Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2081 | 1 Datto | 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more | 2018-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts. | |||||
| CVE-2015-9254 | 1 Datto | 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more | 2018-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| Datto ALTO and SIRIS devices have a default VNC password. | |||||
| CVE-2014-3205 | 1 Seagate | 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more | 2018-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user. | |||||
| CVE-2018-7301 | 1 Eq-3 | 2 Homematic Central Control Unit Ccu2, Homematic Central Control Unit Ccu2 Firmware | 2018-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices. | |||||
| CVE-2017-7375 | 3 Debian, Google, Xmlsoft | 3 Debian Linux, Android, Libxml2 | 2018-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable). | |||||
| CVE-2018-7477 | 1 School Management Script Project | 1 School Management Script | 2018-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php. | |||||
| CVE-2018-7463 | 1 Asanhamayesh | 1 Asanhamayesh Cms | 2018-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter. | |||||
| CVE-2017-9426 | 1 Facetag Project | 1 Facetag | 2018-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action. | |||||
| CVE-2017-18210 | 1 Imagemagick | 1 Imagemagick | 2018-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked. | |||||
| CVE-2018-4895 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2018-03-16 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | |||||
| CVE-2018-4879 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2018-03-16 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | |||||
| CVE-2018-6948 | 1 Ccn-lite | 1 Ccn-lite | 2018-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNL_MAX_PREFIX_SIZE; the buffer has the size CCNL_MAX_PREFIX_SIZE. However, when NFN is enabled, additional characters are written to the buffer (e.g., the "NFN" and "R2C" tags). Therefore, sending an NFN-R2C packet with a prefix of size CCNL_MAX_PREFIX_SIZE can cause an overflow of buf inside ccnl_prefix_to_str_detailed. | |||||
| CVE-2018-6953 | 1 Ccn-lite | 1 Ccn-lite | 2018-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses. | |||||
| CVE-2016-5008 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2018-03-16 | 4.3 MEDIUM | 9.8 CRITICAL |
| libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. | |||||
| CVE-2017-12379 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2018-03-16 | 10.0 HIGH | 9.8 CRITICAL |
| ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device. | |||||
| CVE-2018-7039 | 1 Ccn-lite | 1 Ccn-lite | 2018-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer data type causing a negative third argument in some cases of crafted TLV data with inconsistent length information. | |||||
| CVE-2011-4973 | 1 Mod Nss Project | 1 Mod Nss | 2018-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password. | |||||
| CVE-2017-8947 | 1 Hp | 1 Ucmdb Configuration Manager | 2018-03-15 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found. | |||||
| CVE-2018-5767 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2018-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. | |||||
| CVE-2015-5725 | 1 Codeigniter | 1 Codeigniter | 2018-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable. | |||||
| CVE-2015-4412 | 1 Bson Project | 1 Bson | 2018-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string. | |||||
| CVE-2017-6199 | 1 Sandstorm | 1 Sandstorm | 2018-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field. | |||||
| CVE-2016-6813 | 1 Apache | 1 Cloudstack | 2018-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources. | |||||
| CVE-2018-7316 | 1 Christianwebministries | 1 Proclaim | 2018-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action. | |||||
| CVE-2017-17663 | 1 Acme | 2 Mini Httpd, Thttpd | 2018-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. | |||||
| CVE-2016-8511 | 1 Hp | 1 Network Automation | 2018-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found. | |||||
| CVE-2018-6859 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2018-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter. | |||||
| CVE-2016-2397 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2018-03-12 | 10.0 HIGH | 9.8 CRITICAL |
| The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. | |||||
| CVE-2016-2396 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2018-03-12 | 9.0 HIGH | 9.9 CRITICAL |
| The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. | |||||
| CVE-2018-5983 | 1 Jquickcontact Project | 1 Jquickcontact | 2018-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request. | |||||
| CVE-2017-18197 | 1 Jgraph | 1 Mxgraph | 2018-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView. | |||||
| CVE-2018-5987 | 1 Social Pinboard Project | 1 Social Pinboard | 2018-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action. | |||||
| CVE-2018-0514 | 1 Futomi | 1 Mp Form Mail Cgi | 2018-03-10 | 10.0 HIGH | 9.8 CRITICAL |
| MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2011-4889 | 1 Ibm | 1 Websphere Application Server | 2018-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581. | |||||
| CVE-2012-2166 | 1 Ibm | 8 Xiv Storage System 2810-114, Xiv Storage System 2810-114 Firmware, Xiv Storage System 2810-a14 and 5 more | 2018-03-10 | 10.0 HIGH | 9.8 CRITICAL |
| IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041. | |||||
| CVE-2016-8512 | 1 Hp | 2 Loadrunner, Performance Center | 2018-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found. | |||||
| CVE-2017-18194 | 1 Hamayeshnegar | 1 Hamayeshnegar Cms | 2018-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter. | |||||
| CVE-2017-8976 | 1 Hp | 1 Moonshot Provisioning Manager Appliance | 2018-03-09 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | |||||
| CVE-2017-8975 | 1 Hp | 1 Moonshot Provisioning Manager Appliance | 2018-03-09 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | |||||
| CVE-2017-8977 | 1 Hp | 1 Moonshot Provisioning Manager Appliance | 2018-03-09 | 8.5 HIGH | 9.1 CRITICAL |
| A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | |||||
| CVE-2018-6825 | 1 Omninova | 2 Vobot, Vobot Firmware | 2018-03-08 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access. | |||||
| CVE-2017-5814 | 1 Hp | 1 Network Automation | 2018-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||||
| CVE-2017-5810 | 1 Hp | 1 Network Automation | 2018-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||||
| CVE-2017-5807 | 1 Hp | 1 Data Protector | 2018-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | |||||
| CVE-2017-5790 | 1 Hp | 1 Intelligent Management Center | 2018-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. | |||||
| CVE-2018-6928 | 1 News Website Script Project | 1 News Website Script | 2018-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. | |||||
| CVE-2017-13229 | 1 Google | 1 Android | 2018-03-06 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703. | |||||
| CVE-2018-6893 | 1 Finecms | 1 Finecms | 2018-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering. | |||||
| CVE-2017-8957 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | |||||
| CVE-2017-5804 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | |||||