| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Evernote prior to 5.5.1 has insecure password change |
| LastPass prior to 2.5.1 allows secure wipe bypass. |
| LastPass prior to 2.5.1 has an insecure PIN implementation. |
| Evernote before 5.5.1 has insecure PIN storage |
| A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19. |
| Collabtive 1.0 has incorrect access control |
| Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream |
| AVTECH AVN801 DVR has a security bypass via the administration login captcha |
| Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials |
| Hikvision DS-2CD7153-E IP Camera has Privilege Escalation |
| Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management." |
| The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag. |
| Karotz API 12.07.19.00: Session Token Information Disclosure |
| Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking |
| Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter. |
| MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue. |
| The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag. |
| MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. |
| Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter. |
| INSTEON Hub 2242-222 lacks Web and API authentication |
