VYPR

CVEs

31,277 total · page 475 of 626

  • CVE-2019-10074CriSep 11, 2019
    risk 0.64cvss 9.8epss 0.03

    An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good…

  • CVE-2019-0189CriSep 11, 2019
    risk 0.66cvss 9.8epss 0.24

    The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is…

  • CVE-2018-17200CriSep 11, 2019
    risk 0.64cvss 9.8epss 0.05

    The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream`…

  • CVE-2019-13473CriSep 11, 2019
    risk 0.64cvss 9.8epss 0.04

    TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem,…

  • CVE-2019-16227CriSep 11, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.

  • CVE-2019-16225CriSep 11, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.

  • CVE-2019-16224CriSep 11, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.

  • CVE-2019-10256CriSep 10, 2019
    risk 0.64cvss 9.8epss 0.01

    An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.

  • CVE-2019-14457CriSep 10, 2019
    risk 0.64cvss 9.8epss 0.03

    VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.

  • CVE-2019-11496CriSep 10, 2019
    risk 0.59cvss 9.1epss 0.01

    In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenticated users with…

  • CVE-2019-11495CriSep 10, 2019
    risk 0.64cvss 9.8epss 0.02

    In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute…

  • CVE-2019-3975CriSep 10, 2019
    risk 0.64cvss 9.8epss 0.05

    Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.

  • CVE-2019-15896CriSep 10, 2019
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account…

  • CVE-2017-18605CriSep 10, 2019
    risk 0.64cvss 9.8epss 0.02

    The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.

  • CVE-2019-16192CriSep 9, 2019
    risk 0.64cvss 9.8epss 0.02

    upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive.

  • CVE-2019-16184CriSep 9, 2019
    risk 0.57cvss 9.8epss 0.02

    A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.

  • CVE-2019-6960CriSep 9, 2019
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.

  • CVE-2019-16190CriSep 9, 2019
    risk 0.64cvss 9.8epss 0.03

    SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.

  • CVE-2019-12405CriSep 9, 2019
    risk 0.57cvss 9.8epss 0.03

    Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without…

  • CVE-2019-16114CriSep 9, 2019
    risk 0.64cvss 9.8epss 0.05

    In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve…

  • CVE-2019-10668CriSep 9, 2019
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to…

  • CVE-2019-10665CriSep 9, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered…

  • CVE-2018-21013CriSep 9, 2019
    risk 0.64cvss 9.8epss 0.02

    The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php.

  • CVE-2019-16143CriSep 9, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes.

  • CVE-2019-16142CriSep 9, 2019
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application.

  • CVE-2019-16140CriSep 9, 2019
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion.

  • CVE-2019-16139CriSep 9, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read.

  • CVE-2019-16138CriSep 9, 2019
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.

  • CVE-2019-16125CriSep 9, 2019
    risk 0.64cvss 9.8epss 0.02

    In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection.

  • CVE-2019-16124CriSep 9, 2019
    risk 0.59cvss 9.8epss 0.28

    In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.

  • CVE-2019-16119CriSep 8, 2019
    risk 0.69cvss 9.8epss 0.25

    SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.

  • CVE-2019-16102CriSep 8, 2019
    risk 0.64cvss 9.8epss 0.02

    Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.

  • CVE-2019-16093CriSep 8, 2019
    risk 0.64cvss 9.8epss 0.02

    Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.

  • CVE-2019-16092CriSep 8, 2019
    risk 0.64cvss 9.8epss 0.02

    Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.

  • CVE-2019-10892CriSep 6, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnap_main at /htdocs/cgibin. The function will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users. And it…

  • CVE-2019-10891CriSep 6, 2019
    risk 0.65cvss 9.8epss 0.19

    An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP…

  • CVE-2019-9855CriSep 6, 2019
    risk 0.64cvss 9.8epss 0.03

    LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can…

  • CVE-2019-16060CriSep 6, 2019
    risk 0.00cvss 9.8epss 0.01

    The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).

  • CVE-2019-11926CriSep 6, 2019
    risk 0.00cvss 9.8epss 0.02

    Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3,…

  • CVE-2019-11925CriSep 6, 2019
    risk 0.00cvss 9.8epss 0.02

    Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all…

  • CVE-2016-7398CriSep 6, 2019
    risk 0.57cvss 9.8epss 0.07

    A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.

  • CVE-2019-15102CriSep 6, 2019
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected…

  • CVE-2019-13656CriSep 6, 2019
    risk 0.64cvss 9.8epss 0.06

    An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code.

  • CVE-2019-14813CriSep 6, 2019
    risk 0.65cvss 9.8epss 0.11

    A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then…

  • CVE-2019-15846CriSep 6, 2019
    risk 0.67cvss 9.8epss 0.36

    Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

  • CVE-2019-14222CriSep 5, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default…

  • CVE-2019-15954CriSep 5, 2019
    risk 0.74cvss 9.9epss 0.79

    An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side.…

  • CVE-2019-13188CriSep 5, 2019
    risk 0.64cvss 9.8epss 0.02

    In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application.

  • CVE-2019-13187CriSep 5, 2019
    risk 0.64cvss 9.8epss 0.02

    The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php.

  • CVE-2018-11569CriSep 5, 2019
    risk 0.64cvss 9.8epss 0.02

    Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2.