| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. |
| Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. |
| libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. |
| The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability |
| scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. |
| Belkin n750 routers have a buffer overflow. |
| Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges. |
| OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. |
| ClamAV before 0.97.7 has buffer overflow in the libclamav component |
| ClamAV before 0.97.7 has WWPack corrupt heap memory |
| The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. |
| D-Link DIR-100 4.03B07 has PPTP and poe information disclosure |
| D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script |
| Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability |
| Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. |
| PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module |
| QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models |
| IZON IP 2.0.2: hard-coded password vulnerability |
| LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability |