VYPR

CVEs

31,171 total · page 509 of 624

  • CVE-2018-20396CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.01

    NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20395CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20394CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20393CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT,…

  • CVE-2018-20392CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20391CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20390CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20389CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20388CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20387CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Bnmux BCW700J 5.20.7, BCW710J 5.30.6a, and BCW710J2 5.30.16 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20386CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20385CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0…

  • CVE-2018-20384CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20383CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20382CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20381CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20380CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20377CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.08

    Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware…

  • CVE-2018-20371CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on.

  • CVE-2018-20325CriDec 21, 2018
    risk 0.64cvss 9.8epss 0.03

    There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution.

  • CVE-2018-19323CriKEVDec 21, 2018
    risk 0.82cvss 9.8epss 0.09

    The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).

  • CVE-2018-18009CriDec 21, 2018
    risk 0.64cvss 9.8epss 0.03

    dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials.

  • CVE-2018-18008CriDec 21, 2018
    risk 0.64cvss 9.8epss 0.02

    spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.

  • CVE-2018-18007CriDec 21, 2018
    risk 0.64cvss 9.8epss 0.02

    atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.

  • CVE-2018-20338CriDec 21, 2018
    risk 0.65cvss 9.8epss 0.12

    Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.

  • CVE-2018-20318CriDec 21, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file.

  • CVE-2018-19240CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.04

    Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication).

  • CVE-2018-18399CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter.

  • CVE-2018-18388CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.02

    eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222.

  • CVE-2018-17246CriDec 20, 2018
    risk 0.70cvss 9.8epss 0.82

    Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing…

  • CVE-2018-17245CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.01

    Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an…

  • CVE-2018-18871CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.02

    Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password).

  • CVE-2018-15723CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.04

    The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).

  • CVE-2018-15721CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.02

    The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API.

  • CVE-2018-15720CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.01

    Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.

  • CVE-2018-1160CriDec 20, 2018
    risk 0.74cvss 9.8epss 0.87

    Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

  • CVE-2018-1000885CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.03

    PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or…

  • CVE-2018-1000884CriDec 20, 2018
    risk 0.00cvss 9.8epss 0.01

    Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to…

  • CVE-2018-1000881CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.04

    Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web…

  • CVE-2018-1000875CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.02

    Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This…

  • CVE-2018-1000871CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.02

    HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via…

  • CVE-2018-1000869CriDec 20, 2018
    risk 0.00cvss 9.8epss 0.02

    phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This…

  • CVE-2018-1000854CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.03

    esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear…

  • CVE-2018-1000851CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.02

    Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup .…

  • CVE-2018-1000844CriDec 20, 2018
    risk 0.00cvss 9.1epss 0.02

    Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This…

  • CVE-2018-1000838CriDec 20, 2018
    risk 0.65cvss 10.0epss 0.03

    autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata.

  • CVE-2018-1000837CriDec 20, 2018
    risk 0.65cvss 10.0epss 0.02

    UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file.

  • CVE-2018-1000836CriDec 20, 2018
    risk 0.59cvss 9.0epss 0.01

    bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in…

  • CVE-2018-1000835CriDec 20, 2018
    risk 0.65cvss 10.0epss 0.02

    KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.

  • CVE-2018-1000834CriDec 20, 2018
    risk 0.59cvss 9.0epss 0.01

    runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.