VYPR

CVEs

31,173 total · page 491 of 624

  • CVE-2016-10759CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.04

    The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads.

  • CVE-2016-10752CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.02

    serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.

  • CVE-2019-2245CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.01

    Possible integer underflow can happen when calculating length of elementary stream map from invalid packet length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…

  • CVE-2019-2244CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.01

    Possible integer underflow can happen when calculating length of elementary stream info from invalid section length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…

  • CVE-2018-13925CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.01

    Error in parsing PMT table frees the memory allocated for the map section but does not reset the context map section reference causing heap use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…

  • CVE-2018-13887CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.01

    Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W,…

  • CVE-2018-13886CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.01

    Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2018-11953CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.01

    While processing ssid IE length from remote AP, possible out-of-bounds access may occur due to crafted ssid IE length in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,…

  • CVE-2018-11949CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.01

    Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD…

  • CVE-2018-11940CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.01

    Lack of check in length before using memcpy in WLAN function can lead to OOB access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD…

  • CVE-2018-11937CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.01

    Lack of input validation before copying can lead to a buffer over read in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCS605, SD…

  • CVE-2018-11936CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.01

    Index of array is processed in a wrong way inside a while loop and result in invalid index (-1 or something else) leads to out of bound memory access. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon…

  • CVE-2018-11930CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.01

    Improper input validation on input data which is used to locate and copy the additional IEs in WLAN function can lead to potential integer truncation issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150,…

  • CVE-2018-11271CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.01

    Improper authentication can happen on Remote command handling due to inappropriate handling of events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in…

  • CVE-2016-8900CriMay 24, 2019
    risk 0.57cvss 9.8epss 0.02

    Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.

  • CVE-2016-8898CriMay 24, 2019
    risk 0.57cvss 9.8epss 0.02

    Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.

  • CVE-2019-12150CriMay 24, 2019
    risk 0.64cvss 9.8epss 0.02

    Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under the UltimateEditorInclude/UserFiles/ URI.

  • CVE-2019-12314CriMay 24, 2019
    risk 0.73cvss 9.8epss 0.84

    Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.

  • CVE-2019-10850CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Computrols CBAS 18.0.0 has Default Credentials.

  • CVE-2019-10866CriMay 23, 2019
    risk 0.67cvss 9.8epss 0.06

    In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.

  • CVE-2016-8899CriMay 23, 2019
    risk 0.57cvss 9.8epss 0.02

    Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.

  • CVE-2016-8897CriMay 23, 2019
    risk 0.57cvss 9.8epss 0.02

    Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.

  • CVE-2019-7128CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-7124CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-7120CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-7119CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-7118CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-7117CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-12289CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files…

  • CVE-2019-12288CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve…

  • CVE-2017-13667CriMay 23, 2019
    risk 0.64cvss 9.9epss 0.01

    OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

  • CVE-2017-11365CriMay 23, 2019
    risk 0.57cvss 9.8epss 0.02

    Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.

  • CVE-2016-8901CriMay 23, 2019
    risk 0.57cvss 9.8epss 0.03

    b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.

  • CVE-2019-7113CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-7112CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-7103CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7102CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7101CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7100CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7099CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7098CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7096CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7088CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-7130CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Successful exploitation could lead to remote code execution.

  • CVE-2019-7107CriMay 23, 2019
    risk 0.66cvss 9.8epss 0.28

    Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2.

  • CVE-2019-7106CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.08

    Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7105CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.08

    Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7104CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-12301CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.02

    The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.

  • CVE-2019-12300CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim.