| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17126 | Cri | 0.64 | 9.8 | 0.03 | Sep 17, 2018 | CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. | ||
| CVE-2018-17110 | Cri | 0.64 | 9.8 | 0.02 | Sep 17, 2018 | Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1. | ||
| CVE-2018-17072 | Cri | 0.64 | 9.8 | 0.02 | Sep 16, 2018 | JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. | ||
| CVE-2018-17068 | Cri | 0.64 | 9.8 | 0.04 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter. | ||
| CVE-2018-17067 | Cri | 0.64 | 9.8 | 0.02 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address. | ||
| CVE-2018-17066 | Cri | 0.64 | 9.8 | 0.07 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter. | ||
| CVE-2018-17065 | Cri | 0.64 | 9.8 | 0.02 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address. | ||
| CVE-2018-17064 | Cri | 0.64 | 9.8 | 0.07 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is… | ||
| CVE-2018-17063 | Cri | 0.64 | 9.8 | 0.04 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters. | ||
| CVE-2018-16287 | Cri | 0.65 | 9.8 | 0.20 | Sep 14, 2018 | LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. | ||
| CVE-2018-16286 | Cri | 0.65 | 9.8 | 0.22 | Sep 14, 2018 | LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. | ||
| CVE-2018-17057 | — | Cri | 0.62 | 9.8 | 0.26 | Sep 14, 2018 | An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. | |
| CVE-2018-11058 | Cri | 0.64 | 9.8 | 0.04 | Sep 14, 2018 | RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously… | ||
| CVE-2018-0718 | Cri | 0.64 | 9.8 | 0.02 | Sep 14, 2018 | Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. | ||
| CVE-2018-17036 | Cri | 0.64 | 9.8 | 0.02 | Sep 14, 2018 | An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. | ||
| CVE-2018-17035 | Cri | 0.64 | 9.8 | 0.01 | Sep 14, 2018 | UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. | ||
| CVE-2018-16983 | Cri | 0.64 | 9.8 | 0.03 | Sep 13, 2018 | NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value. | ||
| CVE-2018-8421 | Cri | 0.66 | 9.8 | 0.29 | Sep 13, 2018 | A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2,… | ||
| CVE-2018-16975 | — | Cri | 0.57 | 9.8 | 0.04 | Sep 12, 2018 | An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in… | |
| CVE-2018-16974 | — | Cri | 0.57 | 9.8 | 0.04 | Sep 12, 2018 | An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for… | |
| CVE-2018-3679 | Cri | 0.62 | 9.6 | 0.01 | Sep 12, 2018 | Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges. | ||
| CVE-2018-12171 | Cri | 0.64 | 9.8 | 0.02 | Sep 12, 2018 | Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network. | ||
| CVE-2018-13799 | Cri | 0.59 | 9.1 | 0.02 | Sep 12, 2018 | A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14.… | ||
| CVE-2018-16947 | Cri | 0.64 | 9.8 | 0.03 | Sep 12, 2018 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator… | ||
| CVE-2018-16836 | Cri | 0.72 | 9.8 | 0.61 | Sep 11, 2018 | Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. | ||
| CVE-2018-3875 | Cri | 0.64 | 9.9 | 0.02 | Sep 10, 2018 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer… | ||
| CVE-2018-16705 | Cri | 0.64 | 9.8 | 0.02 | Sep 10, 2018 | FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext. | ||
| CVE-2018-16591 | Cri | 0.64 | 9.8 | 0.02 | Sep 10, 2018 | FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi. | ||
| CVE-2018-16771 | Cri | 0.64 | 9.8 | 0.03 | Sep 10, 2018 | Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php. | ||
| CVE-2018-16763 | Cri | 0.73 | 9.8 | 0.83 | Sep 9, 2018 | FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution. | ||
| CVE-2018-16762 | Cri | 0.64 | 9.8 | 0.01 | Sep 9, 2018 | FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. | ||
| CVE-2018-16731 | Cri | 0.64 | 9.8 | 0.01 | Sep 8, 2018 | CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. | ||
| CVE-2018-16724 | Cri | 0.64 | 9.8 | 0.01 | Sep 8, 2018 | An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. | ||
| CVE-2018-15486 | Cri | 0.59 | 9.1 | 0.02 | Sep 7, 2018 | An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02. | ||
| CVE-2018-15485 | Cri | 0.59 | 9.1 | 0.03 | Sep 7, 2018 | An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03. | ||
| CVE-2018-15484 | Cri | 0.64 | 9.8 | 0.08 | Sep 7, 2018 | An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01. | ||
| CVE-2018-15474 | Cri | 0.63 | 9.6 | 0.03 | Sep 7, 2018 | CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the… | ||
| CVE-2018-16710 | Cri | 0.59 | 9.1 | 0.02 | Sep 7, 2018 | OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting… | ||
| CVE-2018-16709 | Cri | 0.64 | 9.8 | 0.02 | Sep 7, 2018 | Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands. | ||
| CVE-2018-16460 | — | Cri | 0.64 | 9.8 | 0.03 | Sep 7, 2018 | A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID. | |
| CVE-2018-1567 | Cri | 0.64 | 9.8 | 0.04 | Sep 7, 2018 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024. | ||
| CVE-2018-16657 | Cri | 0.64 | 9.8 | 0.04 | Sep 7, 2018 | In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An… | ||
| CVE-2018-0645 | — | Cri | 0.64 | 9.8 | 0.02 | Sep 7, 2018 | MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. | |
| CVE-2018-6320 | Cri | 0.64 | 9.8 | 0.04 | Sep 6, 2018 | A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted… | ||
| CVE-2018-16590 | Cri | 0.64 | 9.8 | 0.02 | Sep 6, 2018 | FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication. | ||
| CVE-2017-16714 | Cri | 0.64 | 9.8 | 0.02 | Sep 6, 2018 | In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. | ||
| CVE-2018-1000800 | Cri | 0.64 | 9.8 | 0.02 | Sep 6, 2018 | zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs… | ||
| CVE-2018-1000666 | Cri | 0.64 | 9.8 | 0.08 | Sep 6, 2018 | GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in… | ||
| CVE-2018-16550 | Cri | 0.64 | 9.8 | 0.04 | Sep 5, 2018 | TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN. | ||
| CVE-2018-16144 | Cri | 0.66 | 9.8 | 0.33 | Sep 5, 2018 | The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter. |
- risk 0.64cvss 9.8epss 0.03
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
- risk 0.64cvss 9.8epss 0.02
Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1.
- risk 0.64cvss 9.8epss 0.02
JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.
- risk 0.64cvss 9.8epss 0.07
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.
- risk 0.64cvss 9.8epss 0.07
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is…
- risk 0.64cvss 9.8epss 0.04
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.
- risk 0.65cvss 9.8epss 0.20
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
- risk 0.65cvss 9.8epss 0.22
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
- risk 0.62cvss 9.8epss 0.26
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
- risk 0.64cvss 9.8epss 0.04
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously…
- risk 0.64cvss 9.8epss 0.02
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
- risk 0.64cvss 9.8epss 0.01
UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.
- risk 0.64cvss 9.8epss 0.03
NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value.
- risk 0.66cvss 9.8epss 0.29
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2,…
- risk 0.57cvss 9.8epss 0.04
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in…
- risk 0.57cvss 9.8epss 0.04
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for…
- risk 0.62cvss 9.6epss 0.01
Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.
- risk 0.64cvss 9.8epss 0.02
Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network.
- risk 0.59cvss 9.1epss 0.02
A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14.…
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator…
- risk 0.72cvss 9.8epss 0.61
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.
- risk 0.64cvss 9.9epss 0.02
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer…
- risk 0.64cvss 9.8epss 0.02
FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.
- risk 0.64cvss 9.8epss 0.02
FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi.
- risk 0.64cvss 9.8epss 0.03
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.
- risk 0.73cvss 9.8epss 0.83
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
- risk 0.64cvss 9.8epss 0.01
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
- risk 0.64cvss 9.8epss 0.01
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
- risk 0.64cvss 9.8epss 0.01
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.
- risk 0.59cvss 9.1epss 0.02
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02.
- risk 0.59cvss 9.1epss 0.03
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03.
- risk 0.64cvss 9.8epss 0.08
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.
- risk 0.63cvss 9.6epss 0.03
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the…
- risk 0.59cvss 9.1epss 0.02
OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting…
- risk 0.64cvss 9.8epss 0.02
Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands.
- risk 0.64cvss 9.8epss 0.03
A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID.
- risk 0.64cvss 9.8epss 0.04
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.
- risk 0.64cvss 9.8epss 0.04
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An…
- risk 0.64cvss 9.8epss 0.02
MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors.
- risk 0.64cvss 9.8epss 0.04
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted…
- risk 0.64cvss 9.8epss 0.02
FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication.
- risk 0.64cvss 9.8epss 0.02
In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.
- risk 0.64cvss 9.8epss 0.02
zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs…
- risk 0.64cvss 9.8epss 0.08
GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in…
- risk 0.64cvss 9.8epss 0.04
TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN.
- risk 0.66cvss 9.8epss 0.33
The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter.