CWE:
 

Topic
Date
Author
High
Solarwinds LEM 6.3.1 Hardcoded Credentials
25.04.2017
Matt Bergin
Med.
HP Printers Wi-Fi Direct Improper Access Control
03.02.2017
Neseso
Med.
SAP HANA Information Disclosure
28.05.2015
onapsis
High
TheCartPress WordPress plugin 1.3.9 Multiple Vulns
29.04.2015
High-Tech Bridge Secur...
Low
SAP Background Processing RFC Missing Authorization
29.04.2014
Onapsis
Low
SAP BASIS Missing Authorization Check
29.04.2014
Onapsis
Low
SAP Profile Maintenance Missing Authorization
29.04.2014
Onapsis
High
OpenDocMan 1.2.7 Multiple Vulnerabilities
05.03.2014
High-Tech Bridge Secur...
High
Microweber 0.8 Arbitrary File Deletion
18.10.2013
High-Tech Bridge Secur...
High
Samsung Kies 2.3.2.12054_20 NULL Pointer Dereference and bypass
16.10.2012
High-Tech Bridge Secur...
High
PBBoard 2.1.4 SQL Injection and Improper Authentication
09.08.2012
High-Tech Bridge Secur...
Med.
AWScripts Gallery Search Engine 1.x Insecure Cookie Vulnerability
01.07.2009
TiGeR-Dz


CVEMAP Search Results

CVE
Details
Description
2018-04-13
Medium
CVE-2018-10086

Vendor: Cmsmadesimple
Software: Cms made simple
 

 
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.

 
2018-03-25
Medium
CVE-2018-8947

Updating...
 

 
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.

 
2018-03-24
Medium
CVE-2017-17751

Vendor: BOSE
Software: Soundtouch
 

 
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol.

 
2018-03-23
Low
CVE-2017-1602

Vendor: IBM
Software: Rational col...
 

 
IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625.

 
2018-03-22
Medium
CVE-2017-1788

Vendor: IBM
Software: Websphere ap...
 

 
IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031.

 
Medium
CVE-2018-7520

Vendor: Geutebrueck
Software: G-cam/efd-22...
 

 
An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords.

 
High
CVE-2018-8933

Vendor: AMD
Software: Epyc server ...
 

 
The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3.

 
High
CVE-2018-8932

Vendor: AMD
Software: Ryzen firmware
 

 
The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4.

 
High
CVE-2018-8931

Vendor: AMD
Software: Ryzen firmware
 

 
The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1.

 
2018-03-21
Medium
CVE-2018-1344

Updating...
 

 
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1

 

 


Copyright 2018, cxsecurity.com

 

Back to Top