VYPR

CVEs

31,174 total · page 484 of 624

  • CVE-2019-7003CriJul 11, 2019
    risk 0.65cvss 10.0epss 0.01

    A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x…

  • CVE-2019-12525CriJul 11, 2019
    risk 0.66cvss 9.8epss 0.24

    An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with…

  • CVE-2019-11062CriJul 11, 2019
    risk 0.64cvss 9.8epss 0.06

    The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication.

  • CVE-2019-10651CriJul 11, 2019
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1, and 2018.3 installations that lack the April 2019 update.

  • CVE-2019-13561CriJul 11, 2019
    risk 0.64cvss 9.8epss 0.08

    D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.

  • CVE-2019-13560CriJul 11, 2019
    risk 0.64cvss 9.8epss 0.04

    D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter.

  • CVE-2019-13507CriJul 11, 2019
    risk 0.64cvss 9.8epss 0.02

    hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection.

  • CVE-2019-12838CriJul 11, 2019
    risk 0.64cvss 9.8epss 0.03

    SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.

  • CVE-2019-13489CriJul 10, 2019
    risk 0.64cvss 9.8epss 0.01

    Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter.

  • CVE-2019-12803CriJul 10, 2019
    risk 0.64cvss 9.8epss 0.02

    In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as…

  • CVE-2019-0330CriJul 10, 2019
    risk 0.59cvss 9.1epss 0.02

    The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

  • CVE-2019-13132CriJul 10, 2019
    risk 0.60cvss 9.8epss 0.42

    In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with…

  • CVE-2019-13279CriJul 10, 2019
    risk 0.64cvss 9.8epss 0.03

    TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or…

  • CVE-2019-13278CriJul 10, 2019
    risk 0.64cvss 9.8epss 0.09

    TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet…

  • CVE-2019-13276CriJul 10, 2019
    risk 0.64cvss 9.8epss 0.03

    TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or…

  • CVE-2019-12468CriJul 10, 2019
    risk 0.64cvss 9.8epss 0.03

    An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.

  • CVE-2017-12652CriJul 10, 2019
    risk 0.00cvss 9.8epss 0.04

    libpng before 1.6.32 does not properly check the length of chunks against the user limit.

  • CVE-2019-13224CriJul 10, 2019
    risk 0.00cvss 9.8epss 0.04

    A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a…

  • CVE-2019-10653CriJul 10, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page.

  • CVE-2018-14496CriJul 10, 2019
    risk 0.64cvss 9.8epss 0.04

    Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a…

  • CVE-2018-14495CriJul 10, 2019
    risk 0.64cvss 9.8epss 0.04

    Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or…

  • CVE-2019-12723CriJul 10, 2019
    risk 0.00cvss 9.8epss 0.02

    An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.

  • CVE-2018-14494CriJul 10, 2019
    risk 0.64cvss 9.8epss 0.03

    Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or…

  • CVE-2019-10122CriJul 10, 2019
    risk 0.64cvss 9.8epss 0.04

    eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution.

  • CVE-2019-10121CriJul 10, 2019
    risk 0.64cvss 9.8epss 0.05

    eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin.

  • CVE-2019-10119CriJul 10, 2019
    risk 0.64cvss 9.8epss 0.02

    eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as…

  • CVE-2019-13478CriJul 9, 2019
    risk 0.64cvss 9.8epss 0.03

    The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.

  • CVE-2019-13470CriJul 9, 2019
    risk 0.64cvss 9.8epss 0.02

    MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling.

  • CVE-2019-11512CriJul 9, 2019
    risk 0.57cvss 9.8epss 0.01

    Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5.

  • CVE-2019-11991CriJul 9, 2019
    risk 0.64cvss 9.8epss 0.05

    HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and…

  • CVE-2019-3950CriJul 9, 2019
    risk 0.64cvss 9.8epss 0.02

    Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to.

  • CVE-2019-3949CriJul 9, 2019
    risk 0.64cvss 9.8epss 0.01

    Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device.

  • CVE-2018-11307CriJul 9, 2019
    risk 0.57cvss 9.8epss 0.06

    An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.

  • CVE-2019-12924CriJul 8, 2019
    risk 0.64cvss 9.8epss 0.01

    MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host…

  • CVE-2019-9629CriJul 8, 2019
    risk 0.64cvss 9.8epss 0.01

    Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).

  • CVE-2019-2111CriJul 8, 2019
    risk 0.64cvss 9.8epss 0.01

    In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…

  • CVE-2019-13413CriJul 8, 2019
    risk 0.64cvss 9.8epss 0.02

    The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php.

  • CVE-2019-13354CriJul 8, 2019
    risk 0.64cvss 9.8epss 0.03

    The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6.

  • CVE-2019-13400CriJul 8, 2019
    risk 0.64cvss 9.8epss 0.02

    Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info.

  • CVE-2019-13375CriJul 6, 2019
    risk 0.66cvss 9.8epss 0.28

    A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication.

  • CVE-2019-13373CriJul 6, 2019
    risk 0.72cvss 9.8epss 0.68

    An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.

  • CVE-2019-13372CriJul 6, 2019
    risk 0.73cvss 9.8epss 0.81

    /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.

  • CVE-2019-13352CriJul 5, 2019
    risk 0.64cvss 9.8epss 0.03

    WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and…

  • CVE-2019-12971CriJul 5, 2019
    risk 0.64cvss 9.8epss 0.02

    BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type.

  • CVE-2018-14528CriJul 5, 2019
    risk 0.64cvss 9.8epss 0.02

    Invoxia NVX220 devices allow TELNET access as admin with a default password.

  • CVE-2019-13144CriJul 5, 2019
    risk 0.64cvss 9.8epss 0.02

    myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5.

  • CVE-2019-13294CriJul 4, 2019
    risk 0.68cvss 9.8epss 0.19

    AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.

  • CVE-2019-13292CriJul 4, 2019
    risk 0.67cvss 9.8epss 0.07

    A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.

  • CVE-2019-13275CriJul 4, 2019
    risk 0.00cvss 9.8epss 0.03

    An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.

  • CVE-2019-9827CriJul 3, 2019
    risk 0.66cvss 9.8epss 0.27

    Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.