VYPR

CVEs

31,277 total · page 554 of 626

  • CVE-2018-7226CriFeb 19, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a…

  • CVE-2018-7225CriFeb 19, 2018
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via…

  • CVE-2017-16924CriFeb 19, 2018
    risk 0.64cvss 9.8epss 0.09

    Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL,…

  • CVE-2018-6024CriFeb 18, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.

  • CVE-2018-7180CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.

  • CVE-2018-7179CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.

  • CVE-2018-7178CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.04

    SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.

  • CVE-2018-7177CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.

  • CVE-2018-6585CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.

  • CVE-2018-6584CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.04

    SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.

  • CVE-2018-6583CriFeb 17, 2018
    risk 0.68cvss 9.8epss 0.19

    SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.

  • CVE-2018-6396CriFeb 17, 2018
    risk 0.69cvss 9.8epss 0.24

    SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.

  • CVE-2018-6394CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.

  • CVE-2018-6373CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.02

    SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.

  • CVE-2018-6372CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.

  • CVE-2018-6370CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.

  • CVE-2018-6368CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.

  • CVE-2018-6006CriFeb 17, 2018
    risk 0.68cvss 9.8epss 0.19

    SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.

  • CVE-2018-6005CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.

  • CVE-2018-6004CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.

  • CVE-2018-5994CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.

  • CVE-2018-5993CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.

  • CVE-2018-5992CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.

  • CVE-2018-5991CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.

  • CVE-2018-5990CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.

  • CVE-2018-5989CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.

  • CVE-2018-5987CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay…

  • CVE-2018-5983CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.

  • CVE-2018-5982CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.

  • CVE-2018-5981CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter.

  • CVE-2018-5980CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.04

    SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.

  • CVE-2018-5975CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.

  • CVE-2018-5974CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.

  • CVE-2018-5971CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.

  • CVE-2018-5970CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.

  • CVE-2018-7186CriFeb 16, 2018
    risk 0.00cvss 9.8epss 0.03

    Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by…

  • CVE-2018-5767CriFeb 15, 2018
    risk 0.70cvss 9.8epss 0.48

    An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.

  • CVE-2017-8981CriFeb 15, 2018
    risk 0.64cvss 9.8epss 0.09

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.

  • CVE-2017-8979CriFeb 15, 2018
    risk 0.64cvss 9.8epss 0.05

    Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.

  • CVE-2017-8977CriFeb 15, 2018
    risk 0.59cvss 9.1epss 0.04

    A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

  • CVE-2017-8976CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.19

    A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

  • CVE-2017-8975CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.19

    A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

  • CVE-2017-8960CriFeb 15, 2018
    risk 0.64cvss 9.8epss 0.02

    An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found.

  • CVE-2017-8957CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.19

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

  • CVE-2017-8956CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.10

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

  • CVE-2017-8954CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.19

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

  • CVE-2017-8948CriFeb 15, 2018
    risk 0.64cvss 9.8epss 0.08

    A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.

  • CVE-2017-8947CriFeb 15, 2018
    risk 0.66cvss 9.8epss 0.30

    A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.

  • CVE-2017-5824CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.20

    An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2017-5823CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.19

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.