Total
176 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17645 | 1 Centreon | 1 Centreon | 2024-08-05 | 7.5 High |
| An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/service/refreshMacroAjax.php. | ||||
| CVE-2019-17503 | 1 Kirona | 1 Dynamic Resource Scheduling | 2024-08-05 | 5.3 Medium |
| An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc. | ||||
| CVE-2019-16340 | 1 Linksys | 6 Velop Whw0301, Velop Whw0301 Firmware, Velop Whw0302 and 3 more | 2024-08-05 | 9.8 Critical |
| Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. | ||||
| CVE-2019-14347 | 1 Schben | 1 Adive | 2024-08-05 | 8.8 High |
| Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. | ||||
| CVE-2019-13981 | 1 Rangerstudio | 1 Directus 7 Api | 2024-08-05 | N/A |
| In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer. | ||||
| CVE-2019-13030 | 1 Mediola | 1 Neo Server | 2024-08-04 | 8.2 High |
| eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer. | ||||
| CVE-2019-12768 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2024-08-04 | 9.8 Critical |
| An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing. | ||||
| CVE-2019-12583 | 1 Zyxel | 28 Uag2100, Uag2100 Firmware, Uag4100 and 25 more | 2024-08-04 | N/A |
| Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service. | ||||
| CVE-2019-11326 | 1 Topcon | 2 Net-g5, Net-g5 Firmware | 2024-08-04 | 8.8 High |
| An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same procedure allows a regular user to gain administrative privileges. The guest login is possible in the default configuration. | ||||
| CVE-2019-9584 | 1 Eq-3 | 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more | 2024-08-04 | N/A |
| eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages. | ||||
| CVE-2019-7736 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2024-08-04 | N/A |
| D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101. | ||||
| CVE-2019-6126 | 1 Advance Peer To Peer Mlm Script Project | 1 Advance Peer To Peer Mlm Script | 2024-08-04 | N/A |
| The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff. | ||||
| CVE-2019-3916 | 1 Verizon | 2 Fios Quantum Gateway G1100, Fios Quantum Gateway G1100 Firmware | 2024-08-04 | N/A |
| Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api). | ||||
| CVE-2019-3933 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-08-04 | 5.3 Medium |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the access code. | ||||
| CVE-2019-3934 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-08-04 | 5.3 Medium |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code. | ||||
| CVE-2019-2388 | 1 Mongodb | 1 Ops Manager | 2024-08-04 | 5.8 Medium |
| In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5. | ||||
| CVE-2019-1220 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2024-08-04 | 4.3 Medium |
| A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'. | ||||
| CVE-2020-35391 | 1 Tenda | 2 F3, F3 Firmware | 2024-08-04 | 9.6 Critical |
| Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior. | ||||
| CVE-2020-29656 | 1 Asus | 2 Rt-ac88u, Rt-ac88u Firmware | 2024-08-04 | 7.5 High |
| An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direct access to /downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language makes it possible to reach "unknown functionality" in a "known to be easy" manner via an unspecified "public exploit." | ||||
| CVE-2020-28937 | 1 Openclinic Project | 1 Openclinic | 2024-08-04 | 7.5 High |
| OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI. | ||||