VYPR

CVEs

31,171 total · page 508 of 624

  • CVE-2018-14719CriJan 2, 2019
    risk 0.57cvss 9.8epss 0.10

    FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

  • CVE-2018-14718CriJan 2, 2019
    risk 0.58cvss 9.8epss 0.13

    FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

  • CVE-2018-13045CriJan 2, 2019
    risk 0.67cvss 9.8epss 0.03

    SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter.

  • CVE-2019-3577CriJan 2, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI.

  • CVE-2019-3576CriJan 2, 2019
    risk 0.64cvss 9.8epss 0.02

    inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserController#deleteFavorite (aka deleteFavorite in…

  • CVE-2018-6333CriDec 31, 2018
    risk 0.57cvss 9.8epss 0.02

    The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code…

  • CVE-2018-6331CriDec 31, 2018
    risk 0.00cvss 9.8epss 0.02

    Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.

  • CVE-2018-6342CriDec 31, 2018
    risk 0.00cvss 9.8epss 0.03

    react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF…

  • CVE-2018-6334CriDec 31, 2018
    risk 0.00cvss 9.8epss 0.02

    Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and…

  • CVE-2018-18602CriDec 31, 2018
    risk 0.64cvss 9.8epss 0.01

    The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.

  • CVE-2018-17191CriDec 31, 2018
    risk 0.64cvss 9.8epss 0.08

    Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that…

  • CVE-2018-20605CriDec 30, 2018
    risk 0.64cvss 9.8epss 0.02

    imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.

  • CVE-2018-20596CriDec 30, 2018
    risk 0.64cvss 9.8epss 0.01

    Jspxcms v9.0.0 allows SSRF.

  • CVE-2018-20577CriDec 28, 2018
    risk 0.59cvss 9.1epss 0.01

    Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and…

  • CVE-2018-5204CriDec 28, 2018
    risk 0.64cvss 9.8epss 0.02

    ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.

  • CVE-2018-5203CriDec 28, 2018
    risk 0.64cvss 9.8epss 0.02

    DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.

  • CVE-2018-20572CriDec 28, 2018
    risk 0.64cvss 9.8epss 0.02

    WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.

  • CVE-2018-20569CriDec 28, 2018
    risk 0.00cvss 9.8epss 0.02

    user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.

  • CVE-2018-20568CriDec 28, 2018
    risk 0.00cvss 9.8epss 0.02

    Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.

  • CVE-2018-1000631CriDec 28, 2018
    risk 0.64cvss 9.8epss 0.02

    Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the…

  • CVE-2018-1000628CriDec 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of "key" in the URL when…

  • CVE-2018-1000627CriDec 28, 2018
    risk 0.64cvss 9.8epss 0.02

    Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system.

  • CVE-2018-1000626CriDec 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain…

  • CVE-2018-1000625CriDec 28, 2018
    risk 0.64cvss 9.8epss 0.02

    Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system.

  • CVE-2018-20508CriDec 27, 2018
    risk 0.64cvss 9.8epss 0.01

    CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function.

  • CVE-2018-19873CriDec 26, 2018
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.

  • CVE-2018-11742CriDec 26, 2018
    risk 0.68cvss 9.8epss 0.14

    NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.

  • CVE-2018-11741CriDec 26, 2018
    risk 0.68cvss 9.8epss 0.18

    NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs.

  • CVE-2018-20480CriDec 26, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter.

  • CVE-2018-20479CriDec 26, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter.

  • CVE-2018-20477CriDec 26, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.

  • CVE-2018-20445CriDec 25, 2018
    risk 0.64cvss 9.8epss 0.02

    D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests.

  • CVE-2018-20444CriDec 25, 2018
    risk 0.64cvss 9.8epss 0.01

    Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

  • CVE-2018-20443CriDec 25, 2018
    risk 0.64cvss 9.8epss 0.01

    Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

  • CVE-2018-20442CriDec 25, 2018
    risk 0.64cvss 9.8epss 0.01

    Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

  • CVE-2018-20441CriDec 25, 2018
    risk 0.64cvss 9.8epss 0.01

    Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

  • CVE-2018-20440CriDec 25, 2018
    risk 0.64cvss 9.8epss 0.01

    Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

  • CVE-2018-20439CriDec 25, 2018
    risk 0.64cvss 9.8epss 0.01

    Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

  • CVE-2018-20438CriDec 25, 2018
    risk 0.64cvss 9.8epss 0.01

    Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

  • CVE-2018-20248CriDec 24, 2018
    risk 0.64cvss 9.8epss 0.02

    In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may…

  • CVE-2018-19248CriDec 24, 2018
    risk 0.59cvss 9.1epss 0.01

    The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI…

  • CVE-2018-18698CriDec 24, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot.

  • CVE-2018-7836CriDec 24, 2018
    risk 0.66cvss 9.8epss 0.32

    An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files.

  • CVE-2018-7800CriDec 24, 2018
    risk 0.64cvss 9.8epss 0.04

    A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device.

  • CVE-2018-20433CriDec 24, 2018
    risk 0.57cvss 9.8epss 0.05

    c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

  • CVE-2018-20401CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20400CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20399CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.03

    Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20398CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20397CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.