VYPR

CVEs

31,173 total · page 574 of 624

  • CVE-2017-12985CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().

  • CVE-2017-12902CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.

  • CVE-2017-12901CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().

  • CVE-2017-12900CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().

  • CVE-2017-12899CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().

  • CVE-2017-12898CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().

  • CVE-2017-12897CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().

  • CVE-2017-12896CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().

  • CVE-2017-12895CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().

  • CVE-2017-12894CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().

  • CVE-2017-12893CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().

  • CVE-2017-12249CriSep 13, 2017
    risk 0.59cvss 9.1epss 0.03

    A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability…

  • CVE-2017-14429CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.05

    The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting…

  • CVE-2017-14421CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.02

    D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.

  • CVE-2017-14417CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.01

    register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.

  • CVE-2017-11462CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.05

    Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

  • CVE-2015-5206CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.02

    Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.

  • CVE-2015-5168CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.02

    Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.

  • CVE-2017-11351CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.01

    Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.

  • CVE-2017-14403CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.01

    The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.

  • CVE-2017-14402CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.01

    The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.

  • CVE-2017-14401CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.01

    The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section.

  • CVE-2017-8686CriSep 13, 2017
    risk 0.66cvss 9.8epss 0.28

    The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows…

  • CVE-2017-14397CriSep 12, 2017
    risk 0.64cvss 9.8epss 0.02

    AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.

  • CVE-2017-14396CriSep 12, 2017
    risk 0.60cvss 9.8epss 0.03

    In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.

  • CVE-2017-8015CriSep 12, 2017
    risk 0.64cvss 9.8epss 0.02

    EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.

  • CVE-2017-14346CriSep 12, 2017
    risk 0.64cvss 9.8epss 0.02

    upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.

  • CVE-2017-14345CriSep 12, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.

  • CVE-2015-8351CriSep 11, 2017
    risk 0.64cvss 9.0epss 0.37

    PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE:…

  • CVE-2015-4689CriSep 11, 2017
    risk 0.64cvss 9.8epss 0.02

    Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset."

  • CVE-2015-7877CriSep 11, 2017
    risk 0.64cvss 9.8epss 0.01

    Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2015-4523CriSep 11, 2017
    risk 0.64cvss 9.3epss 0.04

    Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute…

  • CVE-2017-7649CriSep 11, 2017
    risk 0.64cvss 9.8epss 0.02

    The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted…

  • CVE-2017-14269CriSep 11, 2017
    risk 0.64cvss 9.8epss 0.02

    EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content.

  • CVE-2017-14265CriSep 11, 2017
    risk 0.64cvss 9.8epss 0.04

    A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

  • CVE-2017-14252CriSep 11, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.

  • CVE-2017-14247CriSep 11, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.

  • CVE-2017-14242CriSep 11, 2017
    risk 0.57cvss 9.8epss 0.01

    SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter.

  • CVE-2017-14238CriSep 11, 2017
    risk 0.57cvss 9.8epss 0.01

    SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.

  • CVE-2017-14230CriSep 10, 2017
    risk 0.59cvss 9.1epss 0.02

    In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service…

  • CVE-2017-12733CriSep 9, 2017
    risk 0.64cvss 9.8epss 0.02

    A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An…

  • CVE-2017-12731CriSep 9, 2017
    risk 0.64cvss 9.8epss 0.02

    A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to…

  • CVE-2017-11161CriSep 8, 2017
    risk 0.64cvss 9.8epss 0.01

    Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.

  • CVE-2015-5052CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Sefrengo before 1.6.5 beta2.

  • CVE-2015-4629CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.02

    Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions.

  • CVE-2015-4627CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Pragyan CMS 3.0.

  • CVE-2015-3991CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.05

    strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.

  • CVE-2015-3313CriSep 7, 2017
    risk 0.67cvss 9.8epss 0.08

    SQL injection vulnerability in WordPress Community Events plugin before 1.4.

  • CVE-2017-9834CriSep 7, 2017
    risk 0.67cvss 9.8epss 0.04

    SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php.

  • CVE-2017-14147CriSep 7, 2017
    risk 0.72cvss 9.8epss 0.66

    An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper…