| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-7003 | Cri | 0.65 | 10.0 | 0.01 | Jul 11, 2019 | A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x… | ||
| CVE-2019-12525 | Cri | 0.66 | 9.8 | 0.24 | Jul 11, 2019 | An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with… | ||
| CVE-2019-11062 | Cri | 0.64 | 9.8 | 0.06 | Jul 11, 2019 | The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication. | ||
| CVE-2019-10651 | Cri | 0.64 | 9.8 | 0.04 | Jul 11, 2019 | An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1, and 2018.3 installations that lack the April 2019 update. | ||
| CVE-2019-13561 | Cri | 0.64 | 9.8 | 0.08 | Jul 11, 2019 | D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. | ||
| CVE-2019-13560 | Cri | 0.64 | 9.8 | 0.04 | Jul 11, 2019 | D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. | ||
| CVE-2019-13507 | Cri | 0.64 | 9.8 | 0.02 | Jul 11, 2019 | hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. | ||
| CVE-2019-12838 | Cri | 0.64 | 9.8 | 0.03 | Jul 11, 2019 | SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. | ||
| CVE-2019-13489 | Cri | 0.64 | 9.8 | 0.01 | Jul 10, 2019 | Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter. | ||
| CVE-2019-12803 | Cri | 0.64 | 9.8 | 0.02 | Jul 10, 2019 | In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as… | ||
| CVE-2019-0330 | Cri | 0.59 | 9.1 | 0.02 | Jul 10, 2019 | The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | ||
| CVE-2019-13132 | Cri | 0.60 | 9.8 | 0.42 | Jul 10, 2019 | In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with… | ||
| CVE-2019-13279 | Cri | 0.64 | 9.8 | 0.03 | Jul 10, 2019 | TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or… | ||
| CVE-2019-13278 | Cri | 0.64 | 9.8 | 0.09 | Jul 10, 2019 | TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet… | ||
| CVE-2019-13276 | Cri | 0.64 | 9.8 | 0.03 | Jul 10, 2019 | TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or… | ||
| CVE-2019-12468 | — | Cri | 0.64 | 9.8 | 0.03 | Jul 10, 2019 | An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. | |
| CVE-2017-12652 | Cri | 0.00 | 9.8 | 0.04 | Jul 10, 2019 | libpng before 1.6.32 does not properly check the length of chunks against the user limit. | ||
| CVE-2019-13224 | Cri | 0.00 | 9.8 | 0.04 | Jul 10, 2019 | A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a… | ||
| CVE-2019-10653 | Cri | 0.64 | 9.8 | 0.01 | Jul 10, 2019 | An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page. | ||
| CVE-2018-14496 | Cri | 0.64 | 9.8 | 0.04 | Jul 10, 2019 | Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a… | ||
| CVE-2018-14495 | Cri | 0.64 | 9.8 | 0.04 | Jul 10, 2019 | Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or… | ||
| CVE-2019-12723 | Cri | 0.00 | 9.8 | 0.02 | Jul 10, 2019 | An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user. | ||
| CVE-2018-14494 | Cri | 0.64 | 9.8 | 0.03 | Jul 10, 2019 | Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or… | ||
| CVE-2019-10122 | Cri | 0.64 | 9.8 | 0.04 | Jul 10, 2019 | eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution. | ||
| CVE-2019-10121 | Cri | 0.64 | 9.8 | 0.05 | Jul 10, 2019 | eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin. | ||
| CVE-2019-10119 | Cri | 0.64 | 9.8 | 0.02 | Jul 10, 2019 | eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as… | ||
| CVE-2019-13478 | Cri | 0.64 | 9.8 | 0.03 | Jul 9, 2019 | The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. | ||
| CVE-2019-13470 | Cri | 0.64 | 9.8 | 0.02 | Jul 9, 2019 | MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling. | ||
| CVE-2019-11512 | — | Cri | 0.57 | 9.8 | 0.01 | Jul 9, 2019 | Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5. | |
| CVE-2019-11991 | Cri | 0.64 | 9.8 | 0.05 | Jul 9, 2019 | HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and… | ||
| CVE-2019-3950 | Cri | 0.64 | 9.8 | 0.02 | Jul 9, 2019 | Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to. | ||
| CVE-2019-3949 | Cri | 0.64 | 9.8 | 0.01 | Jul 9, 2019 | Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device. | ||
| CVE-2018-11307 | — | Cri | 0.57 | 9.8 | 0.06 | Jul 9, 2019 | An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6. | |
| CVE-2019-12924 | Cri | 0.64 | 9.8 | 0.01 | Jul 8, 2019 | MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host… | ||
| CVE-2019-9629 | Cri | 0.64 | 9.8 | 0.01 | Jul 8, 2019 | Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). | ||
| CVE-2019-2111 | Cri | 0.64 | 9.8 | 0.01 | Jul 8, 2019 | In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.… | ||
| CVE-2019-13413 | Cri | 0.64 | 9.8 | 0.02 | Jul 8, 2019 | The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php. | ||
| CVE-2019-13354 | — | Cri | 0.64 | 9.8 | 0.03 | Jul 8, 2019 | The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6. | |
| CVE-2019-13400 | Cri | 0.64 | 9.8 | 0.02 | Jul 8, 2019 | Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info. | ||
| CVE-2019-13375 | Cri | 0.66 | 9.8 | 0.28 | Jul 6, 2019 | A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication. | ||
| CVE-2019-13373 | Cri | 0.72 | 9.8 | 0.68 | Jul 6, 2019 | An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL. | ||
| CVE-2019-13372 | Cri | 0.73 | 9.8 | 0.81 | Jul 6, 2019 | /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. | ||
| CVE-2019-13352 | Cri | 0.64 | 9.8 | 0.03 | Jul 5, 2019 | WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and… | ||
| CVE-2019-12971 | Cri | 0.64 | 9.8 | 0.02 | Jul 5, 2019 | BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type. | ||
| CVE-2018-14528 | Cri | 0.64 | 9.8 | 0.02 | Jul 5, 2019 | Invoxia NVX220 devices allow TELNET access as admin with a default password. | ||
| CVE-2019-13144 | Cri | 0.64 | 9.8 | 0.02 | Jul 5, 2019 | myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5. | ||
| CVE-2019-13294 | Cri | 0.68 | 9.8 | 0.19 | Jul 4, 2019 | AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system. | ||
| CVE-2019-13292 | Cri | 0.67 | 9.8 | 0.07 | Jul 4, 2019 | A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks. | ||
| CVE-2019-13275 | Cri | 0.00 | 9.8 | 0.03 | Jul 4, 2019 | An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection. | ||
| CVE-2019-9827 | — | Cri | 0.66 | 9.8 | 0.27 | Jul 3, 2019 | Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. |
- risk 0.65cvss 10.0epss 0.01
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x…
- risk 0.66cvss 9.8epss 0.24
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with…
- risk 0.64cvss 9.8epss 0.06
The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1, and 2018.3 installations that lack the April 2019 update.
- risk 0.64cvss 9.8epss 0.08
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter.
- risk 0.64cvss 9.8epss 0.02
hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection.
- risk 0.64cvss 9.8epss 0.03
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.
- risk 0.64cvss 9.8epss 0.01
Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter.
- risk 0.64cvss 9.8epss 0.02
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as…
- risk 0.59cvss 9.1epss 0.02
The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
- risk 0.60cvss 9.8epss 0.42
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with…
- risk 0.64cvss 9.8epss 0.03
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or…
- risk 0.64cvss 9.8epss 0.09
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet…
- risk 0.64cvss 9.8epss 0.03
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or…
- risk 0.64cvss 9.8epss 0.03
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
- risk 0.00cvss 9.8epss 0.04
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
- risk 0.00cvss 9.8epss 0.04
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page.
- risk 0.64cvss 9.8epss 0.04
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a…
- risk 0.64cvss 9.8epss 0.04
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or…
- risk 0.00cvss 9.8epss 0.02
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
- risk 0.64cvss 9.8epss 0.03
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or…
- risk 0.64cvss 9.8epss 0.04
eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution.
- risk 0.64cvss 9.8epss 0.05
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin.
- risk 0.64cvss 9.8epss 0.02
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as…
- risk 0.64cvss 9.8epss 0.03
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.
- risk 0.64cvss 9.8epss 0.02
MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling.
- risk 0.57cvss 9.8epss 0.01
Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5.
- risk 0.64cvss 9.8epss 0.05
HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and…
- risk 0.64cvss 9.8epss 0.02
Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to.
- risk 0.64cvss 9.8epss 0.01
Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device.
- risk 0.57cvss 9.8epss 0.06
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
- risk 0.64cvss 9.8epss 0.01
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host…
- risk 0.64cvss 9.8epss 0.01
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
- risk 0.64cvss 9.8epss 0.01
In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…
- risk 0.64cvss 9.8epss 0.02
The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php.
- risk 0.64cvss 9.8epss 0.03
The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6.
- risk 0.64cvss 9.8epss 0.02
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info.
- risk 0.66cvss 9.8epss 0.28
A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication.
- risk 0.72cvss 9.8epss 0.68
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.
- risk 0.73cvss 9.8epss 0.81
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
- risk 0.64cvss 9.8epss 0.03
WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and…
- risk 0.64cvss 9.8epss 0.02
BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type.
- risk 0.64cvss 9.8epss 0.02
Invoxia NVX220 devices allow TELNET access as admin with a default password.
- risk 0.64cvss 9.8epss 0.02
myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5.
- risk 0.68cvss 9.8epss 0.19
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
- risk 0.67cvss 9.8epss 0.07
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
- risk 0.00cvss 9.8epss 0.03
An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.
- risk 0.66cvss 9.8epss 0.27
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.