| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. |
| QNAP VioCard 300 has hardcoded RSA private keys. |
| Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload." |
| SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script |
| OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability |
| RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. |
| Wiz 5.0.3 has a user mode write access violation |
| AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request |
| FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability |
| Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file. |
| Evernote prior to 5.5.1 has insecure password change |
| A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19. |
| Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream |
| Hikvision DS-2CD7153-E IP Camera has Privilege Escalation |
| The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag. |
| MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. |
| INSTEON Hub 2242-222 lacks Web and API authentication |
| D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. |
| TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. |
| ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request |
