Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6760 | 1 Dataprobe | 2 Ibootbar, Ibootbar Firmware | 2017-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie. | |||||
| CVE-2015-2885 | 1 Lens Laboratories | 2 Peek-a-view, Peek-a-view Firmware | 2017-04-13 | 10.0 HIGH | 9.8 CRITICAL |
| Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. | |||||
| CVE-2007-6759 | 1 Dataprobe | 2 Ibootbar, Ibootbar Firmware | 2017-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie. | |||||
| CVE-2015-8255 | 1 Axis | 1 Axis Communications Firmware | 2017-04-13 | 6.8 MEDIUM | 8.8 HIGH |
| AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. | |||||
| CVE-2015-2886 | 1 Ibaby | 2 M6 Baby Monitor, M6 Baby Monitor Firmware | 2017-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service. | |||||
| CVE-2015-2887 | 1 Ibaby | 2 M3s Baby Monitor, M3s Baby Monitor Firmware | 2017-04-13 | 10.0 HIGH | 9.8 CRITICAL |
| iBaby M3S has a password of admin for the backdoor admin account. | |||||
| CVE-2015-6035 | 1 Opsview | 1 Opsview | 2017-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Opsview before 2015-11-06 has XSS via SNMP. | |||||
| CVE-2015-2881 | 1 Gynoii | 3 Gcw-1010, Gcw-1020, Gpw-1025 | 2017-04-13 | 10.0 HIGH | 9.8 CRITICAL |
| Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. | |||||
| CVE-2017-7581 | 1 News System Project | 1 News System | 2017-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. | |||||
| CVE-2017-7589 | 1 Openidm Project | 1 Openidm | 2017-04-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js. | |||||
| CVE-2017-7591 | 1 Openidm Project | 1 Openidm | 2017-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/. | |||||
| CVE-2016-9197 | 1 Cisco | 1 Mobility Services Engine | 2017-04-13 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0). | |||||
| CVE-2017-7570 | 1 Pivotx | 1 Pivotx | 2017-04-13 | 6.5 MEDIUM | 8.8 HIGH |
| PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. | |||||
| CVE-2017-7566 | 1 Mybb | 1 Mybb | 2017-04-13 | 4.0 MEDIUM | 7.7 HIGH |
| MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. | |||||
| CVE-2016-6805 | 1 Apache | 1 Ignite | 2017-04-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents. | |||||
| CVE-2017-6513 | 1 Softaculous | 2 Virtualizor, Whmcs Reseller Module | 2017-04-12 | 6.5 MEDIUM | 9.9 CRITICAL |
| The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL. | |||||
| CVE-2017-7572 | 1 Backintime Project | 1 Backintime | 2017-04-12 | 9.3 HIGH | 8.1 HIGH |
| The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester. | |||||
| CVE-2017-7569 | 1 Vbulletin | 1 Vbulletin | 2017-04-12 | 5.0 MEDIUM | 8.6 HIGH |
| In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. | |||||
| CVE-2017-7579 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | |||||
| CVE-2017-6130 | 1 F5 | 2 Ssl Intercept Iapp, Ssl Orchestrator | 2017-04-12 | 5.8 MEDIUM | 7.4 HIGH |
| F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. | |||||