VYPR

CVEs

31,174 total · page 557 of 624

  • CVE-2017-16608CriJan 23, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper…

  • CVE-2017-16597CriJan 23, 2018
    risk 0.68cvss 9.8epss 0.57

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of WRQ…

  • CVE-2018-6000CriJan 22, 2018
    risk 0.73cvss 9.8epss 0.84

    An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable…

  • CVE-2018-5999CriJan 22, 2018
    risk 0.74cvss 9.8epss 0.87

    An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.

  • CVE-2017-18047CriJan 22, 2018
    risk 0.68cvss 9.8epss 0.20

    Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.

  • CVE-2018-5955CriJan 21, 2018
    risk 0.73cvss 9.8epss 0.81

    An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.

  • CVE-2017-18046CriJan 21, 2018
    risk 0.64cvss 9.8epss 0.05

    Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).

  • CVE-2017-18045CriJan 21, 2018
    risk 0.64cvss 9.8epss 0.01

    JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.

  • CVE-2017-14803CriJan 20, 2018
    risk 0.67cvss 9.8epss 0.35

    In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.

  • CVE-2017-14097CriJan 19, 2018
    risk 0.68cvss 9.8epss 0.13

    An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.

  • CVE-2017-14094CriJan 19, 2018
    risk 0.68cvss 9.8epss 0.19

    A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.

  • CVE-2017-18044CriJan 19, 2018
    risk 0.09cvss 9.8epss 0.70

    A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain message parsing function inside the Commvault service does not properly validate the input of an incoming string before passing it to CreateProcess. As a result, a…

  • CVE-2017-12729CriJan 18, 2018
    risk 0.64cvss 9.8epss 0.01

    A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the…

  • CVE-2016-6814CriJan 18, 2018
    risk 0.65cvss 9.8epss 0.17

    When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a…

  • CVE-2018-2697CriJan 18, 2018
    risk 0.59cvss 9.1epss 0.02

    Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0.4.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2018-2664CriJan 18, 2018
    risk 0.59cvss 9.0epss 0.02

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Difficult to exploit vulnerability allows unauthenticated attacker with network…

  • CVE-2018-2656CriJan 18, 2018
    risk 0.59cvss 9.1epss 0.02

    Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Data Manager Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows…

  • CVE-2018-2655CriJan 18, 2018
    risk 0.59cvss 9.1epss 0.02

    Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite (subcomponent: Assemble/Configure to Order). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows…

  • CVE-2018-2623CriJan 18, 2018
    risk 0.61cvss 9.3epss 0.02

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Easily exploitable vulnerability allows unauthenticated attacker with network access…

  • CVE-2018-2611CriJan 18, 2018
    risk 0.65cvss 10.0epss 0.02

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.13. Easily exploitable vulnerability allows unauthenticated attacker with network access…

  • CVE-2017-10282CriJan 18, 2018
    risk 0.59cvss 9.1epss 0.02

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via…

  • CVE-2018-5195CriJan 17, 2018
    risk 0.64cvss 9.8epss 0.03

    Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document.

  • CVE-2018-5726CriJan 16, 2018
    risk 0.68cvss 9.8epss 0.20

    MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings.

  • CVE-2018-5724CriJan 16, 2018
    risk 0.68cvss 9.8epss 0.12

    MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.

  • CVE-2018-5723CriJan 16, 2018
    risk 0.67cvss 9.8epss 0.10

    MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.

  • CVE-2018-5299CriJan 16, 2018
    risk 0.64cvss 9.8epss 0.03

    A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.

  • CVE-2018-5704CriJan 16, 2018
    risk 0.63cvss 9.6epss 0.05

    Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.

  • CVE-2018-5703CriJan 16, 2018
    risk 0.64cvss 9.8epss 0.03

    The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.

  • CVE-2018-5328CriJan 15, 2018
    risk 0.64cvss 9.8epss 0.01

    ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details.

  • CVE-2018-5696CriJan 14, 2018
    risk 0.64cvss 9.8epss 0.01

    The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php.

  • CVE-2017-13208CriJan 12, 2018
    risk 0.64cvss 9.8epss 0.09

    In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed…

  • CVE-2017-13205CriJan 12, 2018
    risk 0.59cvss 9.1epss 0.01

    An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583.

  • CVE-2017-13204CriJan 12, 2018
    risk 0.59cvss 9.1epss 0.01

    An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.

  • CVE-2017-13203CriJan 12, 2018
    risk 0.59cvss 9.1epss 0.01

    An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63122634.

  • CVE-2017-13188CriJan 12, 2018
    risk 0.59cvss 9.1epss 0.01

    An information disclosure vulnerability in the Android media framework (aac). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786.

  • CVE-2017-13187CriJan 12, 2018
    risk 0.59cvss 9.1epss 0.01

    An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175.

  • CVE-2017-13185CriJan 12, 2018
    risk 0.59cvss 9.1epss 0.01

    An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471.

  • CVE-2017-13179CriJan 12, 2018
    risk 0.64cvss 9.8epss 0.02

    In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing…

  • CVE-2017-13178CriJan 12, 2018
    risk 0.64cvss 9.8epss 0.02

    In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction…

  • CVE-2017-13177CriJan 12, 2018
    risk 0.64cvss 9.8epss 0.02

    In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1,…

  • CVE-2015-9249CriJan 12, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element.

  • CVE-2015-9246CriJan 12, 2018
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at…

  • CVE-2017-16743CriJan 12, 2018
    risk 0.64cvss 9.8epss 0.03

    An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service…

  • CVE-2018-5315CriJan 12, 2018
    risk 0.67cvss 9.8epss 0.05

    The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.

  • CVE-2018-5262CriJan 12, 2018
    risk 0.70cvss 9.8epss 0.39

    A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account.

  • CVE-2017-17970CriJan 12, 2018
    risk 0.67cvss 9.8epss 0.05

    Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to…

  • CVE-2017-16887CriJan 12, 2018
    risk 0.70cvss 9.8epss 0.37

    The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password.

  • CVE-2017-16885CriJan 12, 2018
    risk 0.69cvss 9.8epss 0.33

    Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version…

  • CVE-2016-0332CriJan 12, 2018
    risk 0.64cvss 9.8epss 0.02

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695.

  • CVE-2014-6437CriJan 12, 2018
    risk 0.68cvss 9.8epss 0.16

    Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.