| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9189 | Cri | 0.64 | 9.8 | 0.05 | Mar 25, 2019 | Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial… | ||
| CVE-2014-9187 | Cri | 0.64 | 9.8 | 0.04 | Mar 25, 2019 | Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly… | ||
| CVE-2019-7612 | Cri | 0.57 | 9.8 | 0.02 | Mar 25, 2019 | A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message. | ||
| CVE-2019-7610 | Cri | 0.52 | 9.0 | 0.04 | Mar 25, 2019 | Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly… | ||
| CVE-2019-7609 | Cri | 0.81 | 10.0 | 0.95 | KEV | Mar 25, 2019 | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing… | |
| CVE-2019-3396 | Cri | 0.93 | 9.8 | 1.00 | KEV | Mar 25, 2019 | The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2… | |
| CVE-2019-3395 | Cri | 0.64 | 9.8 | 0.07 | Mar 25, 2019 | The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send… | ||
| CVE-2019-10041 | Cri | 0.64 | 9.8 | 0.02 | Mar 25, 2019 | The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication. | ||
| CVE-2019-10040 | Cri | 0.64 | 9.8 | 0.03 | Mar 25, 2019 | The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication. | ||
| CVE-2019-10039 | Cri | 0.64 | 9.8 | 0.02 | Mar 25, 2019 | The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication. | ||
| CVE-2019-10011 | Cri | 0.64 | 9.8 | 0.02 | Mar 25, 2019 | ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234. | ||
| CVE-2015-3956 | Cri | 0.64 | 9.8 | 0.01 | Mar 25, 2019 | Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices… | ||
| CVE-2019-3479 | Cri | 0.64 | 9.8 | 0.07 | Mar 25, 2019 | Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7. | ||
| CVE-2019-3476 | Cri | 0.64 | 9.8 | 0.03 | Mar 25, 2019 | Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution. | ||
| CVE-2015-3954 | Cri | 0.64 | 9.8 | 0.02 | Mar 25, 2019 | Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the… | ||
| CVE-2015-3953 | Cri | 0.64 | 9.8 | 0.02 | Mar 25, 2019 | Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the… | ||
| CVE-2019-9960 | Cri | 0.04 | 9.8 | 0.13 | Mar 24, 2019 | The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. | ||
| CVE-2019-9948 | Cri | 0.01 | 9.1 | 0.12 | Mar 23, 2019 | urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | ||
| CVE-2019-9945 | Cri | 0.64 | 9.8 | 0.06 | Mar 23, 2019 | SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web… | ||
| CVE-2019-9927 | Cri | 0.64 | 9.8 | 0.04 | Mar 22, 2019 | Caret before 2019-02-22 allows Remote Code Execution. | ||
| CVE-2019-8351 | Cri | 0.59 | 9.1 | 0.01 | Mar 21, 2019 | Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||
| CVE-2019-7537 | Cri | 0.57 | 9.8 | 0.03 | Mar 21, 2019 | An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution. | ||
| CVE-2019-5490 | Cri | 0.64 | 9.8 | 0.03 | Mar 21, 2019 | Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should… | ||
| CVE-2019-7238 | Cri | 0.75 | 9.8 | 0.77 | KEV | Mar 21, 2019 | Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. | |
| CVE-2018-4003 | Cri | 0.64 | 9.8 | 0.02 | Mar 21, 2019 | An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the… | ||
| CVE-2018-3985 | Cri | 0.64 | 9.8 | 0.02 | Mar 21, 2019 | An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An… | ||
| CVE-2019-9898 | Cri | 0.64 | 9.8 | 0.04 | Mar 21, 2019 | Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | ||
| CVE-2019-9895 | Cri | 0.64 | 9.8 | 0.03 | Mar 21, 2019 | In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. | ||
| CVE-2019-9893 | Cri | 0.64 | 9.8 | 0.03 | Mar 21, 2019 | libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations. | ||
| CVE-2019-9870 | — | Cri | 0.00 | 9.8 | 0.02 | Mar 21, 2019 | plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. | |
| CVE-2019-9083 | Cri | 0.68 | 9.8 | 0.18 | Mar 21, 2019 | SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued. | ||
| CVE-2019-6716 | Cri | 0.65 | 9.4 | 0.10 | Mar 21, 2019 | An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization… | ||
| CVE-2019-6714 | Cri | 0.69 | 9.8 | 0.32 | Mar 21, 2019 | An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is… | ||
| CVE-2019-6441 | Cri | 0.71 | 9.8 | 0.54 | Mar 21, 2019 | An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of… | ||
| CVE-2019-5723 | Cri | 0.64 | 9.8 | 0.01 | Mar 21, 2019 | An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored… | ||
| CVE-2019-5722 | Cri | 0.67 | 9.8 | 0.04 | Mar 21, 2019 | An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number. | ||
| CVE-2019-5413 | Cri | 0.64 | 9.8 | 0.03 | Mar 21, 2019 | An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. | ||
| CVE-2019-3859 | Cri | 0.60 | 9.1 | 0.06 | Mar 21, 2019 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | ||
| CVE-2018-4059 | Cri | 0.64 | 9.8 | 0.02 | Mar 21, 2019 | An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN… | ||
| CVE-2018-20555 | Cri | 0.65 | 9.8 | 0.10 | Mar 21, 2019 | The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover. | ||
| CVE-2018-20526 | Cri | 0.73 | 9.8 | 0.73 | Mar 21, 2019 | Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php. | ||
| CVE-2018-20525 | Cri | 0.64 | 9.1 | 0.22 | Mar 21, 2019 | Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php. | ||
| CVE-2018-20218 | Cri | 0.68 | 9.8 | 0.11 | Mar 21, 2019 | An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the… | ||
| CVE-2018-20162 | Cri | 0.65 | 9.9 | 0.04 | Mar 21, 2019 | Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root. | ||
| CVE-2018-19783 | Cri | 0.64 | 9.8 | 0.04 | Mar 21, 2019 | Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel. | ||
| CVE-2018-19524 | Cri | 0.71 | 9.8 | 0.51 | Mar 21, 2019 | An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or… | ||
| CVE-2018-19515 | Cri | 0.64 | 9.8 | 0.03 | Mar 21, 2019 | In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users. | ||
| CVE-2018-19514 | Cri | 0.64 | 9.8 | 0.05 | Mar 21, 2019 | In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes… | ||
| CVE-2018-19510 | Cri | 0.65 | 9.8 | 0.20 | Mar 21, 2019 | subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header. | ||
| CVE-2018-19488 | Cri | 0.64 | 9.8 | 0.04 | Mar 21, 2019 | The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account. |
- risk 0.64cvss 9.8epss 0.05
Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial…
- risk 0.64cvss 9.8epss 0.04
Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly…
- risk 0.57cvss 9.8epss 0.02
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
- risk 0.52cvss 9.0epss 0.04
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly…
- risk 0.81cvss 10.0epss 0.95
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing…
- risk 0.93cvss 9.8epss 1.00
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2…
- risk 0.64cvss 9.8epss 0.07
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send…
- risk 0.64cvss 9.8epss 0.02
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.
- risk 0.64cvss 9.8epss 0.03
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.
- risk 0.64cvss 9.8epss 0.02
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.
- risk 0.64cvss 9.8epss 0.02
ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234.
- risk 0.64cvss 9.8epss 0.01
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices…
- risk 0.64cvss 9.8epss 0.07
Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7.
- risk 0.64cvss 9.8epss 0.03
Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the…
- risk 0.64cvss 9.8epss 0.02
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the…
- risk 0.04cvss 9.8epss 0.13
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
- risk 0.01cvss 9.1epss 0.12
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
- risk 0.64cvss 9.8epss 0.06
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web…
- risk 0.64cvss 9.8epss 0.04
Caret before 2019-02-22 allows Remote Code Execution.
- risk 0.59cvss 9.1epss 0.01
Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.
- risk 0.57cvss 9.8epss 0.03
An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution.
- risk 0.64cvss 9.8epss 0.03
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should…
- risk 0.75cvss 9.8epss 0.77
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
- risk 0.64cvss 9.8epss 0.02
An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the…
- risk 0.64cvss 9.8epss 0.02
An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An…
- risk 0.64cvss 9.8epss 0.04
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
- risk 0.64cvss 9.8epss 0.03
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
- risk 0.64cvss 9.8epss 0.03
libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
- risk 0.00cvss 9.8epss 0.02
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements.
- risk 0.68cvss 9.8epss 0.18
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.
- risk 0.65cvss 9.4epss 0.10
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization…
- risk 0.69cvss 9.8epss 0.32
An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is…
- risk 0.71cvss 9.8epss 0.54
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored…
- risk 0.67cvss 9.8epss 0.04
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.
- risk 0.64cvss 9.8epss 0.03
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.
- risk 0.60cvss 9.1epss 0.06
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
- risk 0.64cvss 9.8epss 0.02
An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN…
- risk 0.65cvss 9.8epss 0.10
The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.
- risk 0.73cvss 9.8epss 0.73
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
- risk 0.64cvss 9.1epss 0.22
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
- risk 0.68cvss 9.8epss 0.11
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the…
- risk 0.65cvss 9.9epss 0.04
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.
- risk 0.64cvss 9.8epss 0.04
Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel.
- risk 0.71cvss 9.8epss 0.51
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or…
- risk 0.64cvss 9.8epss 0.03
In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users.
- risk 0.64cvss 9.8epss 0.05
In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes…
- risk 0.65cvss 9.8epss 0.20
subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header.
- risk 0.64cvss 9.8epss 0.04
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.