VYPR

CVEs

31,185 total · page 476 of 624

  • CVE-2019-15571CriAug 26, 2019
    risk 0.00cvss 9.8epss 0.01

    The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php.

  • CVE-2019-15570CriAug 26, 2019
    risk 0.57cvss 9.8epss 0.01

    BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.

  • CVE-2019-15569CriAug 26, 2019
    risk 0.00cvss 9.8epss 0.01

    HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java.

  • CVE-2019-15568CriAug 26, 2019
    risk 0.00cvss 9.8epss 0.01

    idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels.

  • CVE-2019-15567CriAug 26, 2019
    risk 0.00cvss 9.8epss 0.01

    OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature.

  • CVE-2019-15566CriAug 26, 2019
    risk 0.00cvss 9.8epss 0.02

    The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.

  • CVE-2019-15565CriAug 26, 2019
    risk 0.00cvss 9.8epss 0.01

    The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php.

  • CVE-2019-15564CriAug 26, 2019
    risk 0.00cvss 9.8epss 0.01

    The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py.

  • CVE-2019-15563CriAug 26, 2019
    risk 0.57cvss 9.8epss 0.02

    Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.

  • CVE-2019-15554CriAug 26, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.

  • CVE-2019-15552CriAug 26, 2019
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution.

  • CVE-2019-15551CriAug 26, 2019
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity.

  • CVE-2019-14300CriAug 26, 2019
    risk 0.64cvss 9.8epss 0.03

    Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration…

  • CVE-2018-21000CriAug 26, 2019
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption.

  • CVE-2018-20991CriAug 26, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free.

  • CVE-2019-14308CriAug 26, 2019
    risk 0.64cvss 9.8epss 0.03

    Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is…

  • CVE-2019-15562CriAug 26, 2019
    risk 0.00cvss 9.8epss 0.02

    GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm

  • CVE-2019-15561CriAug 26, 2019
    risk 0.00cvss 9.8epss 0.01

    FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js.

  • CVE-2019-15556CriAug 26, 2019
    risk 0.64cvss 9.8epss 0.01

    Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php.

  • CVE-2019-15524CriAug 26, 2019
    risk 0.64cvss 9.8epss 0.03

    CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI.

  • CVE-2019-15521CriAug 26, 2019
    risk 0.00cvss 9.8epss 0.02

    Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.

  • CVE-2019-15304CriAug 26, 2019
    risk 0.59cvss 9.1epss 0.03

    Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer…

  • CVE-2019-15534CriAug 26, 2019
    risk 0.00cvss 9.8epss 0.01

    Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update.

  • CVE-2019-6695CriAug 23, 2019
    risk 0.64cvss 9.8epss 0.01

    Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.

  • CVE-2019-6698CriAug 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder…

  • CVE-2019-1581CriAug 23, 2019
    risk 0.64cvss 9.8epss 0.03

    A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25;…

  • CVE-2019-1580CriAug 23, 2019
    risk 0.64cvss 9.8epss 0.03

    Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.

  • CVE-2019-15537CriAug 23, 2019
    risk 0.00cvss 9.8epss 0.02

    The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.

  • CVE-2019-15536CriAug 23, 2019
    risk 0.00cvss 9.8epss 0.01

    The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.

  • CVE-2019-15535CriAug 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Tasking Manager before 3.4.0 allows SQL Injection via custom SQL.

  • CVE-2019-10750CriAug 23, 2019
    risk 0.64cvss 9.8epss 0.02

    deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload.

  • CVE-2019-10747CriAug 23, 2019
    risk 0.57cvss 9.8epss 0.02

    set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.

  • CVE-2019-10746CriAug 23, 2019
    risk 0.57cvss 9.8epss 0.04

    mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

  • CVE-2019-15519CriAug 23, 2019
    risk 0.00cvss 9.8epss 0.03

    Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.

  • CVE-2019-15494CriAug 23, 2019
    risk 0.64cvss 9.8epss 0.02

    openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.

  • CVE-2019-15490CriAug 23, 2019
    risk 0.64cvss 9.8epss 0.02

    openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.

  • CVE-2019-15505CriAug 23, 2019
    risk 0.64cvss 9.8epss 0.08

    drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).

  • CVE-2019-15504CriAug 23, 2019
    risk 0.64cvss 9.8epss 0.04

    drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).

  • CVE-2018-20987CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.

  • CVE-2015-9334CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The email-newsletter plugin through 20.15 for WordPress has SQL injection.

  • CVE-2013-7483CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.

  • CVE-2017-18586CriAug 22, 2019
    risk 0.52cvss 9.1epss 0.03

    The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths.

  • CVE-2016-10930CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.

  • CVE-2014-10390CriAug 22, 2019
    risk 0.59cvss 9.1epss 0.03

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.

  • CVE-2014-10389CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.

  • CVE-2014-10387CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.

  • CVE-2019-11031CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges.

  • CVE-2019-11030CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a…

  • CVE-2019-15322CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion.

  • CVE-2019-15321CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled.