VYPR

CVEs

31,173 total · page 572 of 624

  • CVE-2017-14243CriSep 17, 2017
    risk 0.68cvss 9.8epss 0.15

    An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi,…

  • CVE-2017-9328CriSep 15, 2017
    risk 0.64cvss 9.8epss 0.07

    Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root.

  • CVE-2017-0898CriSep 15, 2017
    risk 0.60cvss 9.1epss 0.10

    Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

  • CVE-2017-10845CriSep 15, 2017
    risk 0.64cvss 9.8epss 0.03

    Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account.

  • CVE-2013-7429CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php.

  • CVE-2017-13067CriSep 14, 2017
    risk 0.68cvss 9.8epss 0.17

    QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a…

  • CVE-2017-1002028CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.

  • CVE-2017-1002027CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.

  • CVE-2017-1002023CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php

  • CVE-2017-1002022CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.04

    Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.

  • CVE-2017-1002021CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.04

    Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.

  • CVE-2017-1002020CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.04

    Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.

  • CVE-2017-1002019CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.

  • CVE-2017-1002018CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.

  • CVE-2017-1002016CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.

  • CVE-2017-1002015CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.

  • CVE-2017-1002014CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.

  • CVE-2017-1002013CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.

  • CVE-2017-1002012CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.

  • CVE-2017-1002010CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.

  • CVE-2017-1002009CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.

  • CVE-2017-1002008CriSep 14, 2017
    risk 0.68cvss 9.8epss 0.17

    Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.

  • CVE-2017-1002003CriSep 14, 2017
    risk 0.68cvss 9.8epss 0.12

    Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.

  • CVE-2017-1002002CriSep 14, 2017
    risk 0.68cvss 9.8epss 0.13

    Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/

  • CVE-2017-1002001CriSep 14, 2017
    risk 0.68cvss 9.8epss 0.11

    Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.

  • CVE-2017-1002000CriSep 14, 2017
    risk 0.69cvss 9.8epss 0.27

    Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.

  • CVE-2017-13725CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().

  • CVE-2017-13690CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.

  • CVE-2017-13689CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().

  • CVE-2017-13688CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().

  • CVE-2017-13687CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().

  • CVE-2017-13055CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().

  • CVE-2017-13054CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().

  • CVE-2017-13053CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().

  • CVE-2017-13052CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print().

  • CVE-2017-13051CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.04

    The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

  • CVE-2017-13050CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.05

    The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print().

  • CVE-2017-13049CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().

  • CVE-2017-13048CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

  • CVE-2017-13047CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().

  • CVE-2017-13046CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().

  • CVE-2017-13045CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().

  • CVE-2017-13044CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().

  • CVE-2017-13043CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().

  • CVE-2017-13042CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().

  • CVE-2017-13041CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.05

    The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().

  • CVE-2017-13040CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.05

    The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.

  • CVE-2017-13039CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.

  • CVE-2017-13038CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.04

    The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().

  • CVE-2017-13037CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts().