| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11383 | Cri | 0.67 | 9.8 | 0.39 | Aug 2, 2017 | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560. | ||
| CVE-2017-9769 | Cri | 0.74 | 9.8 | 0.86 | Aug 2, 2017 | A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process. | ||
| CVE-2017-8390 | Cri | 0.64 | 9.8 | 0.06 | Aug 2, 2017 | The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name. | ||
| CVE-2015-2560 | Cri | 0.65 | 9.8 | 0.16 | Aug 2, 2017 | Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. | ||
| CVE-2015-1174 | Cri | 0.64 | 9.8 | 0.03 | Aug 2, 2017 | Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id. | ||
| CVE-2017-1383 | Cri | 0.59 | 9.1 | 0.03 | Aug 2, 2017 | IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155. | ||
| CVE-2017-11494 | Cri | 0.67 | 9.8 | 0.04 | Aug 2, 2017 | SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action. | ||
| CVE-2017-12199 | Cri | 0.64 | 9.8 | 0.02 | Aug 2, 2017 | The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item,… | ||
| CVE-2017-4923 | Cri | 0.64 | 9.8 | 0.02 | Aug 1, 2017 | VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature. | ||
| CVE-2017-11381 | Cri | 0.64 | 9.8 | 0.03 | Aug 1, 2017 | A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. | ||
| CVE-2017-11380 | Cri | 0.64 | 9.8 | 0.01 | Aug 1, 2017 | Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | ||
| CVE-2017-11129 | Cri | 0.64 | 9.8 | 0.01 | Aug 1, 2017 | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user. | ||
| CVE-2017-12065 | Cri | 0.64 | 9.8 | 0.03 | Aug 1, 2017 | spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. | ||
| CVE-2017-11757 | Cri | 0.64 | 9.8 | 0.02 | Jul 31, 2017 | Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads… | ||
| CVE-2017-11743 | Cri | 0.64 | 9.8 | 0.02 | Jul 31, 2017 | MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to… | ||
| CVE-2017-9521 | Cri | 0.64 | 9.8 | 0.03 | Jul 31, 2017 | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware… | ||
| CVE-2017-9483 | Cri | 0.64 | 9.8 | 0.02 | Jul 31, 2017 | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands. | ||
| CVE-2017-9482 | Cri | 0.64 | 9.8 | 0.03 | Jul 31, 2017 | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then… | ||
| CVE-2017-9479 | Cri | 0.64 | 9.8 | 0.03 | Jul 31, 2017 | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying… | ||
| CVE-2017-4919 | Cri | 0.59 | 9.0 | 0.02 | Jul 28, 2017 | VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | ||
| CVE-2017-11720 | Cri | 0.64 | 9.8 | 0.02 | Jul 28, 2017 | There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. | ||
| CVE-2017-11694 | Cri | 0.59 | 9.1 | 0.01 | Jul 28, 2017 | MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and… | ||
| CVE-2017-11693 | Cri | 0.59 | 9.1 | 0.01 | Jul 28, 2017 | MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and… | ||
| CVE-2017-11715 | Cri | 0.64 | 9.8 | 0.01 | Jul 28, 2017 | job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. | ||
| CVE-2017-11645 | Cri | 0.64 | 9.8 | 0.01 | Jul 28, 2017 | NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html. | ||
| CVE-2017-11184 | Cri | 0.64 | 9.8 | 0.02 | Jul 28, 2017 | SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. | ||
| CVE-2017-11673 | Cri | 0.64 | 9.8 | 0.03 | Jul 27, 2017 | Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at reporter!madTraceProcess." | ||
| CVE-2017-5691 | Cri | 0.59 | 9.0 | 0.01 | Jul 26, 2017 | Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system… | ||
| CVE-2017-11643 | Cri | 0.64 | 9.8 | 0.02 | Jul 26, 2017 | GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. | ||
| CVE-2017-11641 | Cri | 0.64 | 9.8 | 0.02 | Jul 26, 2017 | GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files. | ||
| CVE-2017-11637 | Cri | 0.64 | 9.8 | 0.02 | Jul 26, 2017 | GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. | ||
| CVE-2017-11636 | Cri | 0.64 | 9.8 | 0.03 | Jul 26, 2017 | GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. | ||
| CVE-2017-11631 | Cri | 0.64 | 9.8 | 0.01 | Jul 26, 2017 | dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. | ||
| CVE-2017-11459 | Cri | 0.64 | 9.8 | 0.02 | Jul 25, 2017 | SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592. | ||
| CVE-2015-3278 | Cri | 0.64 | 9.8 | 0.02 | Jul 25, 2017 | The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors. | ||
| CVE-2015-2798 | Cri | 0.67 | 9.8 | 0.03 | Jul 25, 2017 | SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2017-11614 | Cri | 0.64 | 9.8 | 0.01 | Jul 25, 2017 | MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial… | ||
| CVE-2015-8009 | Cri | 0.64 | 9.8 | 0.03 | Jul 25, 2017 | The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another… | ||
| CVE-2015-2279 | Cri | 0.68 | 9.8 | 0.18 | Jul 25, 2017 | cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, write_tan, or… | ||
| CVE-2017-11324 | Cri | 0.64 | 9.8 | 0.01 | Jul 24, 2017 | An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter. | ||
| CVE-2017-11589 | Cri | 0.64 | 9.8 | 0.01 | Jul 24, 2017 | On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd,… | ||
| CVE-2017-11588 | Cri | 0.64 | 9.8 | 0.04 | Jul 24, 2017 | On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi… | ||
| CVE-2017-11585 | Cri | 0.64 | 9.8 | 0.02 | Jul 24, 2017 | dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection. | ||
| CVE-2017-11584 | Cri | 0.64 | 9.8 | 0.02 | Jul 24, 2017 | dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php. | ||
| CVE-2017-11583 | Cri | 0.64 | 9.8 | 0.01 | Jul 24, 2017 | dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php. | ||
| CVE-2017-11582 | Cri | 0.64 | 9.8 | 0.01 | Jul 24, 2017 | dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php. | ||
| CVE-2017-11543 | Cri | 0.64 | 9.8 | 0.06 | Jul 23, 2017 | tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. | ||
| CVE-2017-11542 | Cri | 0.64 | 9.8 | 0.04 | Jul 23, 2017 | tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. | ||
| CVE-2017-11541 | Cri | 0.64 | 9.8 | 0.04 | Jul 23, 2017 | tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. | ||
| CVE-2017-7336 | Cri | 0.64 | 9.8 | 0.02 | Jul 22, 2017 | A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges. |
- risk 0.67cvss 9.8epss 0.39
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560.
- risk 0.74cvss 9.8epss 0.86
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.
- risk 0.64cvss 9.8epss 0.06
The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name.
- risk 0.65cvss 9.8epss 0.16
Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet.
- risk 0.64cvss 9.8epss 0.03
Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id.
- risk 0.59cvss 9.1epss 0.03
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.
- risk 0.67cvss 9.8epss 0.04
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.
- risk 0.64cvss 9.8epss 0.02
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item,…
- risk 0.64cvss 9.8epss 0.02
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.
- risk 0.64cvss 9.8epss 0.03
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.
- risk 0.64cvss 9.8epss 0.01
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user.
- risk 0.64cvss 9.8epss 0.03
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
- risk 0.64cvss 9.8epss 0.02
Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads…
- risk 0.64cvss 9.8epss 0.02
MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to…
- risk 0.64cvss 9.8epss 0.03
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware…
- risk 0.64cvss 9.8epss 0.02
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands.
- risk 0.64cvss 9.8epss 0.03
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then…
- risk 0.64cvss 9.8epss 0.03
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying…
- risk 0.59cvss 9.0epss 0.02
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
- risk 0.64cvss 9.8epss 0.02
There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.
- risk 0.59cvss 9.1epss 0.01
MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and…
- risk 0.59cvss 9.1epss 0.01
MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and…
- risk 0.64cvss 9.8epss 0.01
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.
- risk 0.64cvss 9.8epss 0.01
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html.
- risk 0.64cvss 9.8epss 0.02
SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.
- risk 0.64cvss 9.8epss 0.03
Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at reporter!madTraceProcess."
- risk 0.59cvss 9.0epss 0.01
Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system…
- risk 0.64cvss 9.8epss 0.02
GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.
- risk 0.64cvss 9.8epss 0.02
GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.
- risk 0.64cvss 9.8epss 0.02
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.
- risk 0.64cvss 9.8epss 0.03
GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.
- risk 0.64cvss 9.8epss 0.01
dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.
- risk 0.64cvss 9.8epss 0.02
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.
- risk 0.64cvss 9.8epss 0.02
The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors.
- risk 0.67cvss 9.8epss 0.03
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- risk 0.64cvss 9.8epss 0.01
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial…
- risk 0.64cvss 9.8epss 0.03
The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another…
- risk 0.68cvss 9.8epss 0.18
cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, write_tan, or…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter.
- risk 0.64cvss 9.8epss 0.01
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd,…
- risk 0.64cvss 9.8epss 0.04
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi…
- risk 0.64cvss 9.8epss 0.02
dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection.
- risk 0.64cvss 9.8epss 0.02
dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.
- risk 0.64cvss 9.8epss 0.01
dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.
- risk 0.64cvss 9.8epss 0.01
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.
- risk 0.64cvss 9.8epss 0.06
tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.
- risk 0.64cvss 9.8epss 0.04
tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
- risk 0.64cvss 9.8epss 0.04
tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.
- risk 0.64cvss 9.8epss 0.02
A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.