Vulnerabilities (CVE)

Filter

130145 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17369 1 Otcms 1 Otcms 2019-10-16 4.3
OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin.
CVE-2015-9474 1 Simpolio Project 1 Simpolio 2019-10-16 6.5
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.
CVE-2019-17426 1 Mongoosejs 1 Mongoose 2019-10-16 6.4
Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter....
CVE-2015-9475 1 Pont Project 1 Pont 2019-10-16 6.5
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.
CVE-2019-17320 1 Netsarang 1 Xftp 2019-10-16 7.5
NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a...
CVE-2019-17505 1 Dlink 1 Dap-1320 A2 Firmware 2019-10-16 5.0
D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or...
CVE-2019-17508 1 Dlink 2 Dir-850l A Firmware, Dir-859 A3 Firmware 2019-10-16 10.0
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.
CVE-2019-17059 1 Sophos 1 Cyberoamos 2019-10-16 10.0
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.
CVE-2016-6087 1 Ibm 1 Domino 2019-10-16 5.0
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.
CVE-2016-11014 2019-10-16 N/A
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.
CVE-2016-11015 2019-10-16 N/A
NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.
CVE-2016-11016 2019-10-16 N/A
NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS.
CVE-2019-13392 2019-10-16 N/A
A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it...
CVE-2019-17395 2019-10-16 N/A
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
CVE-2019-17612 2019-10-16 N/A
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter.
CVE-2019-17613 2019-10-16 N/A
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access...
CVE-2019-17624 2019-10-16 N/A
In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2019-17625 2019-10-16 N/A
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a...
CVE-2019-17626 2019-10-16 N/A
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
CVE-2019-17627 2019-10-16 N/A
The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on...