CWE:
 

Topic
Date
Author
High
Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass
21.08.2019
Social Engineering Neo
Low
Mangaki 0.6.1 Database Configuration Disclosure
10.06.2019
KingSkrupellos
Med.
Luninga Television Database Configuration Disclosure
10.05.2019
KingSkrupellos
Med.
Symphony Project sfDoctrinesfPropel 1.x Database Password Disclosure
10.05.2019
KingSkrupellos
Med.
Cato5 Database Configuration Disclosure
10.05.2019
KingSkrupellos
Med.
Momtaj Trading Pvt Ltd Bangladesh Database Configuration Disclosure
02.05.2019
KingSkrupellos
Med.
Sentrifugo Human Resource Management System 3.2 File Disclosure
02.05.2019
KingSkrupellos
Med.
OpenSkos Simple Knowledge Organization System 2.0 Database Configuration Disclosure
01.05.2019
KingSkrupellos
Med.
Jungle Interativa Database Configuration Disclosure
29.03.2019
KingSkrupellos
Med.
SquareSpace Database Configuration Disclosure
29.03.2019
KingSkrupellos
Med.
Peru Intercorp Database Configuration Disclosure
29.03.2019
KingSkrupellos
Med.
WordPress 4.9.8 KingAbdullahPort KAP Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.9.x U_Parts Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.7.13 ChurcHope Responsive Themes 4.7.x Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.2.2 Oxygen-Theme Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.x CafeSalivation Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.x Nishizawa_Tmp Themes Database Configuration File Download
20.03.2019
KingSkrupellos
Med.
ph7CMS Social Dating Community 14.8 Database Configuration Disclosure
18.02.2019
KingSkrupellos
Med.
Zend Framework 1.11.11 Database Configuration Disclosure
18.02.2019
KingSkrupellos
Med.
Zend Framework ZF1 1.x Database Configuration Disclosure
18.02.2019
KingSkrupellos
Med.
ZRECore 1.3.1 Database Configuration Disclosure
17.02.2019
KingSkrupellos
Med.
Invo PhalconPHP 1.x Database Configuration Disclosure
15.02.2019
KingSkrupellos
Med.
Ispirithalaya Hospital Management System 0.1.2 Database Configuration Disclosure
15.02.2019
KingSkrupellos
Med.
DNNSoftware EventsCalendar Modules 1.x Arbitrary File Download
18.01.2019
KingSkrupellos
Med.
HP Printers Wi-Fi Direct Improper Access Control
03.02.2017
Neseso
High
Motorola Bootloader Unlocking
16.04.2013
Dan Rosenberg
Low
Multiple Sourcefire Products Static Web SSL Keys Vulnerability
18.06.2010
ZDI
High
Consona Products - Multiple vulnerabilities
23.05.2010
wintercore
High
Intel *45 *35 chipset - txt attack
26.12.2009
Joanna Rutkowska
Med.
Adobe Photoshop Elements 8.0 Active File Monitor Local Elevation Of Privileges
02.10.2009
nine:situations:group:...
High
Medium security hole in TekRADIUS
11.07.2009
Tim Brown
High
Univeral HTTP Image/File Upload ActiveX Remote File Deletion
09.04.2009
t0pP8uZz
High
Chipmunk Blog (Auth Bypass) Add Admin Exploit
05.02.2009
x0r
Med.
bug in OpenSSH (Still in FreeBSD-STABLE)
04.08.2008
Dag-Erling Smorgrav


CVEMAP Search Results

CVE
Details
Description
2019-07-22
Medium
CVE-2019-2261

Vendor: Qualcomm
Software: Ipq8074 firmware
 

 
Unauthorized access from GPU subsystem to HLOS or other non secure subsystem memory can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

 
2019-07-09
Medium
CVE-2019-3949

Updating...
 

 
Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device.

 
2019-07-03
Medium
CVE-2018-11215

Vendor: Cloudera
Software: Data science...
 

 
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.

 
2019-03-27
Medium
CVE-2018-12179

Vendor: Tianocore
Software: Edk ii
 

 
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

 
2019-03-21
Low
CVE-2018-4058

Updating...
 

 
An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.

 
2019-03-06
Medium
CVE-2019-1585

Vendor: Cisco
Software: Application ...
 

 
A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An attacker could exploit this vulnerability by authenticating to the affected device with a crafted user ID, which may allow temporary administrative access to escalate privileges. A successful exploit could allow the attacker to escalate privileges on an affected device. This Vulnerability has been fixed in version 4.0(1h)

 
2018-12-20
Medium
CVE-2018-11985

Vendor: Google
Software: Android
 

 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.

 
2018-10-05
Medium
CVE-2018-15386

Vendor: Cisco
Software: Digital netw...
 

 
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.

 
2018-09-28
Medium
CVE-2018-15764

Vendor: EMC
Software: Esrs policy ...
 

 
Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM.

 
2018-07-24
Medium
CVE-2017-3210

Vendor: Fujitsu
Software: Displayview ...
 

 
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top