Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2019-19996 —
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
Published: December 26, 2019; 01:15:10 PM -05:00
-
CVE-2019-20182 —
The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_title parameter.
Published: January 09, 2020; 05:15:13 PM -05:00
-
CVE-2019-20181 —
The awesome-support plugin 5.8.0 for WordPress allows XSS via the post_title parameter.
Published: January 09, 2020; 05:15:13 PM -05:00
-
CVE-2020-0008 —
In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not ne... read CVE-2020-0008
Published: January 08, 2020; 02:15:13 PM -05:00
-
CVE-2020-0001 —
In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Produc... read CVE-2020-0001
Published: January 08, 2020; 02:15:12 PM -05:00
-
CVE-2020-0007 —
In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for e... read CVE-2020-0007
Published: January 08, 2020; 02:15:13 PM -05:00
-
CVE-2020-0004 —
In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed fo... read CVE-2020-0004
Published: January 08, 2020; 02:15:13 PM -05:00
-
CVE-2014-10398 —
Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1)... read CVE-2014-10398
Published: January 03, 2020; 03:15:11 PM -05:00
-
CVE-2014-5140 —
The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last na... read CVE-2014-5140
Published: January 03, 2020; 03:15:11 PM -05:00
-
CVE-2014-4196 —
Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter.
Published: January 03, 2020; 03:15:11 PM -05:00
-
CVE-2019-5990 —
Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer.
Published: January 06, 2020; 01:15:11 AM -05:00
-
CVE-2019-5988 —
Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page.
Published: January 06, 2020; 01:15:11 AM -05:00
-
CVE-2019-5987 —
Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated attackers to execute arbitrary OS commands via the Management Page.
Published: January 06, 2020; 01:15:11 AM -05:00
-
CVE-2016-11017 —
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection... read CVE-2016-11017
Published: January 06, 2020; 12:15:11 PM -05:00
-
CVE-2019-16154 —
An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page.
Published: January 07, 2020; 02:15:10 PM -05:00
-
CVE-2013-4975 —
Hikvision DS-2CD7153-E IP Camera has Privilege Escalation
Published: December 27, 2019; 12:15:15 PM -05:00
-
CVE-2019-18179 —
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents,... read CVE-2019-18179
Published: January 06, 2020; 03:15:12 PM -05:00
-
CVE-2012-2226 —
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.
Published: January 09, 2020; 04:15:11 PM -05:00
-
CVE-2020-6630 —
An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.
Published: January 08, 2020; 09:15:13 PM -05:00
-
CVE-2020-6631 —
An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.
Published: January 08, 2020; 09:15:13 PM -05:00