VYPR

CVEs

31,171 total · page 505 of 624

  • CVE-2018-8794CriFeb 5, 2019
    risk 0.01cvss 9.8epss 0.07

    rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.

  • CVE-2018-8793CriFeb 5, 2019
    risk 0.01cvss 9.8epss 0.07

    rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.

  • CVE-2019-7412CriFeb 5, 2019
    risk 0.64cvss 9.8epss 0.03

    The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values.

  • CVE-2018-4056CriFeb 5, 2019
    risk 0.64cvss 9.8epss 0.03

    An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN…

  • CVE-2018-18998CriFeb 5, 2019
    risk 0.64cvss 9.8epss 0.02

    LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges.

  • CVE-2018-18996CriFeb 5, 2019
    risk 0.64cvss 9.8epss 0.02

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.

  • CVE-2016-1000282CriFeb 5, 2019
    risk 0.68cvss 9.8epss 0.13

    Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.

  • CVE-2018-20753CriKEVFeb 5, 2019
    risk 0.84cvss 9.8epss 0.30

    Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.

  • CVE-2017-18362CriKEVFeb 5, 2019
    risk 0.89cvss 9.8epss 0.87

    ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware…

  • CVE-2019-1000023CriFeb 4, 2019
    risk 0.64cvss 9.8epss 0.02

    OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL…

  • CVE-2019-1000006CriFeb 4, 2019
    risk 0.64cvss 9.8epss 0.02

    RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via…

  • CVE-2019-1000001CriFeb 4, 2019
    risk 0.64cvss 9.8epss 0.02

    TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass…

  • CVE-2018-20752CriFeb 4, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can…

  • CVE-2016-1000271CriFeb 4, 2019
    risk 0.64cvss 9.8epss 0.02

    Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server.

  • CVE-2019-7316CriFeb 4, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability.

  • CVE-2019-7314CriFeb 4, 2019
    risk 0.64cvss 9.8epss 0.03

    liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.

  • CVE-2018-16492CriFeb 1, 2019
    risk 0.57cvss 9.8epss 0.03

    A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.

  • CVE-2018-16491CriFeb 1, 2019
    risk 0.64cvss 9.8epss 0.02

    A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.

  • CVE-2018-16489CriFeb 1, 2019
    risk 0.64cvss 9.8epss 0.02

    A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.

  • CVE-2018-16486CriFeb 1, 2019
    risk 0.64cvss 9.8epss 0.01

    A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.

  • CVE-2019-7297CriJan 31, 2019
    risk 0.65cvss 9.8epss 0.12

    An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function…

  • CVE-2018-5560CriJan 31, 2019
    risk 0.65cvss 10.0epss 0.02

    A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.

  • CVE-2018-12548CriJan 31, 2019
    risk 0.64cvss 9.8epss 0.01

    In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.

  • CVE-2018-18941CriJan 31, 2019
    risk 0.64cvss 9.8epss 0.02

    In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this…

  • CVE-2019-7249CriJan 31, 2019
    risk 0.64cvss 9.8epss 0.03

    In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs.

  • CVE-2019-6438CriJan 31, 2019
    risk 0.64cvss 9.8epss 0.02

    SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.

  • CVE-2019-7234CriJan 30, 2019
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file…

  • CVE-2018-20750CriJan 30, 2019
    risk 0.00cvss 9.8epss 0.03

    LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

  • CVE-2018-20749CriJan 30, 2019
    risk 0.00cvss 9.8epss 0.03

    LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

  • CVE-2018-20748CriJan 30, 2019
    risk 0.00cvss 9.8epss 0.03

    LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.

  • CVE-2018-17431CriJan 30, 2019
    risk 0.73cvss 9.8epss 0.84

    Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.

  • CVE-2019-7160CriJan 29, 2019
    risk 0.64cvss 9.8epss 0.03

    idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.

  • CVE-2018-10612CriJan 29, 2019
    risk 0.64cvss 9.8epss 0.01

    In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.

  • CVE-2019-6991CriJan 28, 2019
    risk 0.00cvss 9.8epss 0.03

    A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.

  • CVE-2019-6978CriJan 28, 2019
    risk 0.57cvss 9.8epss 0.04

    The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

  • CVE-2019-6703CriJan 27, 2019
    risk 0.66cvss 9.8epss 0.26

    Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to…

  • CVE-2019-6798CriJan 26, 2019
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

  • CVE-2019-6805CriJan 25, 2019
    risk 0.64cvss 9.8epss 0.01

    SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.

  • CVE-2019-1651CriJan 24, 2019
    risk 0.65cvss 9.9epss 0.05

    A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An…

  • CVE-2019-6713CriJan 23, 2019
    risk 0.64cvss 9.8epss 0.02

    app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call.

  • CVE-2017-17836CriJan 23, 2019
    risk 0.64cvss 9.8epss 0.02

    In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all…

  • CVE-2019-6260CriJan 22, 2019
    risk 0.64cvss 9.8epss 0.04

    The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases…

  • CVE-2018-6444CriJan 22, 2019
    risk 0.64cvss 9.8epss 0.03

    A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands.

  • CVE-2019-6339CriJan 22, 2019
    risk 0.59cvss 9.8epss 0.33

    In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom)…

  • CVE-2018-19635CriJan 22, 2019
    risk 0.64cvss 9.8epss 0.01

    CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.

  • CVE-2019-6503CriJan 22, 2019
    risk 0.64cvss 9.8epss 0.02

    There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method.

  • CVE-2019-6497CriJan 20, 2019
    risk 0.64cvss 9.8epss 0.01

    Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.

  • CVE-2019-3774CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.03

    Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

  • CVE-2019-3773CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.04

    Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

  • CVE-2019-3772CriJan 18, 2019
    risk 0.57cvss 9.8epss 0.03

    Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.