| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15128 | Cri | 0.64 | 9.8 | 0.05 | May 13, 2019 | An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. | ||
| CVE-2012-6652 | Cri | 0.64 | 9.8 | 0.04 | May 13, 2019 | Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter. | ||
| CVE-2018-14714 | Cri | 0.66 | 9.8 | 0.27 | May 13, 2019 | System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter. | ||
| CVE-2018-12295 | Cri | 0.64 | 9.8 | 0.01 | May 13, 2019 | SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter. | ||
| CVE-2019-11888 | — | Cri | 0.64 | 9.8 | 0.03 | May 13, 2019 | Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges. | |
| CVE-2019-11066 | Cri | 0.64 | 9.8 | 0.02 | May 10, 2019 | openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method. | ||
| CVE-2019-11059 | Cri | 0.64 | 9.8 | 0.02 | May 10, 2019 | Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow. | ||
| CVE-2018-7120 | Cri | 0.64 | 9.8 | 0.02 | May 10, 2019 | A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege. | ||
| CVE-2018-7084 | Cri | 0.64 | 9.8 | 0.05 | May 10, 2019 | A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration,… | ||
| CVE-2017-12795 | Cri | 0.00 | 9.8 | 0.02 | May 10, 2019 | OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation). | ||
| CVE-2015-1006 | Cri | 0.64 | 9.8 | 0.05 | May 10, 2019 | A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink… | ||
| CVE-2019-1867 | Cri | 0.67 | 10.0 | 0.30 | May 10, 2019 | A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by… | ||
| CVE-2017-12759 | Cri | 0.64 | 9.8 | 0.04 | May 9, 2019 | Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote). | ||
| CVE-2017-12758 | — | Cri | 0.64 | 9.8 | 0.03 | May 9, 2019 | https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component. | |
| CVE-2017-12757 | Cri | 0.64 | 9.8 | 0.04 | May 9, 2019 | Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script… | ||
| CVE-2019-6548 | Cri | 0.64 | 9.8 | 0.01 | May 9, 2019 | GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. | ||
| CVE-2019-11839 | Cri | 0.64 | 9.8 | 0.02 | May 9, 2019 | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling. | ||
| CVE-2019-11838 | Cri | 0.64 | 9.8 | 0.02 | May 9, 2019 | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. | ||
| CVE-2019-11353 | Cri | 0.64 | 9.8 | 0.03 | May 9, 2019 | The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version. | ||
| CVE-2019-11835 | Cri | 0.64 | 9.8 | 0.03 | May 9, 2019 | cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. | ||
| CVE-2019-11834 | Cri | 0.64 | 9.8 | 0.03 | May 9, 2019 | cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. | ||
| CVE-2019-11831 | — | Cri | 0.64 | 9.8 | 0.06 | May 9, 2019 | The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. | |
| CVE-2019-11830 | — | Cri | 0.64 | 9.8 | 0.03 | May 9, 2019 | PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism. | |
| CVE-2019-7442 | Cri | 0.70 | 9.8 | 0.40 | May 8, 2019 | An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system. | ||
| CVE-2019-5021 | Cri | 0.64 | 9.8 | 0.06 | May 8, 2019 | Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of… | ||
| CVE-2019-2047 | Cri | 0.64 | 9.8 | 0.01 | May 8, 2019 | In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android… | ||
| CVE-2019-2046 | Cri | 0.64 | 9.8 | 0.01 | May 8, 2019 | In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2019-2045 | Cri | 0.64 | 9.8 | 0.01 | May 8, 2019 | In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android… | ||
| CVE-2019-11510 | Cri | 0.94 | 10.0 | 1.00 | KEV | May 8, 2019 | In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | |
| CVE-2019-9505 | Cri | 0.64 | 9.8 | 0.03 | May 8, 2019 | The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM… | ||
| CVE-2018-5409 | Cri | 0.64 | 9.8 | 0.01 | May 8, 2019 | The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing,… | ||
| CVE-2019-8387 | Cri | 0.71 | 9.8 | 0.56 | May 8, 2019 | MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component. | ||
| CVE-2019-10712 | Cri | 0.64 | 9.8 | 0.03 | May 7, 2019 | The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access. | ||
| CVE-2018-6634 | Cri | 0.64 | 9.8 | 0.01 | May 7, 2019 | A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account. | ||
| CVE-2019-7745 | Cri | 0.64 | 9.8 | 0.04 | May 7, 2019 | JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field. | ||
| CVE-2019-7564 | Cri | 0.64 | 9.8 | 0.03 | May 7, 2019 | An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the… | ||
| CVE-2018-14485 | Cri | 0.68 | 9.8 | 0.16 | May 7, 2019 | BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. | ||
| CVE-2019-11560 | Cri | 0.64 | 9.8 | 0.02 | May 7, 2019 | A buffer overflow vulnerability in the streaming server provided by hisilicon in HI3516 models allows an unauthenticated attacker to remotely run arbitrary code by sending a special RTSP over HTTP packet. The vulnerability was found in many cameras using hisilicon's hardware and… | ||
| CVE-2019-5434 | Cri | 0.71 | 9.8 | 0.57 | May 6, 2019 | An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related… | ||
| CVE-2019-11766 | Cri | 0.64 | 9.8 | 0.02 | May 5, 2019 | dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature. | ||
| CVE-2019-11036 | Cri | 0.60 | 9.1 | 0.07 | May 3, 2019 | When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. | ||
| CVE-2019-1804 | Cri | 0.64 | 9.8 | 0.03 | May 3, 2019 | A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is… | ||
| CVE-2018-16988 | Cri | 0.64 | 9.8 | 0.02 | May 2, 2019 | An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the… | ||
| CVE-2018-16717 | Cri | 0.64 | 9.8 | 0.02 | May 2, 2019 | A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox. | ||
| CVE-2018-16716 | Cri | 0.60 | 9.1 | 0.09 | May 2, 2019 | A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. | ||
| CVE-2019-11683 | Cri | 0.01 | 9.8 | 0.07 | May 2, 2019 | udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling… | ||
| CVE-2017-18371 | Cri | 0.69 | 9.8 | 0.23 | May 2, 2019 | The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234.… | ||
| CVE-2017-18369 | Cri | 0.72 | 9.8 | 0.68 | May 2, 2019 | The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through… | ||
| CVE-2017-18368 | Cri | 0.86 | 9.8 | 0.95 | KEV | May 2, 2019 | The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page… | |
| CVE-2019-11682 | Cri | 0.64 | 9.8 | 0.03 | May 2, 2019 | A buffer overflow in the SMTP response service in MailCarrier 2.51 allows the attacker to execute arbitrary code remotely via a long HELP command, a related issue to CVE-2019-11395. |
- risk 0.64cvss 9.8epss 0.05
An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.
- risk 0.64cvss 9.8epss 0.04
Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.
- risk 0.66cvss 9.8epss 0.27
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.
- risk 0.64cvss 9.8epss 0.01
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.
- risk 0.64cvss 9.8epss 0.03
Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.
- risk 0.64cvss 9.8epss 0.02
openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method.
- risk 0.64cvss 9.8epss 0.02
Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
- risk 0.64cvss 9.8epss 0.02
A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege.
- risk 0.64cvss 9.8epss 0.05
A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration,…
- risk 0.00cvss 9.8epss 0.02
OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).
- risk 0.64cvss 9.8epss 0.05
A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink…
- risk 0.67cvss 10.0epss 0.30
A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by…
- risk 0.64cvss 9.8epss 0.04
Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).
- risk 0.64cvss 9.8epss 0.03
https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.
- risk 0.64cvss 9.8epss 0.04
Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script…
- risk 0.64cvss 9.8epss 0.01
GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.
- risk 0.64cvss 9.8epss 0.02
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.
- risk 0.64cvss 9.8epss 0.02
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.
- risk 0.64cvss 9.8epss 0.03
The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version.
- risk 0.64cvss 9.8epss 0.03
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.
- risk 0.64cvss 9.8epss 0.03
cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.
- risk 0.64cvss 9.8epss 0.06
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
- risk 0.64cvss 9.8epss 0.03
PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism.
- risk 0.70cvss 9.8epss 0.40
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
- risk 0.64cvss 9.8epss 0.06
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of…
- risk 0.64cvss 9.8epss 0.01
In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…
- risk 0.64cvss 9.8epss 0.01
In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for…
- risk 0.64cvss 9.8epss 0.01
In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…
- risk 0.94cvss 10.0epss 1.00
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
- risk 0.64cvss 9.8epss 0.03
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM…
- risk 0.64cvss 9.8epss 0.01
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing,…
- risk 0.71cvss 9.8epss 0.56
MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.
- risk 0.64cvss 9.8epss 0.03
The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.
- risk 0.64cvss 9.8epss 0.01
A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account.
- risk 0.64cvss 9.8epss 0.04
JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the…
- risk 0.68cvss 9.8epss 0.16
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
- risk 0.64cvss 9.8epss 0.02
A buffer overflow vulnerability in the streaming server provided by hisilicon in HI3516 models allows an unauthenticated attacker to remotely run arbitrary code by sending a special RTSP over HTTP packet. The vulnerability was found in many cameras using hisilicon's hardware and…
- risk 0.71cvss 9.8epss 0.57
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related…
- risk 0.64cvss 9.8epss 0.02
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
- risk 0.60cvss 9.1epss 0.07
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
- risk 0.64cvss 9.8epss 0.03
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the…
- risk 0.64cvss 9.8epss 0.02
A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox.
- risk 0.60cvss 9.1epss 0.09
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.
- risk 0.01cvss 9.8epss 0.07
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling…
- risk 0.69cvss 9.8epss 0.23
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234.…
- risk 0.72cvss 9.8epss 0.68
The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through…
- risk 0.86cvss 9.8epss 0.95
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page…
- risk 0.64cvss 9.8epss 0.03
A buffer overflow in the SMTP response service in MailCarrier 2.51 allows the attacker to execute arbitrary code remotely via a long HELP command, a related issue to CVE-2019-11395.