-2019-9531CriOct 10, 2019
    risk 0.64cvss 9.8epss 0.03

    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide…

  • CVE-2019-11526CriOct 10, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.

  • CVE-2019-17455CriOct 10, 2019
    risk 0.64cvss 9.8epss 0.03

    Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.