Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5464 | 1 Gitlab | 1 Gitlab | 2020-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. | |||||
| CVE-2013-3215 | 1 Vtiger | 1 Vtiger Crm | 2020-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. | |||||
| CVE-2020-8000 | 1 Intelliantech | 1 Aptus Web | 2020-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account. | |||||
| CVE-2014-3445 | 1 Handsomeweb | 1 Sos Webpages | 2020-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash. | |||||
| CVE-2013-2573 | 1 Tp-link | 6 Tl-sc 3130g, Tl-sc 3130g Firmware, Tl-sc 3171g and 3 more | 2020-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code. | |||||
| CVE-2013-3214 | 1 Vtiger | 1 Vtiger Crm | 2020-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. | |||||
| CVE-2013-1592 | 1 Sap | 1 Netweaver | 2020-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-7245 | 1 Ctfd | 1 Ctfd | 2020-01-31 | 6.8 MEDIUM | 9.8 CRITICAL |
| Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's username, but with white space inserted before and/or after the username. This will register the account with the same username as the victim. After initiating a password reset for the new account, CTFd will reset the victim's account password due to the username collision. | |||||
| CVE-2013-4462 | 1 Portable Phpmyadmin Project | 1 Portable Phpmyadmin | 2020-01-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability | |||||
| CVE-2019-19897 | 1 Ixpdata | 1 Easyinstall | 2020-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\SYSTEM context of the target system by using the Execute Command Line function. | |||||
| CVE-2019-20433 | 1 Gnu | 1 Aspell | 2020-01-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. | |||||
| CVE-2019-16029 | 1 Cisco | 1 Smart Software Manager On-prem | 2020-01-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition. | |||||
| CVE-2019-17096 | 1 Bitdefender | 3 Box 2, Box 2 Firmware, Central | 2020-01-31 | 9.3 HIGH | 9.8 CRITICAL |
| A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command. | |||||
| CVE-2019-20217 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2020-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. | |||||
| CVE-2019-20216 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2020-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. | |||||
| CVE-2020-3716 | 1 Magento | 1 Magento | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-3718 | 1 Magento | 1 Magento | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2013-2060 | 1 Redhat | 1 Openshift | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | |||||
| CVE-2012-6451 | 1 Lorextechnology | 4 Lnc104, Lnc104 Firmware, Lnc116 and 1 more | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability | |||||
| CVE-2014-1925 | 1 Koha | 1 Koha | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. | |||||
| CVE-2014-1924 | 1 Koha | 1 Koha | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | |||||
| CVE-2013-3071 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. | |||||
| CVE-2013-3492 | 1 Xnview | 1 Xnview | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| XnView 2.03 has a stack-based buffer overflow vulnerability | |||||
| CVE-2013-4441 | 1 Pwgen Project | 1 Pwgen | 2020-01-30 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | |||||
| CVE-2013-3486 | 1 Irfanview | 1 Flashpix Plugin | 2020-01-30 | 9.3 HIGH | 9.6 CRITICAL |
| IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability | |||||
| CVE-2020-8001 | 1 Intelliantech | 1 Aptus | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account. | |||||
| CVE-2020-7999 | 1 Intelliantech | 1 Aptus | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY. | |||||
| CVE-2018-16272 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||
| CVE-2018-9852 | 1 Gxlcms | 1 Gxlcms Qy | 2020-01-30 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23. | |||||
| CVE-2011-3621 | 1 Fluxbb | 1 Fluxbb | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled. | |||||
| CVE-2019-10780 | 1 Bibtex-ruby Project | 1 Bibtex-ruby | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open. | |||||
| CVE-2013-2612 | 1 Huawei | 2 E587, E587 Firmware | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI. | |||||
| CVE-2015-5334 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508. | |||||
| CVE-2012-2087 | 1 Ispconfig | 1 Ispconfig | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | |||||
| CVE-2019-5183 | 2 Amd, Vmware | 2 Atidxx64, Workstation | 2020-01-30 | 6.8 MEDIUM | 9.0 CRITICAL |
| An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | |||||
| CVE-2013-3493 | 1 Xnview | 1 Xnview | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| XnView 2.03 has an integer overflow vulnerability | |||||
| CVE-2019-19896 | 1 Ixpdata | 1 Easyinstall | 2020-01-29 | 9.0 HIGH | 9.9 CRITICAL |
| In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files (e.g., bat-scripts), which allows execution of code in the context of NT AUTHORITY\SYSTEM on the target server and clients. | |||||
| CVE-2012-1495 | 1 Webcalendar Project | 1 Webcalendar | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | |||||
| CVE-2014-8741 | 1 Lexmark | 1 Markvision Enterprise | 2020-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors. | |||||
| CVE-2012-5699 | 1 Babygekko | 1 Babygekko | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| BabyGekko before 1.2.4 allows PHP file inclusion. | |||||
| CVE-2013-1744 | 1 Iris Citations Management Tool Project | 1 Iris Citations Management Tool | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands. | |||||
| CVE-2012-6649 | 1 Devfarm | 1 Wp Gpx Maps | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload. | |||||
| CVE-2019-10781 | 1 Schema-inspector Project | 1 Schema-inspector | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector. | |||||
| CVE-2019-20427 | 1 Lustre | 1 Lustre | 2020-01-29 | 9.0 HIGH | 9.8 CRITICAL |
| In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error. | |||||
| CVE-2015-2784 | 1 Papercrop Project | 1 Papercrop | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input. | |||||
| CVE-2020-7229 | 1 Simplejobscript | 1 Simplejobscript | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). The file is _lib/class.Job.php. | |||||
| CVE-2012-5190 | 1 Accusoft | 1 Prizm Content Connect | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability | |||||
| CVE-2014-5007 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2020-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter. | |||||
| CVE-2020-7980 | 1 Intelliantech | 1 Aptus Web | 2020-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. | |||||
| CVE-2014-8563 | 1 Synacor | 1 Zimbra Collaboration Server | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | |||||