VYPR

CVEs

31,171 total · page 518 of 624

  • CVE-2018-14802CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution.

  • CVE-2018-14794CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.02

    Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer.

  • CVE-2018-14790CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.05

    Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device.

  • CVE-2018-17852CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.02

    A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.

  • CVE-2018-17831CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.02

    In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list…

  • CVE-2018-17825CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.

  • CVE-2018-17796CriSep 30, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the…

  • CVE-2018-9079CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.01

    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary…

  • CVE-2018-15764CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.05

    Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM.

  • CVE-2018-5393CriSep 28, 2018
    risk 0.65cvss 9.8epss 0.13

    The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user…

  • CVE-2018-17613CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.02

    Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.

  • CVE-2018-17611CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17610CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17609CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17608CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17607CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17575CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.01

    SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter.

  • CVE-2018-17573CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and…

  • CVE-2018-17397CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.

  • CVE-2018-17394CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.

  • CVE-2018-17391CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.

  • CVE-2018-17385CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.

  • CVE-2018-17384CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.

  • CVE-2018-17383CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.

  • CVE-2018-17382CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter.

  • CVE-2018-17380CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.

  • CVE-2018-17379CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.

  • CVE-2018-17378CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter.

  • CVE-2018-17377CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.

  • CVE-2018-17376CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.

  • CVE-2018-17375CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter.

  • CVE-2018-16659CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.

  • CVE-2018-14957CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.02

    CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file).

  • CVE-2018-14956CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information.

  • CVE-2018-7104CriSep 27, 2018
    risk 0.64cvss 9.8epss 0.09

    A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.

  • CVE-2018-7103CriSep 27, 2018
    risk 0.64cvss 9.8epss 0.09

    A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.

  • CVE-2018-17570CriSep 26, 2018
    risk 0.00cvss 9.8epss 0.02

    utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.

  • CVE-2018-17569CriSep 26, 2018
    risk 0.00cvss 9.8epss 0.02

    network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.

  • CVE-2018-17568CriSep 26, 2018
    risk 0.00cvss 9.8epss 0.02

    utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.

  • CVE-2018-17411CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.02

    An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.

  • CVE-2018-15531CriSep 26, 2018
    risk 0.59cvss 9.8epss 0.28

    JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

  • CVE-2018-17566CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.02

    In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.

  • CVE-2018-17410CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.02

    Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.

  • CVE-2018-14823CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

  • CVE-2018-14819CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution.

  • CVE-2018-14817CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.

  • CVE-2018-14815CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution.

  • CVE-2018-14813CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.

  • CVE-2018-14811CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.

  • CVE-2018-14809CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.03

    Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.