CWE:
 

Tytuł
Data
Autor
Med.
Crystal Shard http-protection 0.2.0 IP Spoofing Bypass
30.05.2020
Halis Duraki
Med.
Transparency International Malaysia Database Password Disclosure
27.08.2019
KingSkrupellos
High
Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass
21.08.2019
Social Engineering Neo
Low
Mangaki 0.6.1 Database Configuration Disclosure
10.06.2019
KingSkrupellos
Med.
Luninga Television Database Configuration Disclosure
10.05.2019
KingSkrupellos
Med.
Symphony Project sfDoctrinesfPropel 1.x Database Password Disclosure
10.05.2019
KingSkrupellos
Med.
Cato5 Database Configuration Disclosure
10.05.2019
KingSkrupellos
Med.
Momtaj Trading Pvt Ltd Bangladesh Database Configuration Disclosure
02.05.2019
KingSkrupellos
Med.
Sentrifugo Human Resource Management System 3.2 File Disclosure
02.05.2019
KingSkrupellos
Med.
OpenSkos Simple Knowledge Organization System 2.0 Database Configuration Disclosure
01.05.2019
KingSkrupellos
Med.
Jungle Interativa Database Configuration Disclosure
29.03.2019
KingSkrupellos
Med.
SquareSpace Database Configuration Disclosure
29.03.2019
KingSkrupellos
Med.
Peru Intercorp Database Configuration Disclosure
29.03.2019
KingSkrupellos
Med.
WordPress 4.9.8 KingAbdullahPort KAP Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.9.x U_Parts Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.7.13 ChurcHope Responsive Themes 4.7.x Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.2.2 Oxygen-Theme Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.x CafeSalivation Themes Database Configuration File Download
21.03.2019
KingSkrupellos
Med.
WordPress 4.x Nishizawa_Tmp Themes Database Configuration File Download
20.03.2019
KingSkrupellos
Med.
ph7CMS Social Dating Community 14.8 Database Configuration Disclosure
18.02.2019
KingSkrupellos
Med.
Zend Framework 1.11.11 Database Configuration Disclosure
18.02.2019
KingSkrupellos
Med.
Zend Framework ZF1 1.x Database Configuration Disclosure
18.02.2019
KingSkrupellos
Med.
ZRECore 1.3.1 Database Configuration Disclosure
17.02.2019
KingSkrupellos
Med.
Invo PhalconPHP 1.x Database Configuration Disclosure
15.02.2019
KingSkrupellos
Med.
Ispirithalaya Hospital Management System 0.1.2 Database Configuration Disclosure
15.02.2019
KingSkrupellos
Med.
DNNSoftware EventsCalendar Modules 1.x Arbitrary File Download
18.01.2019
KingSkrupellos
Med.
HP Printers Wi-Fi Direct Improper Access Control
03.02.2017
Neseso
High
Motorola Bootloader Unlocking
16.04.2013
Dan Rosenberg
Low
Multiple Sourcefire Products Static Web SSL Keys Vulnerability
18.06.2010
ZDI
High
Consona Products - Multiple vulnerabilities
23.05.2010
wintercore
High
Intel *45 *35 chipset - txt attack
26.12.2009
Joanna Rutkowska
Med.
Adobe Photoshop Elements 8.0 Active File Monitor Local Elevation Of Privileges
02.10.2009
nine:situations:group:...
High
Medium security hole in TekRADIUS
11.07.2009
Tim Brown
High
Univeral HTTP Image/File Upload ActiveX Remote File Deletion
09.04.2009
t0pP8uZz
High
Chipmunk Blog (Auth Bypass) Add Admin Exploit
05.02.2009
x0r
Med.
bug in OpenSSH (Still in FreeBSD-STABLE)
04.08.2008
Dag-Erling Smorgrav


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2023-07-10
Waiting for details
CVE-2023-3580

Updating...
 

 
Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.

 
2023-02-02
Waiting for details
CVE-2023-0643

Updating...
 

 
Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.

 
2022-04-14
Waiting for details
CVE-2022-22183

Updating...
 

 
An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS.

 
2020-09-18
Low
CVE-2020-16247

Vendor: Philips
Software: Clinical col...
 

 
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

 
2019-07-22
Medium
CVE-2019-2261

Vendor: Qualcomm
Software: Ipq8074 firmware
 

 
Unauthorized access from GPU subsystem to HLOS or other non secure subsystem memory can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

 
2019-07-09
Medium
CVE-2019-3949

Updating...
 

 
Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device.

 
2019-07-03
Medium
CVE-2018-11215

Vendor: Cloudera
Software: Data science...
 

 
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.

 
2019-03-27
Medium
CVE-2018-12179

Vendor: Tianocore
Software: Edk ii
 

 
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

 
2019-03-21
Low
CVE-2018-4058

Updating...
 

 
An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.

 
2019-03-06
Medium
CVE-2019-1585

Vendor: Cisco
Software: Application ...
 

 
A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An attacker could exploit this vulnerability by authenticating to the affected device with a crafted user ID, which may allow temporary administrative access to escalate privileges. A successful exploit could allow the attacker to escalate privileges on an affected device. This Vulnerability has been fixed in version 4.0(1h)

 

 


Copyright 2024, cxsecurity.com

 

Back to Top