Total
157 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1000111 | 1 Twistedmatrix | 1 Twisted | 2020-03-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | |||||
| CVE-2018-3774 | 1 Url-parse Project | 1 Url-parse | 2019-10-09 | 7.5 HIGH | 10.0 CRITICAL |
| Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | |||||
| CVE-2017-17736 | 1 Kentico | 1 Kentico Cms | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard. | |||||
| CVE-2018-19109 | 1 Tianti Project | 1 Tianti | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column. | |||||
| CVE-2018-7526 | 1 Beaconmedaes | 2 Scroll Medical Air Systems, Scroll Medical Air Systems Firmware | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating. | |||||
| CVE-2017-2161 | 1 Toshiba | 1 Flashair | 2019-10-03 | 2.7 LOW | 3.5 LOW |
| FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors. | |||||
| CVE-2018-19207 | 1 Van-ons | 1 Wp-gdpr-compliance | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018. | |||||
| CVE-2017-2143 | 1 Frogman Office Inc | 2 Cs-cart Japanese Edition, Cs-cart Multivendor Japanese Edition | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php. | |||||
| CVE-2017-2486 | 1 Apple | 2 Iphone Os, Safari | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. | |||||
| CVE-2018-11346 | 1 Asustor | 2 As6202t, As6202t Firmware | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter. | |||||
| CVE-2018-19620 | 1 Showdoc | 1 Showdoc | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. | |||||
| CVE-2017-10833 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2019-10-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. | |||||
| CVE-2018-19143 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2019-10-03 | 5.5 MEDIUM | 6.5 MEDIUM |
| Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. | |||||
| CVE-2018-6624 | 1 Omron | 7 Ns10, Ns12, Ns15 and 4 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html. | |||||
| CVE-2017-14993 | 1 Oxid-esales | 1 Eshop | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka "forced browsing") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option. | |||||
| CVE-2017-2139 | 1 Frogman Office Inc | 1 Cs-cart | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php. | |||||
| CVE-2018-18862 | 1 Bmc | 2 Remedy Action Request System, Remedy Mid-tier | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. | |||||