CWE:
 

Topic
Date
Author
Med.
Transparency International Malaysia Database Password Disclosure
27.08.2019
KingSkrupellos
High
Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass
21.08.2019
Social Engineering Neo
Low
Mangaki 0.6.1 Database Configuration Disclosure
10.06.2019
KingSkrupellos
Med.
Luninga Television Database Configuration Disclosure
10.05.2019
KingSkrupellos
Med.
Symphony Project sfDoctrinesfPropel 1.x Database Password Disclosure
10.05.2019
KingSkrupellos
Med.
Cato5 Database Configuration Disclosure
10.05.2019
KingSkrupellos
Med.
Momtaj Trading Pvt Ltd Bangladesh Database Configuration Disclosure
02.05.2019
KingSkrupellos
Med.
Sentrifugo Human Resource Management System 3.2 File Disclosure
02.05.2019
KingSkrupellos
Med.
OpenSkos Simple Knowledge Organization System 2.0 Database Configuration Disclosure
01.05.2019
KingSkrupellos
Med.
Jungle Interativa Database Configuration Disclosure
29.03.2019
KingSkrupellos
Med.
SquareSpace Database Configuration Disclosure
29.03.2019
KingSkrupellos
Med.
Peru Intercorp Database Configuration Disclosure
29.03.2019
KingSkrupellos
Med.
WordPress 4.9.8 KingAbdullahPort KAP Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.9.x U_Parts Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.7.13 ChurcHope Responsive Themes 4.7.x Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.2.2 Oxygen-Theme Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.x CafeSalivation Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.x Nishizawa_Tmp Themes Database Configuration File Download
20.03.2019
KingSkrupellos
Med.
ph7CMS Social Dating Community 14.8 Database Configuration Disclosure
18.02.2019
KingSkrupellos
Med.
Zend Framework 1.11.11 Database Configuration Disclosure
18.02.2019
KingSkrupellos
Med.
Zend Framework ZF1 1.x Database Configuration Disclosure
18.02.2019
KingSkrupellos
Med.
ZRECore 1.3.1 Database Configuration Disclosure
17.02.2019
KingSkrupellos
Med.
Invo PhalconPHP 1.x Database Configuration Disclosure
15.02.2019
KingSkrupellos
Med.
Ispirithalaya Hospital Management System 0.1.2 Database Configuration Disclosure
15.02.2019
KingSkrupellos
Med.
DNNSoftware EventsCalendar Modules 1.x Arbitrary File Download
18.01.2019
KingSkrupellos
Med.
HP Printers Wi-Fi Direct Improper Access Control
03.02.2017
Neseso
High
Motorola Bootloader Unlocking
16.04.2013
Dan Rosenberg
Low
Multiple Sourcefire Products Static Web SSL Keys Vulnerability
18.06.2010
ZDI
High
Consona Products - Multiple vulnerabilities
23.05.2010
wintercore
High
Intel *45 *35 chipset - txt attack
26.12.2009
Joanna Rutkowska
Med.
Adobe Photoshop Elements 8.0 Active File Monitor Local Elevation Of Privileges
02.10.2009
nine:situations:group:...
High
Medium security hole in TekRADIUS
11.07.2009
Tim Brown
High
Univeral HTTP Image/File Upload ActiveX Remote File Deletion
09.04.2009
t0pP8uZz
High
Chipmunk Blog (Auth Bypass) Add Admin Exploit
05.02.2009
x0r
Med.
bug in OpenSSH (Still in FreeBSD-STABLE)
04.08.2008
Dag-Erling Smorgrav


CVEMAP Search Results

CVE
Details
Description
2019-07-22
Medium
CVE-2019-2261

Vendor: Qualcomm
Software: Ipq8074 firmware
 

 
Unauthorized access from GPU subsystem to HLOS or other non secure subsystem memory can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

 
2019-07-09
Medium
CVE-2019-3949

Updating...
 

 
Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device.

 
2019-07-03
Medium
CVE-2018-11215

Vendor: Cloudera
Software: Data science...
 

 
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.

 
2019-03-27
Medium
CVE-2018-12179

Vendor: Tianocore
Software: Edk ii
 

 
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

 
2019-03-21
Low
CVE-2018-4058

Updating...
 

 
An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.

 
2019-03-06
Medium
CVE-2019-1585

Vendor: Cisco
Software: Application ...
 

 
A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An attacker could exploit this vulnerability by authenticating to the affected device with a crafted user ID, which may allow temporary administrative access to escalate privileges. A successful exploit could allow the attacker to escalate privileges on an affected device. This Vulnerability has been fixed in version 4.0(1h)

 
2018-07-24
Medium
CVE-2017-3210

Vendor: Fujitsu
Software: Displayview ...
 

 
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.

 
2018-04-18
High
CVE-2015-9197

Vendor: Qualcomm
Software: Mdm9206 firmware
 

 
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, when enabling XPUs for SMEM partitions, if configuration values are out of range, memory access outside the SMEM may occur and set incorrect XPU configurations.

 
Medium
CVE-2016-10446

Vendor: Qualcomm
Software: Mdm9206 firmware
 

 
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, and SD 835, incorrect configuration of the OCIMEM MPU may provide NonSecure Software access to OCIMEM memory used by TZ.

 
2014-10-10
Medium
CVE-2014-3394

Vendor: Cisco
Software: Adaptive sec...
 

 
The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top