| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Wiz 5.0.3 has a user mode write access violation |
| AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request |
| FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability |
| Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file. |
| Evernote prior to 5.5.1 has insecure password change |
| A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19. |
| Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream |
| Hikvision DS-2CD7153-E IP Camera has Privilege Escalation |
| The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag. |
| MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. |
| INSTEON Hub 2242-222 lacks Web and API authentication |
| D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. |
| TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. |
| ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request |
| php-symfony2-Validator has loss of information during serialization |
| Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. |
| Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution |
| Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. |
| RubyGem omniauth-facebook has an access token security vulnerability |
| The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. |
