CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2019-12289 287 Exec Code 2019-05-23 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command.
102 CVE-2019-12185 77 Exec Code 2019-05-19 2019-05-20
9.0
None Remote Low Single system Complete Complete Complete
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
103 CVE-2019-12177 426 2019-06-03 2019-06-04
9.3
None Remote Medium Not required Complete Complete Complete
Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.
104 CVE-2019-12170 434 Exec Code 2019-05-17 2019-08-05
9.0
None Remote Low Single system Complete Complete Complete
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
105 CVE-2019-12168 77 Exec Code 2019-05-17 2019-05-21
9.0
None Remote Low Single system Complete Complete Complete
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
106 CVE-2019-12104 77 2019-08-14 2019-08-19
9.0
None Remote Low Single system Complete Complete Complete
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities.
107 CVE-2019-12103 77 2019-08-14 2019-08-19
10.0
None Remote Low Not required Complete Complete Complete
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability.
108 CVE-2019-12099 264 Exec Code 2019-05-14 2019-05-16
9.0
None Remote Low Single system Complete Complete Complete
In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.
109 CVE-2019-12042 264 2019-05-23 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security.
110 CVE-2019-11991 200 +Info 2019-07-09 2019-07-16
9.7
None Remote Low Not required Partial Complete Complete
HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service Processor and any managed 3PAR arrays.
111 CVE-2019-11990 284 2019-07-19 2019-07-24
9.0
None Remote Low Single system Complete Complete Complete
Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: * For customers with release UIoT 1.6, fixes are made available with 1.6 RP603 * For customers with release UIoT 1.5, fixes are made available with 1.5 RP503 HF3 * For customers with release older than 1.5, such as 1.4.0, 1.4.1, 1.4.2 and 1.2.4.2, the resolution will be to upgrade to 1.5 RP503 HF3 or 1.6 RP603 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance.
112 CVE-2019-11986 77 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
113 CVE-2019-11985 77 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
114 CVE-2019-11984 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
115 CVE-2019-11980 20 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
116 CVE-2019-11979 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
117 CVE-2019-11978 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
118 CVE-2019-11977 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
119 CVE-2019-11976 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
120 CVE-2019-11975 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
121 CVE-2019-11974 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
122 CVE-2019-11973 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
123 CVE-2019-11972 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
124 CVE-2019-11971 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
125 CVE-2019-11970 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
126 CVE-2019-11969 74 Exec Code 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
127 CVE-2019-11968 20 Exec Code 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
128 CVE-2019-11967 20 Exec Code 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
129 CVE-2019-11966 264 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
130 CVE-2019-11965 74 Exec Code 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
131 CVE-2019-11964 74 Exec Code 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
132 CVE-2019-11963 74 Exec Code 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
133 CVE-2019-11962 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
134 CVE-2019-11961 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
135 CVE-2019-11960 20 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
136 CVE-2019-11959 77 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
137 CVE-2019-11958 20 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
138 CVE-2019-11957 119 Exec Code Overflow 2019-06-05 2019-06-06
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
139 CVE-2019-11956 502 Exec Code 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
140 CVE-2019-11955 77 Exec Code 2019-06-05 2019-06-07
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
141 CVE-2019-11954 77 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
142 CVE-2019-11953 77 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
143 CVE-2019-11952 77 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
144 CVE-2019-11951 74 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
145 CVE-2019-11950 502 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
146 CVE-2019-11949 74 Exec Code 2019-06-05 2019-06-06
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
147 CVE-2019-11948 20 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
148 CVE-2019-11947 798 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
149 CVE-2019-11945 20 Exec Code 2019-06-05 2019-06-06
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
150 CVE-2019-11944 20 Exec Code 2019-06-05 2019-06-06
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.