VYPR

CVEs

31,173 total · page 500 of 624

  • CVE-2014-9189CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.05

    Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial…

  • CVE-2014-9187CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.04

    Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly…

  • CVE-2019-7612CriMar 25, 2019
    risk 0.57cvss 9.8epss 0.02

    A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.

  • CVE-2019-7610CriMar 25, 2019
    risk 0.52cvss 9.0epss 0.04

    Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly…

  • CVE-2019-7609CriKEVMar 25, 2019
    risk 0.81cvss 10.0epss 0.95

    Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing…

  • CVE-2019-3396CriKEVMar 25, 2019
    risk 0.93cvss 9.8epss 1.00

    The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2…

  • CVE-2019-3395CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.07

    The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send…

  • CVE-2019-10041CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.02

    The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.

  • CVE-2019-10040CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.03

    The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.

  • CVE-2019-10039CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.02

    The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.

  • CVE-2019-10011CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.02

    ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234.

  • CVE-2015-3956CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.01

    Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices…

  • CVE-2019-3479CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.07

    Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7.

  • CVE-2019-3476CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.03

    Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution.

  • CVE-2015-3954CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.02

    Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the…

  • CVE-2015-3953CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.02

    Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the…

  • CVE-2019-9960CriMar 24, 2019
    risk 0.04cvss 9.8epss 0.13

    The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.

  • CVE-2019-9948CriMar 23, 2019
    risk 0.01cvss 9.1epss 0.12

    urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

  • CVE-2019-9945CriMar 23, 2019
    risk 0.64cvss 9.8epss 0.06

    SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web…

  • CVE-2019-9927CriMar 22, 2019
    risk 0.64cvss 9.8epss 0.04

    Caret before 2019-02-22 allows Remote Code Execution.

  • CVE-2019-8351CriMar 21, 2019
    risk 0.59cvss 9.1epss 0.01

    Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2019-7537CriMar 21, 2019
    risk 0.57cvss 9.8epss 0.03

    An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution.

  • CVE-2019-5490CriMar 21, 2019
    risk 0.64cvss 9.8epss 0.03

    Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should…

  • CVE-2019-7238CriKEVMar 21, 2019
    risk 0.75cvss 9.8epss 0.77

    Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

  • CVE-2018-4003CriMar 21, 2019
    risk 0.64cvss 9.8epss 0.02

    An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the…

  • CVE-2018-3985CriMar 21, 2019
    risk 0.64cvss 9.8epss 0.02

    An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An…

  • CVE-2019-9898CriMar 21, 2019
    risk 0.64cvss 9.8epss 0.04

    Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.

  • CVE-2019-9895CriMar 21, 2019
    risk 0.64cvss 9.8epss 0.03

    In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.

  • CVE-2019-9893CriMar 21, 2019
    risk 0.64cvss 9.8epss 0.03

    libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.

  • CVE-2019-9870CriMar 21, 2019
    risk 0.00cvss 9.8epss 0.02

    plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements.

  • CVE-2019-9083CriMar 21, 2019
    risk 0.68cvss 9.8epss 0.18

    SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.

  • CVE-2019-6716CriMar 21, 2019
    risk 0.65cvss 9.4epss 0.10

    An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization…

  • CVE-2019-6714CriMar 21, 2019
    risk 0.69cvss 9.8epss 0.32

    An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is…

  • CVE-2019-6441CriMar 21, 2019
    risk 0.71cvss 9.8epss 0.54

    An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of…

  • CVE-2019-5723CriMar 21, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored…

  • CVE-2019-5722CriMar 21, 2019
    risk 0.67cvss 9.8epss 0.04

    An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.

  • CVE-2019-5413CriMar 21, 2019
    risk 0.64cvss 9.8epss 0.03

    An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.

  • CVE-2019-3859CriMar 21, 2019
    risk 0.60cvss 9.1epss 0.06

    An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

  • CVE-2018-4059CriMar 21, 2019
    risk 0.64cvss 9.8epss 0.02

    An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN…

  • CVE-2018-20555CriMar 21, 2019
    risk 0.65cvss 9.8epss 0.10

    The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.

  • CVE-2018-20526CriMar 21, 2019
    risk 0.73cvss 9.8epss 0.73

    Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.

  • CVE-2018-20525CriMar 21, 2019
    risk 0.64cvss 9.1epss 0.22

    Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.

  • CVE-2018-20218CriMar 21, 2019
    risk 0.68cvss 9.8epss 0.11

    An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the…

  • CVE-2018-20162CriMar 21, 2019
    risk 0.65cvss 9.9epss 0.04

    Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.

  • CVE-2018-19783CriMar 21, 2019
    risk 0.64cvss 9.8epss 0.04

    Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel.

  • CVE-2018-19524CriMar 21, 2019
    risk 0.71cvss 9.8epss 0.51

    An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or…

  • CVE-2018-19515CriMar 21, 2019
    risk 0.64cvss 9.8epss 0.03

    In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users.

  • CVE-2018-19514CriMar 21, 2019
    risk 0.64cvss 9.8epss 0.05

    In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes…

  • CVE-2018-19510CriMar 21, 2019
    risk 0.65cvss 9.8epss 0.20

    subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header.

  • CVE-2018-19488CriMar 21, 2019
    risk 0.64cvss 9.8epss 0.04

    The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.