| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9479 | Cri | 0.64 | 9.8 | 0.03 | Oct 10, 2019 | The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php. | ||
| CVE-2015-9471 | Cri | 0.64 | 9.8 | 0.04 | Oct 10, 2019 | The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload. | ||
| CVE-2015-9467 | Cri | 0.64 | 9.8 | 0.02 | Oct 10, 2019 | The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter. | ||
| CVE-2015-9466 | Cri | 0.64 | 9.8 | 0.02 | Oct 10, 2019 | The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable. | ||
| CVE-2019-17320 | Cri | 0.64 | 9.8 | 0.02 | Oct 10, 2019 | NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename. | ||
| CVE-2019-1372 | Cri | 0.66 | 10.0 | 0.18 | Oct 10, 2019 | An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to… | ||
| CVE-2019-1365 | Cri | 0.65 | 9.9 | 0.04 | Oct 10, 2019 | An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the… | ||
| CVE-2019-17429 | Cri | 0.64 | 9.8 | 0.01 | Oct 10, 2019 | Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter. | ||
| CVE-2019-17072 | Cri | 0.64 | 9.8 | 0.02 | Oct 10, 2019 | The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php. | ||
| CVE-2019-17426 | — | Cri | 0.52 | 9.1 | 0.02 | Oct 10, 2019 | Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's… | |
| CVE-2019-17415 | Cri | 0.64 | 9.8 | 0.04 | Oct 9, 2019 | A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331. | ||
| CVE-2019-1584 | Cri | 0.64 | 9.8 | 0.03 | Oct 9, 2019 | A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint. | ||
| CVE-2019-15020 | Cri | 0.64 | 9.8 | 0.01 | Oct 9, 2019 | A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. | ||
| CVE-2019-15019 | Cri | 0.64 | 9.8 | 0.01 | Oct 9, 2019 | A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. | ||
| CVE-2019-9535 | Cri | 0.64 | 9.8 | 0.02 | Oct 9, 2019 | A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an… | ||
| CVE-2019-17399 | Cri | 0.64 | 9.8 | 0.02 | Oct 9, 2019 | The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment. | ||
| CVE-2019-17383 | — | Cri | 0.57 | 9.8 | 0.02 | Oct 9, 2019 | The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. | |
| CVE-2019-17124 | Cri | 0.69 | 9.8 | 0.23 | Oct 9, 2019 | Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. | ||
| CVE-2019-15859 | Cri | 0.66 | 9.8 | 0.34 | Oct 9, 2019 | Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. | ||
| CVE-2019-17382 | Cri | 0.63 | 9.1 | 0.54 | Oct 9, 2019 | An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All… | ||
| CVE-2019-17373 | Cri | 0.64 | 9.8 | 0.02 | Oct 9, 2019 | Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2. | ||
| CVE-2019-17354 | Cri | 0.61 | 9.4 | 0.01 | Oct 9, 2019 | wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page. | ||
| CVE-2019-17362 | Cri | 0.52 | 9.1 | 0.03 | Oct 9, 2019 | In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from… | ||
| CVE-2019-3980 | Cri | 0.64 | 9.8 | 0.05 | Oct 8, 2019 | The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an… | ||
| CVE-2019-10757 | — | Cri | 0.64 | 9.8 | 0.01 | Oct 8, 2019 | knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB. | |
| CVE-2019-17134 | — | Cri | 0.52 | 9.1 | 0.02 | Oct 8, 2019 | Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the… | |
| CVE-2018-21024 | Cri | 0.00 | 9.8 | 0.02 | Oct 8, 2019 | licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | ||
| CVE-2019-13336 | Cri | 0.64 | 9.8 | 0.03 | Oct 8, 2019 | The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. NOTE: the vendor's position is that this… | ||
| CVE-2018-21025 | — | Cri | 0.64 | 9.8 | 0.03 | Oct 8, 2019 | In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files. | |
| CVE-2019-17042 | Cri | 0.57 | 9.8 | 0.03 | Oct 7, 2019 | An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy… | ||
| CVE-2019-17041 | Cri | 0.57 | 9.8 | 0.05 | Oct 7, 2019 | An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do… | ||
| CVE-2019-12812 | Cri | 0.64 | 9.8 | 0.03 | Oct 7, 2019 | MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution. | ||
| CVE-2019-12811 | Cri | 0.64 | 9.8 | 0.02 | Oct 7, 2019 | ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution | ||
| CVE-2015-9452 | Cri | 0.64 | 9.8 | 0.02 | Oct 7, 2019 | The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter. | ||
| CVE-2015-9451 | Cri | 0.64 | 9.8 | 0.02 | Oct 7, 2019 | The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter. | ||
| CVE-2015-9450 | Cri | 0.64 | 9.8 | 0.02 | Oct 7, 2019 | The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter. | ||
| CVE-2019-15751 | Cri | 0.64 | 9.8 | 0.04 | Oct 7, 2019 | An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PHP code to execute… | ||
| CVE-2019-15748 | Cri | 0.64 | 9.8 | 0.02 | Oct 7, 2019 | SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could… | ||
| CVE-2019-15746 | Cri | 0.64 | 9.8 | 0.02 | Oct 7, 2019 | SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user. | ||
| CVE-2019-17269 | Cri | 0.64 | 9.8 | 0.03 | Oct 7, 2019 | Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field. | ||
| CVE-2019-17267 | — | Cri | 0.57 | 9.8 | 0.05 | Oct 7, 2019 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. | |
| CVE-2019-17266 | Cri | 0.57 | 9.8 | 0.03 | Oct 6, 2019 | libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. | ||
| CVE-2019-17240 | Cri | 0.06 | 9.8 | 0.40 | Oct 6, 2019 | bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. | ||
| CVE-2019-17218 | Cri | 0.59 | 9.1 | 0.01 | Oct 6, 2019 | An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service. | ||
| CVE-2019-17216 | Cri | 0.64 | 9.8 | 0.01 | Oct 6, 2019 | An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort. | ||
| CVE-2019-17215 | Cri | 0.64 | 9.8 | 0.01 | Oct 6, 2019 | An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device. | ||
| CVE-2019-17206 | — | Cri | 0.57 | 9.8 | 0.03 | Oct 5, 2019 | Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts. | |
| CVE-2019-17197 | Cri | 0.00 | 9.8 | 0.01 | Oct 5, 2019 | OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc. | ||
| CVE-2019-17192 | Cri | 0.64 | 9.8 | 0.03 | Oct 5, 2019 | The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified… | ||
| CVE-2019-17184 | Cri | 0.64 | 9.8 | 0.02 | Oct 4, 2019 | Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges. |
- risk 0.64cvss 9.8epss 0.03
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.
- risk 0.64cvss 9.8epss 0.04
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.
- risk 0.64cvss 9.8epss 0.02
The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.
- risk 0.64cvss 9.8epss 0.02
The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.
- risk 0.64cvss 9.8epss 0.02
NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename.
- risk 0.66cvss 10.0epss 0.18
An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to…
- risk 0.65cvss 9.9epss 0.04
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the…
- risk 0.64cvss 9.8epss 0.01
Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter.
- risk 0.64cvss 9.8epss 0.02
The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.
- risk 0.52cvss 9.1epss 0.02
Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's…
- risk 0.64cvss 9.8epss 0.04
A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331.
- risk 0.64cvss 9.8epss 0.03
A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.
- risk 0.64cvss 9.8epss 0.01
A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection.
- risk 0.64cvss 9.8epss 0.01
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.
- risk 0.64cvss 9.8epss 0.02
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an…
- risk 0.64cvss 9.8epss 0.02
The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment.
- risk 0.57cvss 9.8epss 0.02
The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.
- risk 0.69cvss 9.8epss 0.23
Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.
- risk 0.66cvss 9.8epss 0.34
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.
- risk 0.63cvss 9.1epss 0.54
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All…
- risk 0.64cvss 9.8epss 0.02
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
- risk 0.61cvss 9.4epss 0.01
wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.
- risk 0.52cvss 9.1epss 0.03
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from…
- risk 0.64cvss 9.8epss 0.05
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an…
- risk 0.64cvss 9.8epss 0.01
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
- risk 0.52cvss 9.1epss 0.02
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the…
- risk 0.00cvss 9.8epss 0.02
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.
- risk 0.64cvss 9.8epss 0.03
The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. NOTE: the vendor's position is that this…
- risk 0.64cvss 9.8epss 0.03
In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files.
- risk 0.57cvss 9.8epss 0.03
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy…
- risk 0.57cvss 9.8epss 0.05
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do…
- risk 0.64cvss 9.8epss 0.03
MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution.
- risk 0.64cvss 9.8epss 0.02
ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution
- risk 0.64cvss 9.8epss 0.02
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
- risk 0.64cvss 9.8epss 0.02
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter.
- risk 0.64cvss 9.8epss 0.02
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter.
- risk 0.64cvss 9.8epss 0.04
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PHP code to execute…
- risk 0.64cvss 9.8epss 0.02
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could…
- risk 0.64cvss 9.8epss 0.02
SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.
- risk 0.64cvss 9.8epss 0.03
Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field.
- risk 0.57cvss 9.8epss 0.05
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
- risk 0.57cvss 9.8epss 0.03
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
- risk 0.06cvss 9.8epss 0.40
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
- risk 0.59cvss 9.1epss 0.01
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.
- risk 0.57cvss 9.8epss 0.03
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.
- risk 0.00cvss 9.8epss 0.01
OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
- risk 0.64cvss 9.8epss 0.03
The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified…
- risk 0.64cvss 9.8epss 0.02
Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges.