VYPR

CVEs

31,171 total · page 514 of 624

  • CVE-2018-9356CriNov 6, 2018
    risk 0.64cvss 9.8epss 0.03

    In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0…

  • CVE-2018-9355CriNov 6, 2018
    risk 0.64cvss 9.8epss 0.03

    In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2018-18963CriNov 6, 2018
    risk 0.64cvss 9.8epss 0.02

    Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI.

  • CVE-2018-18957CriNov 5, 2018
    risk 0.68cvss 9.8epss 0.12

    An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.

  • CVE-2018-9208CriNov 5, 2018
    risk 0.64cvss 9.8epss 0.03

    Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta

  • CVE-2018-18949CriNov 5, 2018
    risk 0.66cvss 9.8epss 0.24

    Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.

  • CVE-2018-18934CriNov 5, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be…

  • CVE-2018-18933CriNov 5, 2018
    risk 0.59cvss 9.1epss 0.03

    The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL…

  • CVE-2018-18928CriNov 4, 2018
    risk 0.00cvss 9.8epss 0.03

    International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.

  • CVE-2018-18926CriNov 4, 2018
    risk 0.57cvss 9.8epss 0.03

    Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron.

  • CVE-2018-18925CriNov 4, 2018
    risk 0.66cvss 9.8epss 0.32

    Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.

  • CVE-2018-18903CriNov 3, 2018
    risk 0.64cvss 9.8epss 0.05

    Vanilla 2.6.x before 2.6.4 allows remote code execution.

  • CVE-2018-15762CriNov 2, 2018
    risk 0.59cvss 9.0epss 0.01

    Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may…

  • CVE-2018-3934CriNov 2, 2018
    risk 0.64cvss 9.8epss 0.03

    An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of…

  • CVE-2018-17922CriNov 2, 2018
    risk 0.64cvss 9.8epss 0.03

    Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication.

  • CVE-2018-17918CriNov 2, 2018
    risk 0.64cvss 9.8epss 0.04

    Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.

  • CVE-2018-17916CriNov 2, 2018
    risk 0.64cvss 9.8epss 0.04

    InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related…

  • CVE-2018-17914CriNov 2, 2018
    risk 0.64cvss 9.8epss 0.05

    InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or…

  • CVE-2018-6908CriNov 1, 2018
    risk 0.64cvss 9.8epss 0.02

    An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as…

  • CVE-2018-6012CriNov 1, 2018
    risk 0.64cvss 9.8epss 0.01

    The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function.

  • CVE-2018-18892CriNov 1, 2018
    risk 0.64cvss 9.8epss 0.03

    MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.

  • CVE-2018-18888CriNov 1, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.

  • CVE-2018-18887CriNov 1, 2018
    risk 0.64cvss 9.8epss 0.01

    S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).

  • CVE-2018-16840CriOct 31, 2018
    risk 0.00cvss 9.8epss 0.03

    A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and…

  • CVE-2018-18874CriOct 31, 2018
    risk 0.64cvss 9.8epss 0.02

    nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.

  • CVE-2018-18869CriOct 31, 2018
    risk 0.64cvss 9.8epss 0.04

    EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.

  • CVE-2018-8858CriOct 30, 2018
    risk 0.64cvss 9.8epss 0.01

    If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials.

  • CVE-2018-16462CriOct 30, 2018
    risk 0.66cvss 10.0epss 0.07

    A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.

  • CVE-2018-16461CriOct 30, 2018
    risk 0.64cvss 9.8epss 0.04

    A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options.

  • CVE-2017-8931CriOct 30, 2018
    risk 0.64cvss 9.8epss 0.02

    Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.

  • CVE-2018-14558CriKEVOct 30, 2018
    risk 0.76cvss 9.8epss 0.09

    An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute…

  • CVE-2018-18835CriOct 30, 2018
    risk 0.64cvss 9.8epss 0.02

    upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.

  • CVE-2018-18834CriOct 30, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.

  • CVE-2018-18832CriOct 30, 2018
    risk 0.64cvss 9.8epss 0.01

    admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.

  • CVE-2018-18830CriOct 30, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename,…

  • CVE-2018-18822CriOct 30, 2018
    risk 0.64cvss 9.8epss 0.02

    Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.

  • CVE-2018-18792CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.

  • CVE-2018-18791CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.

  • CVE-2018-18789CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.

  • CVE-2018-18787CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.

  • CVE-2018-18786CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.

  • CVE-2018-18785CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.

  • CVE-2018-18765CriOct 29, 2018
    risk 0.59cvss 9.1epss 0.02

    An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory…

  • CVE-2018-18764CriOct 29, 2018
    risk 0.59cvss 9.1epss 0.02

    An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory…

  • CVE-2018-18754CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.01

    ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.

  • CVE-2018-18753CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.03

    Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.

  • CVE-2018-18752CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.02

    Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.

  • CVE-2018-18751CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

  • CVE-2018-18748CriOct 29, 2018
    risk 0.65cvss 10.0epss 0.02

    Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality

  • CVE-2018-18729CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the…