Filtered by vendor
Subscriptions
Total
177 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-11326 | 1 Topcon | 2 Net-g5, Net-g5 Firmware | 2024-11-21 | 8.8 High |
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same procedure allows a regular user to gain administrative privileges. The guest login is possible in the default configuration. | ||||
CVE-2018-7526 | 1 Beaconmedaes | 2 Scroll Medical Air Systems, Scroll Medical Air Systems Firmware | 2024-11-21 | N/A |
In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating. | ||||
CVE-2018-6669 | 1 Mcafee | 1 Application Change Control | 2024-11-21 | N/A |
A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form. | ||||
CVE-2018-6624 | 1 Omron | 7 Ns10, Ns12, Ns15 and 4 more | 2024-11-21 | N/A |
OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html. | ||||
CVE-2018-3774 | 2 Redhat, Url-parse Project | 2 Quay, Url-parse | 2024-11-21 | 9.8 Critical |
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | ||||
CVE-2018-19620 | 1 Showdoc | 1 Showdoc | 2024-11-21 | N/A |
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. | ||||
CVE-2018-19207 | 1 Van-ons | 1 Wp-gdpr-compliance | 2024-11-21 | N/A |
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018. | ||||
CVE-2018-19143 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | N/A |
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. | ||||
CVE-2018-19109 | 1 Tianti Project | 1 Tianti | 2024-11-21 | N/A |
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column. | ||||
CVE-2018-18922 | 1 Abisoftgt | 1 Ticketly | 2024-11-21 | N/A |
add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request. | ||||
CVE-2018-18862 | 1 Bmc | 2 Remedy Action Request System, Remedy Mid-tier | 2024-11-21 | N/A |
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. | ||||
CVE-2018-16706 | 1 Lg | 1 Supersign Cms | 2024-11-21 | N/A |
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. | ||||
CVE-2018-16060 | 1 Mitsubishielectric | 2 Smartrtu, Smartrtu Firmware | 2024-11-21 | 7.5 High |
Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI. | ||||
CVE-2018-11346 | 1 Asustor | 2 As6202t, As6202t Firmware | 2024-11-21 | N/A |
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter. | ||||
CVE-2017-2486 | 1 Apple | 2 Iphone Os, Safari | 2024-11-21 | N/A |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. | ||||
CVE-2017-2161 | 1 Toshiba | 1 Flashair | 2024-11-21 | N/A |
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors. | ||||
CVE-2017-2143 | 1 Frogman Office Inc | 2 Cs-cart Japanese Edition, Cs-cart Multivendor Japanese Edition | 2024-11-21 | N/A |
CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php. | ||||
CVE-2017-2139 | 1 Frogman Office Inc | 1 Cs-cart | 2024-11-21 | N/A |
CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php. | ||||
CVE-2017-17736 | 1 Kentico | 1 Kentico Cms | 2024-11-21 | N/A |
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard. | ||||
CVE-2017-15235 | 1 Horde | 1 Groupware | 2024-11-21 | N/A |
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. |