| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. |
| Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. |
| Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access |
| Collabtive 1.0 has incorrect access control |
| AVTECH AVN801 DVR has a security bypass via the administration login captcha |
| Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials |
| MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue. |
| D-Link DIR-865L has PHP File Inclusion in the router xml file. |
| Static HTTP Server 1.0 has a Local Overflow |
| Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. |
| Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. |
| Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. |
| Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. |
| Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities |
| In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. |
| RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165. |
| Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging |
| WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability |
| WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities |
| The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. |