| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-6266 | Cri | 0.64 | 9.8 | 0.01 | Feb 25, 2019 | Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext. | ||
| CVE-2018-13904 | Cri | 0.64 | 9.8 | 0.01 | Feb 25, 2019 | Improper input validation in SCM handler to access storage in TZ can lead to unauthorized access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9206,… | ||
| CVE-2018-11945 | Cri | 0.64 | 9.8 | 0.01 | Feb 25, 2019 | Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon… | ||
| CVE-2018-11932 | Cri | 0.59 | 9.1 | 0.01 | Feb 25, 2019 | Improper input validation can lead RW access to secure subsystem from HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9650,… | ||
| CVE-2018-20033 | Cri | 0.64 | 9.8 | 0.04 | Feb 25, 2019 | A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat… | ||
| CVE-2019-9125 | Cri | 0.64 | 9.8 | 0.03 | Feb 25, 2019 | An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header. | ||
| CVE-2019-9124 | Cri | 0.64 | 9.8 | 0.02 | Feb 25, 2019 | An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password. | ||
| CVE-2019-9123 | Cri | 0.64 | 9.8 | 0.02 | Feb 25, 2019 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password. | ||
| CVE-2019-9115 | Cri | 0.57 | 9.8 | 0.02 | Feb 25, 2019 | In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage. | ||
| CVE-2019-8375 | Cri | 0.61 | 9.8 | 0.16 | Feb 24, 2019 | The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or… | ||
| CVE-2019-9047 | Cri | 0.64 | 9.8 | 0.02 | Feb 23, 2019 | GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled. | ||
| CVE-2019-9037 | Cri | 0.59 | 9.1 | 0.02 | Feb 23, 2019 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c. | ||
| CVE-2019-9035 | Cri | 0.59 | 9.1 | 0.02 | Feb 23, 2019 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField() in mat5.c. | ||
| CVE-2019-9034 | Cri | 0.59 | 9.1 | 0.02 | Feb 23, 2019 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for a memcpy in the function ReadNextCell() in mat5.c. | ||
| CVE-2019-9033 | Cri | 0.59 | 9.1 | 0.02 | Feb 23, 2019 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension" feature in the function ReadNextCell() in mat5.c. | ||
| CVE-2019-9030 | Cri | 0.59 | 9.1 | 0.02 | Feb 23, 2019 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in mat5.c. | ||
| CVE-2019-9028 | Cri | 0.59 | 9.1 | 0.02 | Feb 23, 2019 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c. | ||
| CVE-2019-9025 | Cri | 0.64 | 9.8 | 0.03 | Feb 22, 2019 | An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the… | ||
| CVE-2019-9023 | Cri | 0.64 | 9.8 | 0.09 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in… | ||
| CVE-2019-9021 | Cri | 0.65 | 9.8 | 0.10 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when… | ||
| CVE-2019-9020 | Cri | 0.65 | 9.8 | 0.10 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in… | ||
| CVE-2019-9015 | Cri | 0.59 | 9.1 | 0.02 | Feb 22, 2019 | A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the… | ||
| CVE-2018-20784 | Cri | 0.00 | 9.8 | 0.04 | Feb 22, 2019 | In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. | ||
| CVE-2019-9002 | Cri | 0.00 | 9.8 | 0.02 | Feb 22, 2019 | An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is completed. | ||
| CVE-2019-8996 | Cri | 0.64 | 9.8 | 0.02 | Feb 21, 2019 | In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow. | ||
| CVE-2019-8985 | Cri | 0.65 | 9.8 | 0.13 | Feb 21, 2019 | On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability… | ||
| CVE-2019-8982 | Cri | 0.67 | 9.6 | 0.26 | Feb 21, 2019 | com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. | ||
| CVE-2018-20122 | Cri | 0.64 | 9.8 | 0.05 | Feb 21, 2019 | The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges.… | ||
| CVE-2019-8979 | Cri | 0.64 | 9.8 | 0.03 | Feb 21, 2019 | Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. | ||
| CVE-2019-8950 | Cri | 0.64 | 9.8 | 0.03 | Feb 20, 2019 | The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET. | ||
| CVE-2019-8948 | Cri | 0.64 | 9.8 | 0.04 | Feb 20, 2019 | PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. | ||
| CVE-2019-7164 | Cri | 0.57 | 9.8 | 0.04 | Feb 20, 2019 | SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | ||
| CVE-2019-5759 | Cri | 0.63 | 9.6 | 0.01 | Feb 19, 2019 | Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | ||
| CVE-2019-7629 | Cri | 0.64 | 9.8 | 0.05 | Feb 18, 2019 | Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client. | ||
| CVE-2019-8917 | Cri | 0.67 | 9.8 | 0.36 | Feb 18, 2019 | SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The… | ||
| CVE-2019-8908 | Cri | 0.64 | 9.8 | 0.02 | Feb 18, 2019 | An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type:… | ||
| CVE-2019-0101 | Cri | 0.64 | 9.8 | 0.02 | Feb 18, 2019 | Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution administrative portal via network access. | ||
| CVE-2019-8429 | Cri | 0.57 | 9.8 | 0.02 | Feb 18, 2019 | ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. | ||
| CVE-2019-8428 | Cri | 0.57 | 9.8 | 0.02 | Feb 18, 2019 | ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. | ||
| CVE-2019-8427 | Cri | 0.64 | 9.8 | 0.02 | Feb 18, 2019 | daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. | ||
| CVE-2019-8424 | Cri | 0.57 | 9.8 | 0.02 | Feb 18, 2019 | ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. | ||
| CVE-2019-8423 | Cri | 0.64 | 9.8 | 0.02 | Feb 18, 2019 | ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. | ||
| CVE-2019-8393 | Cri | 0.64 | 9.8 | 0.01 | Feb 17, 2019 | Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled. | ||
| CVE-2019-8395 | Cri | 0.64 | 9.8 | 0.07 | Feb 17, 2019 | An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. | ||
| CVE-2019-8360 | Cri | 0.64 | 9.8 | 0.02 | Feb 16, 2019 | Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter. | ||
| CVE-2015-4615 | Cri | 0.64 | 9.8 | 0.02 | Feb 15, 2019 | Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables | ||
| CVE-2013-5654 | Cri | 0.59 | 9.1 | 0.02 | Feb 15, 2019 | Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage | ||
| CVE-2019-4059 | Cri | 0.64 | 9.8 | 0.02 | Feb 15, 2019 | IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583. | ||
| CVE-2019-0261 | Cri | 0.64 | 9.8 | 0.04 | Feb 15, 2019 | Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for… | ||
| CVE-2019-0259 | Cri | 0.64 | 9.8 | 0.02 | Feb 15, 2019 | SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. |
- risk 0.64cvss 9.8epss 0.01
Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext.
- risk 0.64cvss 9.8epss 0.01
Improper input validation in SCM handler to access storage in TZ can lead to unauthorized access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9206,…
- risk 0.64cvss 9.8epss 0.01
Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon…
- risk 0.59cvss 9.1epss 0.01
Improper input validation can lead RW access to secure subsystem from HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9650,…
- risk 0.64cvss 9.8epss 0.04
A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat…
- risk 0.64cvss 9.8epss 0.03
An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password.
- risk 0.57cvss 9.8epss 0.02
In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage.
- risk 0.61cvss 9.8epss 0.16
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or…
- risk 0.64cvss 9.8epss 0.02
GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled.
- risk 0.59cvss 9.1epss 0.02
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c.
- risk 0.59cvss 9.1epss 0.02
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField() in mat5.c.
- risk 0.59cvss 9.1epss 0.02
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for a memcpy in the function ReadNextCell() in mat5.c.
- risk 0.59cvss 9.1epss 0.02
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension" feature in the function ReadNextCell() in mat5.c.
- risk 0.59cvss 9.1epss 0.02
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in mat5.c.
- risk 0.59cvss 9.1epss 0.02
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the…
- risk 0.64cvss 9.8epss 0.09
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in…
- risk 0.65cvss 9.8epss 0.10
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when…
- risk 0.65cvss 9.8epss 0.10
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in…
- risk 0.59cvss 9.1epss 0.02
A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the…
- risk 0.00cvss 9.8epss 0.04
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
- risk 0.00cvss 9.8epss 0.02
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is completed.
- risk 0.64cvss 9.8epss 0.02
In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow.
- risk 0.65cvss 9.8epss 0.13
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability…
- risk 0.67cvss 9.6epss 0.26
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
- risk 0.64cvss 9.8epss 0.05
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges.…
- risk 0.64cvss 9.8epss 0.03
Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled.
- risk 0.64cvss 9.8epss 0.03
The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.
- risk 0.64cvss 9.8epss 0.04
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.
- risk 0.57cvss 9.8epss 0.04
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
- risk 0.63cvss 9.6epss 0.01
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- risk 0.64cvss 9.8epss 0.05
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
- risk 0.67cvss 9.8epss 0.36
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type:…
- risk 0.64cvss 9.8epss 0.02
Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution administrative portal via network access.
- risk 0.57cvss 9.8epss 0.02
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
- risk 0.57cvss 9.8epss 0.02
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
- risk 0.64cvss 9.8epss 0.02
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
- risk 0.57cvss 9.8epss 0.02
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
- risk 0.64cvss 9.8epss 0.02
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
- risk 0.64cvss 9.8epss 0.01
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
- risk 0.64cvss 9.8epss 0.07
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
- risk 0.64cvss 9.8epss 0.02
Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.
- risk 0.64cvss 9.8epss 0.02
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
- risk 0.59cvss 9.1epss 0.02
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage
- risk 0.64cvss 9.8epss 0.02
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.
- risk 0.64cvss 9.8epss 0.04
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for…
- risk 0.64cvss 9.8epss 0.02
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.