VYPR

CVEs

31,173 total · page 489 of 624

  • CVE-2019-8385CriJun 5, 2019
    risk 0.68cvss 9.8epss 0.20

    An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive…

  • CVE-2019-7671CriJun 5, 2019
    risk 0.62cvss 9.0epss 0.08

    Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site.

  • CVE-2019-12196CriJun 5, 2019
    risk 0.69cvss 9.8epss 0.69

    A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter.

  • CVE-2019-11988CriJun 5, 2019
    risk 0.64cvss 9.8epss 0.01

    A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.

  • CVE-2019-9642CriJun 5, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution…

  • CVE-2019-9548CriJun 5, 2019
    risk 0.65cvss 10.0epss 0.01

    Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.

  • CVE-2019-12553CriJun 5, 2019
    risk 0.64cvss 9.8epss 0.02

    In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.

  • CVE-2019-11949CriJun 5, 2019
    risk 0.64cvss 9.8epss 0.08

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2019-5391CriJun 5, 2019
    risk 0.64cvss 9.8epss 0.03

    A stack buffer overflow vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2019-5390CriJun 5, 2019
    risk 0.64cvss 9.8epss 0.04

    A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2019-5387CriJun 5, 2019
    risk 0.64cvss 9.8epss 0.08

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2019-5367CriJun 5, 2019
    risk 0.64cvss 9.8epss 0.08

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2019-5358CriJun 5, 2019
    risk 0.64cvss 9.8epss 0.08

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2019-5356CriJun 5, 2019
    risk 0.65cvss 9.8epss 0.11

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2019-5352CriJun 5, 2019
    risk 0.64cvss 9.8epss 0.08

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2019-5347CriJun 5, 2019
    risk 0.64cvss 9.8epss 0.05

    A remote authentication bypass vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2019-11945CriJun 5, 2019
    risk 0.70cvss 9.8epss 0.79

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2019-11944CriJun 5, 2019
    risk 0.65cvss 9.8epss 0.13

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2018-7124CriJun 5, 2019
    risk 0.64cvss 9.8epss 0.08

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2018-7121CriJun 5, 2019
    risk 0.64cvss 9.8epss 0.08

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2018-18571CriJun 5, 2019
    risk 0.59cvss 9.1epss 0.03

    An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.

  • CVE-2019-12739CriJun 5, 2019
    risk 0.59cvss 9.0epss 0.03

    lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters).

  • CVE-2019-10149CriKEVJun 5, 2019
    risk 0.80cvss 9.8epss 1.00

    A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

  • CVE-2019-11768CriJun 5, 2019
    risk 0.57cvss 9.8epss 0.04

    An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.

  • CVE-2018-13382CriKEVJun 4, 2019
    risk 0.87cvss 9.1epss 0.82

    An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN…

  • CVE-2018-13379CriKEVJun 4, 2019
    risk 0.88cvss 9.1epss 1.00

    An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated…

  • CVE-2019-12730CriJun 4, 2019
    risk 0.00cvss 9.8epss 0.03

    aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

  • CVE-2019-11367CriJun 3, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully.

  • CVE-2019-11185CriJun 3, 2019
    risk 0.64cvss 9.8epss 0.04

    The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with…

  • CVE-2019-10883CriJun 3, 2019
    risk 0.69cvss 9.8epss 0.65

    Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.

  • CVE-2019-12377CriJun 3, 2019
    risk 0.64cvss 9.8epss 0.06

    A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.

  • CVE-2019-12373CriJun 3, 2019
    risk 0.59cvss 9.0epss 0.01

    Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords.

  • CVE-2019-11356CriJun 3, 2019
    risk 0.64cvss 9.8epss 0.08

    The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.

  • CVE-2017-14854CriJun 3, 2019
    risk 0.60cvss 9.1epss 0.07

    A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25.

  • CVE-2019-6742CriJun 3, 2019
    risk 0.64cvss 9.8epss 0.06

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update…

  • CVE-2019-6741CriJun 3, 2019
    risk 0.61cvss 9.3epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect…

  • CVE-2019-12310CriJun 3, 2019
    risk 0.64cvss 9.8epss 0.03

    ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time…

  • CVE-2017-14851CriJun 3, 2019
    risk 0.64cvss 9.8epss 0.04

    A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass.

  • CVE-2017-14728CriJun 3, 2019
    risk 0.64cvss 9.8epss 0.06

    An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication…

  • CVE-2019-3397CriJun 3, 2019
    risk 0.60cvss 9.1epss 0.05

    Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for…

  • CVE-2019-11580CriKEVJun 3, 2019
    risk 0.92cvss 9.8epss 0.95

    Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary…

  • CVE-2019-12585CriJun 3, 2019
    risk 0.00cvss 9.8epss 0.05

    Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.

  • CVE-2019-12564CriJun 3, 2019
    risk 0.64cvss 9.8epss 0.02

    In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.

  • CVE-2019-12530CriJun 2, 2019
    risk 0.00cvss 9.8epss 0.02

    Incorrect access control was discovered in the stdonato Dashboard plugin through 0.9.7 for GLPI, affecting df.php, issue.php, load.php, mem.php, traf.php, and uptime.php in front/sh.

  • CVE-2019-9653CriMay 31, 2019
    risk 0.65cvss 9.8epss 0.11

    NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.

  • CVE-2019-9106CriMay 31, 2019
    risk 0.64cvss 9.8epss 0.03

    The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.

  • CVE-2019-6725CriMay 31, 2019
    risk 0.64cvss 9.8epss 0.02

    The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin.

  • CVE-2019-10123CriMay 31, 2019
    risk 0.08cvss 9.8epss 0.66

    SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user.

  • CVE-2019-10069CriMay 31, 2019
    risk 0.57cvss 9.8epss 0.03

    In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.

  • CVE-2018-20815CriMay 31, 2019
    risk 0.64cvss 9.8epss 0.04

    In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.