| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| QNAP VioCard 300 has hardcoded RSA private keys. |
| SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script |
| OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25.
|
| RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. |
| AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request |
| FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability |
| Wiz 5.0.3 has a user mode write access violation |
| Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file. |
| Evernote prior to 5.5.1 has insecure password change |
| A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19. |
| Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream |
| Hikvision DS-2CD7153-E IP Camera has Privilege Escalation |
| INSTEON Hub 2242-222 lacks Web and API authentication |
| TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. |
| The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag. |
| MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. |
| Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution |
| ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request |
| Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. |
