| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18202 | Cri | 0.64 | 9.8 | 0.01 | Oct 10, 2018 | The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password. | ||
| CVE-2018-7633 | — | Cri | 0.64 | 9.8 | 0.01 | Oct 9, 2018 | Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request. | |
| CVE-2018-7631 | — | Cri | 0.64 | 9.8 | 0.02 | Oct 9, 2018 | Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading "/" and without authentication. | |
| CVE-2018-18200 | Cri | 0.64 | 9.8 | 0.01 | Oct 9, 2018 | There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. | ||
| CVE-2018-17963 | Cri | 0.64 | 9.8 | 0.05 | Oct 9, 2018 | qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | ||
| CVE-2018-18197 | Cri | 0.64 | 9.8 | 0.01 | Oct 9, 2018 | An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp. | ||
| CVE-2018-18084 | Cri | 0.64 | 9.8 | 0.01 | Oct 9, 2018 | An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter. | ||
| CVE-2018-18083 | Cri | 0.64 | 9.8 | 0.02 | Oct 9, 2018 | An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing. | ||
| CVE-2018-18075 | Cri | 0.64 | 9.8 | 0.02 | Oct 9, 2018 | WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. | ||
| CVE-2018-14649 | Cri | 0.58 | 9.8 | 0.12 | Oct 9, 2018 | It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access… | ||
| CVE-2018-14081 | Cri | 0.64 | 9.8 | 0.01 | Oct 9, 2018 | An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext. | ||
| CVE-2018-17440 | Cri | 0.70 | 9.8 | 0.37 | Oct 8, 2018 | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP… | ||
| CVE-2018-5402 | Cri | 0.59 | 9.1 | 0.01 | Oct 8, 2018 | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and… | ||
| CVE-2018-5401 | Cri | 0.59 | 9.1 | 0.01 | Oct 8, 2018 | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus… | ||
| CVE-2018-5400 | Cri | 0.59 | 9.1 | 0.01 | Oct 8, 2018 | The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446… | ||
| CVE-2018-5399 | Cri | 0.61 | 9.4 | 0.02 | Oct 8, 2018 | The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured… | ||
| CVE-2018-1000810 | Cri | 0.64 | 9.8 | 0.03 | Oct 8, 2018 | The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable… | ||
| CVE-2018-1000804 | Cri | 0.01 | 9.8 | 0.06 | Oct 8, 2018 | contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be… | ||
| CVE-2018-14818 | Cri | 0.64 | 9.8 | 0.03 | Oct 8, 2018 | WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution. | ||
| CVE-2012-6710 | Cri | 0.69 | 9.8 | 0.25 | Oct 7, 2018 | ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php. | ||
| CVE-2018-17456 | Cri | 0.11 | 9.8 | 0.97 | Oct 6, 2018 | Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a… | ||
| CVE-2018-15763 | Cri | 0.59 | 9.0 | 0.01 | Oct 5, 2018 | Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these… | ||
| CVE-2018-1264 | Cri | 0.59 | 9.1 | 0.02 | Oct 5, 2018 | Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case,… | ||
| CVE-2018-15427 | Cri | 0.64 | 9.8 | 0.07 | Oct 5, 2018 | A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has… | ||
| CVE-2018-15389 | Cri | 0.64 | 9.8 | 0.02 | Oct 5, 2018 | A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is… | ||
| CVE-2018-15387 | Cri | 0.64 | 9.8 | 0.01 | Oct 5, 2018 | A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system… | ||
| CVE-2018-15386 | Cri | 0.64 | 9.8 | 0.03 | Oct 5, 2018 | A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the… | ||
| CVE-2018-15379 | Cri | 0.74 | 9.8 | 0.86 | Oct 5, 2018 | A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of… | ||
| CVE-2018-0448 | Cri | 0.64 | 9.8 | 0.02 | Oct 5, 2018 | A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient… | ||
| CVE-2018-0435 | Cri | 0.59 | 9.1 | 0.01 | Oct 5, 2018 | A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An… | ||
| CVE-2018-0426 | Cri | 0.64 | 9.8 | 0.06 | Oct 5, 2018 | A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information.… | ||
| CVE-2018-0425 | Cri | 0.64 | 9.8 | 0.03 | Oct 5, 2018 | A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information.… | ||
| CVE-2015-9272 | Cri | 0.64 | 9.8 | 0.05 | Oct 5, 2018 | The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code. | ||
| CVE-2014-10075 | — | Cri | 0.64 | 9.8 | 0.04 | Oct 5, 2018 | The karo gem 2.3.8 for Ruby allows Remote command injection via the host field. | |
| CVE-2013-7465 | Cri | 0.64 | 9.8 | 0.03 | Oct 5, 2018 | Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts. | ||
| CVE-2018-17983 | — | Cri | 0.59 | 9.1 | 0.02 | Oct 4, 2018 | cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. | |
| CVE-2015-9271 | Cri | 0.64 | 9.8 | 0.04 | Oct 4, 2018 | The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code,… | ||
| CVE-2018-12470 | Cri | 0.64 | 9.8 | 0.02 | Oct 4, 2018 | A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. | ||
| CVE-2018-5492 | Cri | 0.64 | 9.8 | 0.03 | Oct 4, 2018 | NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution. | ||
| CVE-2018-17881 | Cri | 0.64 | 9.8 | 0.01 | Oct 3, 2018 | On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. | ||
| CVE-2018-17552 | Cri | 0.10 | 9.8 | 0.84 | Oct 3, 2018 | SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. | ||
| CVE-2018-17428 | Cri | 0.67 | 9.8 | 0.03 | Oct 3, 2018 | An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter. | ||
| CVE-2018-17969 | Cri | 0.64 | 9.8 | 0.01 | Oct 3, 2018 | Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests. | ||
| CVE-2018-16049 | Cri | 0.64 | 9.8 | 0.02 | Oct 3, 2018 | An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message. | ||
| CVE-2018-14826 | Cri | 0.64 | 9.8 | 0.08 | Oct 2, 2018 | Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an attacker to bypass authentication with a specially crafted URL. This could allow for remote code execution. | ||
| CVE-2018-14822 | Cri | 0.64 | 9.8 | 0.03 | Oct 2, 2018 | Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code. | ||
| CVE-2018-9476 | Cri | 0.64 | 9.8 | 0.02 | Oct 2, 2018 | In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.… | ||
| CVE-2018-17787 | Cri | 0.64 | 9.8 | 0.04 | Oct 2, 2018 | On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. | ||
| CVE-2018-17786 | Cri | 0.64 | 9.8 | 0.04 | Oct 2, 2018 | On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. | ||
| CVE-2018-14804 | Cri | 0.64 | 9.8 | 0.04 | Oct 1, 2018 | Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. |
- risk 0.64cvss 9.8epss 0.01
The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password.
- risk 0.64cvss 9.8epss 0.01
Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request.
- risk 0.64cvss 9.8epss 0.02
Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading "/" and without authentication.
- risk 0.64cvss 9.8epss 0.01
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.
- risk 0.64cvss 9.8epss 0.05
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing.
- risk 0.64cvss 9.8epss 0.02
WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter.
- risk 0.58cvss 9.8epss 0.12
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext.
- risk 0.70cvss 9.8epss 0.37
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP…
- risk 0.59cvss 9.1epss 0.01
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and…
- risk 0.59cvss 9.1epss 0.01
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus…
- risk 0.59cvss 9.1epss 0.01
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446…
- risk 0.61cvss 9.4epss 0.02
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured…
- risk 0.64cvss 9.8epss 0.03
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable…
- risk 0.01cvss 9.8epss 0.06
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be…
- risk 0.64cvss 9.8epss 0.03
WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution.
- risk 0.69cvss 9.8epss 0.25
ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.
- risk 0.11cvss 9.8epss 0.97
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a…
- risk 0.59cvss 9.0epss 0.01
Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these…
- risk 0.59cvss 9.1epss 0.02
Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case,…
- risk 0.64cvss 9.8epss 0.07
A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has…
- risk 0.64cvss 9.8epss 0.02
A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is…
- risk 0.64cvss 9.8epss 0.01
A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system…
- risk 0.64cvss 9.8epss 0.03
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the…
- risk 0.74cvss 9.8epss 0.86
A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of…
- risk 0.64cvss 9.8epss 0.02
A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient…
- risk 0.59cvss 9.1epss 0.01
A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An…
- risk 0.64cvss 9.8epss 0.06
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information.…
- risk 0.64cvss 9.8epss 0.03
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information.…
- risk 0.64cvss 9.8epss 0.05
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code.
- risk 0.64cvss 9.8epss 0.04
The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.
- risk 0.64cvss 9.8epss 0.03
Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts.
- risk 0.59cvss 9.1epss 0.02
cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
- risk 0.64cvss 9.8epss 0.04
The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code,…
- risk 0.64cvss 9.8epss 0.02
A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
- risk 0.64cvss 9.8epss 0.03
NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution.
- risk 0.64cvss 9.8epss 0.01
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.
- risk 0.10cvss 9.8epss 0.84
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
- risk 0.67cvss 9.8epss 0.03
An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.
- risk 0.64cvss 9.8epss 0.01
Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.
- risk 0.64cvss 9.8epss 0.08
Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an attacker to bypass authentication with a specially crafted URL. This could allow for remote code execution.
- risk 0.64cvss 9.8epss 0.03
Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code.
- risk 0.64cvss 9.8epss 0.02
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.…
- risk 0.64cvss 9.8epss 0.04
On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function.
- risk 0.64cvss 9.8epss 0.04
On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.04
Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.