VYPR

CVEs

31,174 total · page 568 of 624

  • CVE-2015-5171CriOct 24, 2017
    risk 0.57cvss 9.8epss 0.01

    The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

  • CVE-2014-1203CriOct 24, 2017
    risk 0.65cvss 9.8epss 0.16

    The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php.

  • CVE-2017-15081CriOct 24, 2017
    risk 0.67cvss 9.8epss 0.02

    In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.

  • CVE-2014-3741CriOct 23, 2017
    risk 0.57cvss 9.8epss 0.04

    The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command.

  • CVE-2012-4570CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2017-15580CriOct 23, 2017
    risk 0.68cvss 9.8epss 0.16

    osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a…

  • CVE-2017-15381CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).

  • CVE-2017-15379CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.03

    An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.

  • CVE-2017-12796CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.04

    The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute…

  • CVE-2017-7130CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a…

  • CVE-2017-7129CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a…

  • CVE-2017-7128CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a…

  • CVE-2017-7126CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2017-7125CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2017-7124CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2017-7123CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2017-7122CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2017-7121CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2017-7112CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial…

  • CVE-2017-7110CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial…

  • CVE-2017-7108CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial…

  • CVE-2017-7105CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial…

  • CVE-2017-7103CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial…

  • CVE-2017-15804CriOct 22, 2017
    risk 0.64cvss 9.8epss 0.03

    The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

  • CVE-2011-1935CriOct 20, 2017
    risk 0.64cvss 9.8epss 0.04

    pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.

  • CVE-2017-15670CriOct 20, 2017
    risk 0.64cvss 9.8epss 0.03

    The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.

  • CVE-2017-6165CriOct 20, 2017
    risk 0.64cvss 9.8epss 0.02

    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration…

  • CVE-2017-5636CriOct 19, 2017
    risk 0.64cvss 9.8epss 0.04

    In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to…

  • CVE-2017-10405CriOct 19, 2017
    risk 0.65cvss 10.0epss 0.02

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2017-10404CriOct 19, 2017
    risk 0.64cvss 9.9epss 0.01

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2017-10402CriOct 19, 2017
    risk 0.65cvss 10.0epss 0.02

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2017-10396CriOct 19, 2017
    risk 0.64cvss 9.9epss 0.01

    Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AffairWhere). Supported versions that are affected are 2.2.5.0, 2.2.6.0 and 2.2.7.0. Easily exploitable vulnerability allows low privileged attacker with logon…

  • CVE-2017-10366CriOct 19, 2017
    risk 0.70cvss 9.8epss 0.43

    Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2017-10352CriOct 19, 2017
    risk 0.65cvss 9.9epss 0.06

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2017-10346CriOct 19, 2017
    risk 0.63cvss 9.6epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2017-10330CriOct 19, 2017
    risk 0.59cvss 9.1epss 0.03

    Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Gantt Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2017-10329CriOct 19, 2017
    risk 0.59cvss 9.1epss 0.03

    Vulnerability in the Oracle Global Order Promising component of Oracle E-Business Suite (subcomponent: Reschedule Sales Orders). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows…

  • CVE-2017-10285CriOct 19, 2017
    risk 0.63cvss 9.6epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2017-12251CriOct 19, 2017
    risk 0.65cvss 9.9epss 0.02

    A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. The vulnerability is due to…

  • CVE-2015-5740CriOct 18, 2017
    risk 0.57cvss 9.8epss 0.04

    The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

  • CVE-2015-5739CriOct 18, 2017
    risk 0.57cvss 9.8epss 0.10

    The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."

  • CVE-2015-5376CriOct 18, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field.

  • CVE-2017-14322CriOct 18, 2017
    risk 0.70cvss 9.8epss 0.37

    The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.

  • CVE-2017-15579CriOct 18, 2017
    risk 0.67cvss 9.8epss 0.01

    In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.

  • CVE-2017-13999CriOct 17, 2017
    risk 0.64cvss 9.8epss 0.03

    A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; the attacker may then be…

  • CVE-2017-15539CriOct 17, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.

  • CVE-2017-3761CriOct 17, 2017
    risk 0.64cvss 9.8epss 0.04

    The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.

  • CVE-2017-3758CriOct 17, 2017
    risk 0.64cvss 9.8epss 0.03

    Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution.

  • CVE-2017-8805CriOct 17, 2017
    risk 0.59cvss 9.1epss 0.03

    Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror.

  • CVE-2015-7806CriOct 17, 2017
    risk 0.57cvss 9.8epss 0.06

    Eval injection vulnerability in the fm_saveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors.