VYPR

CVEs

31,171 total · page 510 of 624

  • CVE-2018-1000833CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.03

    ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.

  • CVE-2018-1000832CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.06

    ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.

  • CVE-2018-1000831CriDec 20, 2018
    risk 0.65cvss 10.0epss 0.02

    K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the…

  • CVE-2018-1000830CriDec 20, 2018
    risk 0.65cvss 10.0epss 0.01

    XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.

  • CVE-2018-1000829CriDec 20, 2018
    risk 0.59cvss 9.0epss 0.01

    Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after…

  • CVE-2018-1000828CriDec 20, 2018
    risk 0.59cvss 9.0epss 0.01

    FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in…

  • CVE-2018-1000827CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.04

    Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.

  • CVE-2018-1000825CriDec 20, 2018
    risk 0.65cvss 10.0epss 0.02

    FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.

  • CVE-2018-1000824CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.03

    MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.

  • CVE-2018-1000823CriDec 20, 2018
    risk 0.58cvss 10.0epss 0.02

    exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.

  • CVE-2018-1000822CriDec 20, 2018
    risk 0.65cvss 10.0epss 0.02

    codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML…

  • CVE-2018-1000821CriDec 20, 2018
    risk 0.65cvss 10.0epss 0.02

    MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted…

  • CVE-2018-1000820CriDec 20, 2018
    risk 0.65cvss 10.0epss 0.02

    neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after…

  • CVE-2018-20305CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.04

    D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address.

  • CVE-2018-20300CriDec 20, 2018
    risk 0.64cvss 9.8epss 0.02

    Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.

  • CVE-2018-20299CriDec 19, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there…

  • CVE-2018-20020CriDec 19, 2018
    risk 0.64cvss 9.8epss 0.09

    LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution

  • CVE-2018-20019CriDec 19, 2018
    risk 0.64cvss 9.8epss 0.09

    LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution

  • CVE-2018-15127CriDec 19, 2018
    risk 0.58cvss 9.8epss 0.15

    LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution

  • CVE-2018-15126CriDec 19, 2018
    risk 0.58cvss 9.8epss 0.12

    LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution

  • CVE-2018-17777CriDec 18, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have…

  • CVE-2018-20133CriDec 17, 2018
    risk 0.64cvss 9.8epss 0.02

    ymlref allows code injection.

  • CVE-2018-19036CriDec 17, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.

  • CVE-2018-18556CriDec 17, 2018
    risk 0.69cvss 9.9epss 0.15

    A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with…

  • CVE-2018-18555CriDec 17, 2018
    risk 0.64cvss 9.9epss 0.02

    A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and…

  • CVE-2018-20027CriDec 17, 2018
    risk 0.64cvss 9.8epss 0.02

    The yaml_parse.load method in Pylearn2 allows code injection.

  • CVE-2018-18249CriDec 17, 2018
    risk 0.64cvss 9.8epss 0.01

    Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or…

  • CVE-2018-20173CriDec 17, 2018
    risk 0.66cvss 9.8epss 0.24

    Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.

  • CVE-2018-20148CriDec 14, 2018
    risk 0.59cvss 9.8epss 0.31

    In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in…

  • CVE-2018-19007CriDec 14, 2018
    risk 0.64cvss 9.8epss 0.04

    In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.

  • CVE-2018-18006CriDec 14, 2018
    risk 0.65cvss 9.8epss 0.21

    Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names…

  • CVE-2018-18923CriDec 13, 2018
    risk 0.67cvss 9.8epss 0.03

    AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.

  • CVE-2018-18922CriDec 13, 2018
    risk 0.64cvss 9.8epss 0.02

    add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.

  • CVE-2018-15719CriDec 12, 2018
    risk 0.64cvss 9.8epss 0.01

    Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.

  • CVE-2018-13816CriDec 12, 2018
    risk 0.65cvss 10.0epss 0.03

    A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user…

  • CVE-2018-11466CriDec 12, 2018
    risk 0.64cvss 9.8epss 0.04

    A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). Specially…

  • CVE-2018-11462CriDec 12, 2018
    risk 0.64cvss 9.8epss 0.04

    A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). By sending a…

  • CVE-2018-8626CriDec 12, 2018
    risk 0.65cvss 9.8epss 0.21

    A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS Server Heap Overflow Vulnerability." This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10,…

  • CVE-2018-8540CriDec 12, 2018
    risk 0.65cvss 9.8epss 0.22

    A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework…

  • CVE-2018-10143CriDec 12, 2018
    risk 0.66cvss 9.8epss 0.25

    The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.

  • CVE-2018-6703CriDec 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging…

  • CVE-2018-20062CriKEVDec 11, 2018
    risk 0.87cvss 9.8epss 1.00

    An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.

  • CVE-2018-20060CriDec 11, 2018
    risk 0.57cvss 9.8epss 0.04

    urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted…

  • CVE-2018-20059CriDec 11, 2018
    risk 0.57cvss 9.8epss 0.01

    jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.

  • CVE-2018-20056CriDec 11, 2018
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter.

  • CVE-2018-15805CriDec 10, 2018
    risk 0.59cvss 9.1epss 0.02

    Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).

  • CVE-2018-1000861CriKEVDec 10, 2018
    risk 0.16cvss 9.8epss 0.98

    A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs…

  • CVE-2016-10502CriDec 10, 2018
    risk 0.64cvss 9.8epss 0.01

    While generating trusted application id, An integer overflow can occur giving the trusted application an invalid identity in Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835 and SDA660.

  • CVE-2018-19991CriDec 10, 2018
    risk 0.64cvss 9.8epss 0.02

    VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.

  • CVE-2018-9578CriDec 7, 2018
    risk 0.64cvss 9.8epss 0.01

    In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.…