CWE:
 

Topic
Date
Author
Med.
Jungle Interativa Database Configuration Disclosure
29.03.2019
KingSkrupellos
Med.
SquareSpace Database Configuration Disclosure
29.03.2019
KingSkrupellos
Med.
Peru Intercorp Database Configuration Disclosure
29.03.2019
KingSkrupellos
Med.
WordPress 4.9.8 KingAbdullahPort KAP Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.9.x U_Parts Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.7.13 ChurcHope Responsive Themes 4.7.x Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.2.2 Oxygen-Theme Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.x CafeSalivation Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.x Nishizawa_Tmp Themes Database Configuration File Download
20.03.2019
KingSkrupellos
Med.
ph7CMS Social Dating Community 14.8 Database Configuration Disclosure
18.02.2019
KingSkrupellos
Med.
Zend Framework 1.11.11 Database Configuration Disclosure
18.02.2019
KingSkrupellos
Med.
Zend Framework ZF1 1.x Database Configuration Disclosure
18.02.2019
KingSkrupellos
Med.
ZRECore 1.3.1 Database Configuration Disclosure
17.02.2019
KingSkrupellos
Med.
Invo PhalconPHP 1.x Database Configuration Disclosure
15.02.2019
KingSkrupellos
Med.
Ispirithalaya Hospital Management System 0.1.2 Database Configuration Disclosure
15.02.2019
KingSkrupellos
Med.
DNNSoftware EventsCalendar Modules 1.x Arbitrary File Download
18.01.2019
KingSkrupellos
Med.
HP Printers Wi-Fi Direct Improper Access Control
03.02.2017
Neseso
High
Motorola Bootloader Unlocking
16.04.2013
Dan Rosenberg
Low
Multiple Sourcefire Products Static Web SSL Keys Vulnerability
18.06.2010
ZDI
High
Consona Products - Multiple vulnerabilities
23.05.2010
wintercore
High
Intel *45 *35 chipset - txt attack
26.12.2009
Joanna Rutkowska
Med.
Adobe Photoshop Elements 8.0 Active File Monitor Local Elevation Of Privileges
02.10.2009
nine:situations:group:...
High
Medium security hole in TekRADIUS
11.07.2009
Tim Brown
High
Univeral HTTP Image/File Upload ActiveX Remote File Deletion
09.04.2009
t0pP8uZz
High
Chipmunk Blog (Auth Bypass) Add Admin Exploit
05.02.2009
x0r
Med.
bug in OpenSSH (Still in FreeBSD-STABLE)
04.08.2008
Dag-Erling Smorgrav


CVEMAP Search Results

CVE
Details
Description
2019-03-27
Medium
CVE-2018-12179

Vendor: Tianocore
Software: Edk ii
 

 
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

 
2019-03-21
Low
CVE-2018-4058

Updating...
 

 
An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.

 
2019-03-06
Medium
CVE-2019-1585

Vendor: Cisco
Software: Application ...
 

 
A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An attacker could exploit this vulnerability by authenticating to the affected device with a crafted user ID, which may allow temporary administrative access to escalate privileges. A successful exploit could allow the attacker to escalate privileges on an affected device. This Vulnerability has been fixed in version 4.0(1h)

 
2018-12-20
Medium
CVE-2018-11985

Vendor: Google
Software: Android
 

 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.

 
2018-10-05
Medium
CVE-2018-15386

Vendor: Cisco
Software: Digital netw...
 

 
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.

 
2018-09-28
Medium
CVE-2018-15764

Vendor: EMC
Software: Esrs policy ...
 

 
Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM.

 
2018-07-24
Medium
CVE-2017-3210

Vendor: Fujitsu
Software: Displayview ...
 

 
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.

 
2018-07-06
Medium
CVE-2018-5892

Vendor: Qualcomm
Software: Mdm9206 firmware
 

 
The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear.

 
2018-06-01
Medium
CVE-2018-5524

Vendor: F5
Software: Big-ip acces...
 

 
Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue.

 
2018-05-10
Medium
CVE-2018-1115

Vendor: Postgresql
Software: Postgresql
 

 
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top