VYPR

CVEs

31,174 total · page 485 of 624

  • CVE-2015-3907CriJul 3, 2019
    risk 0.57cvss 9.8epss 0.02

    CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks.

  • CVE-2019-13207CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.02

    nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c.

  • CVE-2019-12852CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.02

    An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.

  • CVE-2018-14860CriJul 3, 2019
    risk 0.59cvss 9.1epss 0.02

    Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.

  • CVE-2017-8229CriJul 3, 2019
    risk 0.70cvss 9.8epss 0.74

    Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains…

  • CVE-2017-8227CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.04

    Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF…

  • CVE-2017-8226CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.04

    Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one…

  • CVE-2017-13719CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.04

    The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application. This HTTP API receives the…

  • CVE-2019-9873CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.02

    In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8,…

  • CVE-2019-9823CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.02

    In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8,…

  • CVE-2019-9186CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.05

    In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost…

  • CVE-2019-5600CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.05

    In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer.…

  • CVE-2019-12867CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.02

    Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.

  • CVE-2019-12866CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.02

    An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.

  • CVE-2019-12850CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.02

    A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.

  • CVE-2019-10104CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.04

    In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all…

  • CVE-2019-10100CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.02

    In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the…

  • CVE-2019-7165CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.04

    A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.

  • CVE-2018-11686CriJul 3, 2019
    risk 0.71cvss 9.8epss 0.50

    The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.

  • CVE-2017-6900CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command…

  • CVE-2017-18346CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.

  • CVE-2018-11425CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.02

    Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.

  • CVE-2018-11422CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.01

    Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any…

  • CVE-2018-11421CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.01

    Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol…

  • CVE-2018-11420CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.02

    There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.

  • CVE-2018-11215CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.02

    Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.

  • CVE-2018-11426CriJul 3, 2019
    risk 0.64cvss 9.8epss 0.02

    A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.

  • CVE-2019-13177CriJul 2, 2019
    risk 0.57cvss 9.8epss 0.02

    verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code…

  • CVE-2017-8415CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password…

  • CVE-2017-8410CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the value sent in the…

  • CVE-2019-7257CriJul 2, 2019
    risk 0.74cvss 10.0epss 0.70

    Linear eMerge E3-Series devices allow Unrestricted File Upload.

  • CVE-2019-7256CriKEVJul 2, 2019
    risk 0.86cvss 9.8epss 0.97

    Linear eMerge E3-Series devices allow Command Injections.

  • CVE-2019-7253CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.03

    Linear eMerge E3-Series devices allow Directory Traversal.

  • CVE-2019-7252CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.05

    Linear eMerge E3-Series devices have Default Credentials.

  • CVE-2017-8404CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.08

    An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to…

  • CVE-2019-7261CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.05

    Linear eMerge E3-Series devices have Hard-coded Credentials.

  • CVE-2019-7260CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.07

    Linear eMerge E3-Series devices have Cleartext Credentials in a Database.

  • CVE-2019-7269CriJul 2, 2019
    risk 0.70cvss 9.8epss 0.40

    Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution.

  • CVE-2019-7268CriJul 2, 2019
    risk 0.66cvss 10.0epss 0.06

    Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.

  • CVE-2019-7267CriJul 2, 2019
    risk 0.65cvss 9.8epss 0.21

    Linear eMerge 50P/5000P devices allow Cookie Path Traversal.

  • CVE-2019-7266CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.05

    Linear eMerge 50P/5000P devices allow Authentication Bypass.

  • CVE-2019-7265CriJul 2, 2019
    risk 0.69cvss 9.8epss 0.23

    Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).

  • CVE-2019-7264CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.02

    Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform.

  • CVE-2019-7263CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.02

    Linear eMerge E3-Series devices have a Version Control Failure.

  • CVE-2019-12594CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.07

    DOSBox 0.74-2 has Incorrect Access Control.

  • CVE-2017-8408CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.05

    An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request (to test if SMB credentials and hostname sent to the…

  • CVE-2019-4087CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.07

    IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote…

  • CVE-2019-7274CriJul 1, 2019
    risk 0.69cvss 9.8epss 0.29

    Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root.

  • CVE-2019-7271CriJul 1, 2019
    risk 0.64cvss 9.8epss 0.04

    Nortek Linear eMerge 50P/5000P devices have Default Credentials.

  • CVE-2019-5497CriJul 1, 2019
    risk 0.64cvss 9.8epss 0.03

    NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.