VYPR

CVEs

31,171 total · page 520 of 624

  • CVE-2018-17126CriSep 17, 2018
    risk 0.64cvss 9.8epss 0.03

    CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.

  • CVE-2018-17110CriSep 17, 2018
    risk 0.64cvss 9.8epss 0.02

    Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1.

  • CVE-2018-17072CriSep 16, 2018
    risk 0.64cvss 9.8epss 0.02

    JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y.

  • CVE-2018-17068CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.

  • CVE-2018-17067CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.

  • CVE-2018-17066CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.

  • CVE-2018-17065CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.

  • CVE-2018-17064CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is…

  • CVE-2018-17063CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.

  • CVE-2018-16287CriSep 14, 2018
    risk 0.65cvss 9.8epss 0.20

    LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.

  • CVE-2018-16286CriSep 14, 2018
    risk 0.65cvss 9.8epss 0.22

    LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.

  • CVE-2018-17057CriSep 14, 2018
    risk 0.62cvss 9.8epss 0.26

    An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

  • CVE-2018-11058CriSep 14, 2018
    risk 0.64cvss 9.8epss 0.04

    RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously…

  • CVE-2018-0718CriSep 14, 2018
    risk 0.64cvss 9.8epss 0.02

    Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.

  • CVE-2018-17036CriSep 14, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.

  • CVE-2018-17035CriSep 14, 2018
    risk 0.64cvss 9.8epss 0.01

    UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.

  • CVE-2018-16983CriSep 13, 2018
    risk 0.64cvss 9.8epss 0.03

    NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value.

  • CVE-2018-8421CriSep 13, 2018
    risk 0.66cvss 9.8epss 0.29

    A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2,…

  • CVE-2018-16975CriSep 12, 2018
    risk 0.57cvss 9.8epss 0.04

    An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in…

  • CVE-2018-16974CriSep 12, 2018
    risk 0.57cvss 9.8epss 0.04

    An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for…

  • CVE-2018-3679CriSep 12, 2018
    risk 0.62cvss 9.6epss 0.01

    Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.

  • CVE-2018-12171CriSep 12, 2018
    risk 0.64cvss 9.8epss 0.02

    Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network.

  • CVE-2018-13799CriSep 12, 2018
    risk 0.59cvss 9.1epss 0.02

    A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14.…

  • CVE-2018-16947CriSep 12, 2018
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator…

  • CVE-2018-16836CriSep 11, 2018
    risk 0.72cvss 9.8epss 0.61

    Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.

  • CVE-2018-3875CriSep 10, 2018
    risk 0.64cvss 9.9epss 0.02

    An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer…

  • CVE-2018-16705CriSep 10, 2018
    risk 0.64cvss 9.8epss 0.02

    FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.

  • CVE-2018-16591CriSep 10, 2018
    risk 0.64cvss 9.8epss 0.02

    FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi.

  • CVE-2018-16771CriSep 10, 2018
    risk 0.64cvss 9.8epss 0.03

    Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.

  • CVE-2018-16763CriSep 9, 2018
    risk 0.73cvss 9.8epss 0.83

    FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.

  • CVE-2018-16762CriSep 9, 2018
    risk 0.64cvss 9.8epss 0.01

    FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.

  • CVE-2018-16731CriSep 8, 2018
    risk 0.64cvss 9.8epss 0.01

    CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.

  • CVE-2018-16724CriSep 8, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.

  • CVE-2018-15486CriSep 7, 2018
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02.

  • CVE-2018-15485CriSep 7, 2018
    risk 0.59cvss 9.1epss 0.03

    An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03.

  • CVE-2018-15484CriSep 7, 2018
    risk 0.64cvss 9.8epss 0.08

    An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.

  • CVE-2018-15474CriSep 7, 2018
    risk 0.63cvss 9.6epss 0.03

    CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the…

  • CVE-2018-16710CriSep 7, 2018
    risk 0.59cvss 9.1epss 0.02

    OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting…

  • CVE-2018-16709CriSep 7, 2018
    risk 0.64cvss 9.8epss 0.02

    Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands.

  • CVE-2018-16460CriSep 7, 2018
    risk 0.64cvss 9.8epss 0.03

    A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID.

  • CVE-2018-1567CriSep 7, 2018
    risk 0.64cvss 9.8epss 0.04

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.

  • CVE-2018-16657CriSep 7, 2018
    risk 0.64cvss 9.8epss 0.04

    In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An…

  • CVE-2018-0645CriSep 7, 2018
    risk 0.64cvss 9.8epss 0.02

    MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors.

  • CVE-2018-6320CriSep 6, 2018
    risk 0.64cvss 9.8epss 0.04

    A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted…

  • CVE-2018-16590CriSep 6, 2018
    risk 0.64cvss 9.8epss 0.02

    FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication.

  • CVE-2017-16714CriSep 6, 2018
    risk 0.64cvss 9.8epss 0.02

    In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.

  • CVE-2018-1000800CriSep 6, 2018
    risk 0.64cvss 9.8epss 0.02

    zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs…

  • CVE-2018-1000666CriSep 6, 2018
    risk 0.64cvss 9.8epss 0.08

    GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in…

  • CVE-2018-16550CriSep 5, 2018
    risk 0.64cvss 9.8epss 0.04

    TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN.

  • CVE-2018-16144CriSep 5, 2018
    risk 0.66cvss 9.8epss 0.33

    The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter.