VYPR

CVEs

31,173 total · page 580 of 624

  • CVE-2017-11383CriAug 2, 2017
    risk 0.67cvss 9.8epss 0.39

    SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560.

  • CVE-2017-9769CriAug 2, 2017
    risk 0.74cvss 9.8epss 0.86

    A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.

  • CVE-2017-8390CriAug 2, 2017
    risk 0.64cvss 9.8epss 0.06

    The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name.

  • CVE-2015-2560CriAug 2, 2017
    risk 0.65cvss 9.8epss 0.16

    Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet.

  • CVE-2015-1174CriAug 2, 2017
    risk 0.64cvss 9.8epss 0.03

    Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id.

  • CVE-2017-1383CriAug 2, 2017
    risk 0.59cvss 9.1epss 0.03

    IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.

  • CVE-2017-11494CriAug 2, 2017
    risk 0.67cvss 9.8epss 0.04

    SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.

  • CVE-2017-12199CriAug 2, 2017
    risk 0.64cvss 9.8epss 0.02

    The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item,…

  • CVE-2017-4923CriAug 1, 2017
    risk 0.64cvss 9.8epss 0.02

    VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.

  • CVE-2017-11381CriAug 1, 2017
    risk 0.64cvss 9.8epss 0.03

    A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.

  • CVE-2017-11380CriAug 1, 2017
    risk 0.64cvss 9.8epss 0.01

    Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1.

  • CVE-2017-11129CriAug 1, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user.

  • CVE-2017-12065CriAug 1, 2017
    risk 0.64cvss 9.8epss 0.03

    spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.

  • CVE-2017-11757CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.02

    Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads…

  • CVE-2017-11743CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.02

    MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to…

  • CVE-2017-9521CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.03

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware…

  • CVE-2017-9483CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.02

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands.

  • CVE-2017-9482CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.03

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then…

  • CVE-2017-9479CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.03

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying…

  • CVE-2017-4919CriJul 28, 2017
    risk 0.59cvss 9.0epss 0.02

    VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.

  • CVE-2017-11720CriJul 28, 2017
    risk 0.64cvss 9.8epss 0.02

    There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.

  • CVE-2017-11694CriJul 28, 2017
    risk 0.59cvss 9.1epss 0.01

    MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and…

  • CVE-2017-11693CriJul 28, 2017
    risk 0.59cvss 9.1epss 0.01

    MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and…

  • CVE-2017-11715CriJul 28, 2017
    risk 0.64cvss 9.8epss 0.01

    job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.

  • CVE-2017-11645CriJul 28, 2017
    risk 0.64cvss 9.8epss 0.01

    NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html.

  • CVE-2017-11184CriJul 28, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.

  • CVE-2017-11673CriJul 27, 2017
    risk 0.64cvss 9.8epss 0.03

    Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at reporter!madTraceProcess."

  • CVE-2017-5691CriJul 26, 2017
    risk 0.59cvss 9.0epss 0.01

    Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system…

  • CVE-2017-11643CriJul 26, 2017
    risk 0.64cvss 9.8epss 0.02

    GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.

  • CVE-2017-11641CriJul 26, 2017
    risk 0.64cvss 9.8epss 0.02

    GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.

  • CVE-2017-11637CriJul 26, 2017
    risk 0.64cvss 9.8epss 0.02

    GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.

  • CVE-2017-11636CriJul 26, 2017
    risk 0.64cvss 9.8epss 0.03

    GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.

  • CVE-2017-11631CriJul 26, 2017
    risk 0.64cvss 9.8epss 0.01

    dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.

  • CVE-2017-11459CriJul 25, 2017
    risk 0.64cvss 9.8epss 0.02

    SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.

  • CVE-2015-3278CriJul 25, 2017
    risk 0.64cvss 9.8epss 0.02

    The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors.

  • CVE-2015-2798CriJul 25, 2017
    risk 0.67cvss 9.8epss 0.03

    SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2017-11614CriJul 25, 2017
    risk 0.64cvss 9.8epss 0.01

    MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial…

  • CVE-2015-8009CriJul 25, 2017
    risk 0.64cvss 9.8epss 0.03

    The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another…

  • CVE-2015-2279CriJul 25, 2017
    risk 0.68cvss 9.8epss 0.18

    cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, write_tan, or…

  • CVE-2017-11324CriJul 24, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter.

  • CVE-2017-11589CriJul 24, 2017
    risk 0.64cvss 9.8epss 0.01

    On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd,…

  • CVE-2017-11588CriJul 24, 2017
    risk 0.64cvss 9.8epss 0.04

    On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi…

  • CVE-2017-11585CriJul 24, 2017
    risk 0.64cvss 9.8epss 0.02

    dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection.

  • CVE-2017-11584CriJul 24, 2017
    risk 0.64cvss 9.8epss 0.02

    dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.

  • CVE-2017-11583CriJul 24, 2017
    risk 0.64cvss 9.8epss 0.01

    dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.

  • CVE-2017-11582CriJul 24, 2017
    risk 0.64cvss 9.8epss 0.01

    dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.

  • CVE-2017-11543CriJul 23, 2017
    risk 0.64cvss 9.8epss 0.06

    tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.

  • CVE-2017-11542CriJul 23, 2017
    risk 0.64cvss 9.8epss 0.04

    tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.

  • CVE-2017-11541CriJul 23, 2017
    risk 0.64cvss 9.8epss 0.04

    tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.

  • CVE-2017-7336CriJul 22, 2017
    risk 0.64cvss 9.8epss 0.02

    A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.