CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2019-13482 77 2019-07-10 2019-08-27
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings.
52 CVE-2019-13481 77 2019-07-10 2019-07-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings.
53 CVE-2019-13473 798 2019-09-11 2019-09-13
10.0
None Remote Low Not required Complete Complete Complete
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access.
54 CVE-2019-13447 89 Sql 2019-07-17 2019-07-18
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection.
55 CVE-2019-13405 284 2019-08-28 2019-09-05
10.0
None Remote Low Not required Complete Complete Complete
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software.
56 CVE-2019-13404 284 2019-07-07 2019-07-15
9.3
None Remote Medium Not required Complete Complete Complete
** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x.
57 CVE-2019-13398 77 Exec Code 2019-07-07 2019-07-09
9.0
None Remote Low Single system Complete Complete Complete
Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi.
58 CVE-2019-13382 264 2019-07-26 2019-08-09
9.3
None Remote Medium Not required Complete Complete Complete
UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitrary folder with an arbitrary file name. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. The vulnerability was introduced in SnagIT Windows 12.4.1.
59 CVE-2019-13379 287 2019-07-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.
60 CVE-2019-13352 798 2019-07-05 2019-07-15
10.0
None Remote Low Not required Complete Complete Complete
WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote access.
61 CVE-2019-13294 284 Exec Code 2019-07-04 2019-07-10
10.0
None Remote Low Not required Complete Complete Complete
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
62 CVE-2019-13278 77 2019-07-10 2019-07-16
10.0
None Remote Low Not required Complete Complete Complete
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
63 CVE-2019-13143 254 2019-08-06 2019-08-14
9.0
None Remote Low Not required Partial Partial Complete
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the lock. The user ID, name, and MAC address are trivially obtained from APIs found within the Android or iOS application. With only the MAC address of the lock, any attacker can transfer ownership of the lock from the current user, over to the attacker's account. Thus rendering the lock completely inaccessible to the current user.
64 CVE-2019-13128 77 2019-07-01 2019-07-08
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings.
65 CVE-2019-13024 77 Exec Code 2019-07-01 2019-07-26
9.0
None Remote Low Single system Complete Complete Complete
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).
66 CVE-2019-12997 77 2019-06-28 2019-07-03
9.0
None Remote Low Single system Complete Complete Complete
In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable).
67 CVE-2019-12992 77 2019-07-16 2019-07-17
9.0
None Remote Low Single system Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).
68 CVE-2019-12991 77 2019-07-16 2019-07-17
9.0
None Remote Low Single system Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
69 CVE-2019-12990 22 Dir. Trav. 2019-07-16 2019-07-17
10.0
None Remote Low Not required Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
70 CVE-2019-12988 77 2019-07-16 2019-07-17
10.0
None Remote Low Not required Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).
71 CVE-2019-12987 77 2019-07-16 2019-07-17
10.0
None Remote Low Not required Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
72 CVE-2019-12986 77 2019-07-16 2019-07-17
10.0
None Remote Low Not required Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).
73 CVE-2019-12985 77 2019-07-16 2019-07-17
10.0
None Remote Low Not required Complete Complete Complete
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).
74 CVE-2019-12971 434 2019-07-05 2019-07-15
10.0
None Remote Low Not required Complete Complete Complete
BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type.
75 CVE-2019-12929 78 DoS Exec Code 2019-06-24 2019-07-02
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.
76 CVE-2019-12928 78 DoS Exec Code 2019-06-24 2019-07-02
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.
77 CVE-2019-12920 798 2019-06-20 2019-06-27
10.0
None Remote Low Not required Complete Complete Complete
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt.
78 CVE-2019-12840 77 Exec Code 2019-06-15 2019-06-18
9.0
None Remote Low Single system Complete Complete Complete
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
79 CVE-2019-12803 434 2019-07-10 2019-07-30
10.0
None Remote Low Not required Complete Complete Complete
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.
80 CVE-2019-12792 77 2019-08-15 2019-08-28
9.0
None Remote Low Single system Complete Complete Complete
A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root.
81 CVE-2019-12791 22 Dir. Trav. 2019-08-15 2019-08-28
9.0
None Remote Low Single system Complete Complete Complete
A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form.
82 CVE-2019-12776 798 2019-06-07 2019-06-10
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user's authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products.
83 CVE-2019-12775 284 2019-06-07 2019-06-10
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. (Furthermore, the user account that controls the web application service is granted full access to run any system commands with elevated privilege, without the need for password authentication. Should vulnerabilities be identified and exploited within the web application, it may be possible for a threat actor to create or run high-privileged binaries or executables that are available within the operating system of the device.)
84 CVE-2019-12735 78 Exec Code 2019-06-05 2019-06-13
9.3
None Remote Medium Not required Complete Complete Complete
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
85 CVE-2019-12725 78 Exec Code 2019-07-19 2019-07-22
10.0
None Remote Low Not required Complete Complete Complete
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
86 CVE-2019-12643 287 Exec Code Bypass +Info 2019-08-28 2019-09-04
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information.
87 CVE-2019-12618 284 2019-08-12 2019-08-16
10.0
None Remote Low Not required Complete Complete Complete
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.
88 CVE-2019-12574 426 Exec Code 2019-07-11 2019-07-16
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA client is vulnerable to a DLL injection vulnerability during the software update process. The updater loads several libraries from a folder that authenticated users have write access to. A low privileged user can leverage this vulnerability to execute arbitrary code as SYSTEM.
89 CVE-2019-12569 426 Exec Code 2019-06-02 2019-06-03
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.
90 CVE-2019-12550 798 2019-06-17 2019-06-19
10.0
None Remote Low Not required Complete Complete Complete
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
91 CVE-2019-12549 798 2019-06-17 2019-06-19
10.0
None Remote Low Not required Complete Complete Complete
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.
92 CVE-2019-12502 352 CSRF 2019-05-31 2019-05-31
9.3
None Remote Medium Not required Complete Complete Complete
There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI.
93 CVE-2019-12499 20 2019-05-31 2019-05-31
9.3
None Remote Medium Not required Complete Complete Complete
Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the --shutdown control command). This is similar to CVE-2019-5736.
94 CVE-2019-12449 275 2019-05-29 2019-07-07
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
95 CVE-2019-12328 77 2019-07-22 2019-07-29
9.0
None Remote Low Single system Complete Complete Complete
A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.
96 CVE-2019-12327 798 2019-07-22 2019-07-29
10.0
None Remote Low Not required Complete Complete Complete
Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed.
97 CVE-2019-12326 434 Exec Code 2019-07-22 2019-08-02
10.0
None Remote Low Not required Complete Complete Complete
Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution.
98 CVE-2019-12325 119 Exec Code Overflow 2019-07-22 2019-07-23
9.0
None Remote Low Single system Complete Complete Complete
The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user.
99 CVE-2019-12324 77 2019-07-22 2019-08-05
9.0
None Remote Low Single system Complete Complete Complete
A command injection (missing input validation) issue in the IP address field for the logging server in the configuration web interface on the Akuvox R50P VoIP phone with firmware 50.0.6.156 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.
100 CVE-2019-12301 287 2019-05-23 2019-05-24
10.0
None Remote Low Not required Complete Complete Complete
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.