Search Results (83333 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-3958 1 Wallaceit 1 Wallacepos 2024-11-21 N/A
Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction.
CVE-2019-3955 1 Dameware 1 Remote Mini Control 2024-11-21 N/A
Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation. An unauthenticated remote attacker can cause a heap buffer overflow by specifying a large RsaPubKeyLen, which could cause a denial of service.
CVE-2019-3954 1 Advantech 1 Webaccess 2024-11-21 N/A
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
CVE-2019-3953 1 Advantech 1 Webaccess 2024-11-21 N/A
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
CVE-2019-3951 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.
CVE-2019-3950 1 Arlo 10 Vmb3010, Vmb3010 Firmware, Vmb3500 and 7 more 2024-11-21 N/A
Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to.
CVE-2019-3939 1 Crestron 4 Am-100, Am-100 Firmware, Am-101 and 1 more 2024-11-21 9.8 Critical
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device.
CVE-2019-3938 1 Crestron 4 Am-100, Am-100 Firmware, Am-101 and 1 more 2024-11-21 7.8 High
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords.
CVE-2019-3932 1 Crestron 4 Am-100, Am-100 Firmware, Am-101 and 1 more 2024-11-21 9.8 Critical
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge.
CVE-2019-3930 8 Barco, Blackbox, Crestron and 5 more 24 Wepresent Wipg-1000p, Wepresent Wipg-1000p Firmware, Wepresent Wipg-1600w and 21 more 2024-11-21 9.8 Critical
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.
CVE-2019-3926 1 Crestron 4 Am-100, Am-100 Firmware, Am-101 and 1 more 2024-11-21 9.8 Critical
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
CVE-2019-3925 1 Crestron 4 Am-100, Am-100 Firmware, Am-101 and 1 more 2024-11-21 9.8 Critical
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
CVE-2019-3923 1 Tenable 1 Nessus 2024-11-21 N/A
Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address this issue.
CVE-2019-3922 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2024-11-21 9.8 Critical
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form. An attacker can leverage this vulnerability to potentially execute arbitrary code.
CVE-2019-3921 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2024-11-21 8.8 High
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially execute arbitrary code.
CVE-2019-3920 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2024-11-21 8.8 High
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.
CVE-2019-3919 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2024-11-21 8.8 High
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/.
CVE-2019-3918 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2024-11-21 9.8 Critical
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.
CVE-2019-3914 1 Verizon 2 Fios Quantum Gateway G1100, Fios Quantum Gateway G1100 Firmware 2024-11-21 N/A
Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname.
CVE-2019-3913 1 Labkey 1 Labkey Server 2024-11-21 4.9 Medium
Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service.