| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-0558 |
311 |
1
|
|
2020-01-14 |
2020-01-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key. |
|
2 |
CVE-2014-8347 |
287 |
1
|
Bypass |
2020-02-11 |
2020-02-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges. |
|
3 |
CVE-2014-8322 |
787 |
1
|
Exec Code Overflow |
2020-01-31 |
2020-02-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. |
|
4 |
CVE-2014-5468 |
20 |
1
|
Exec Code +Info File Inclusion |
2020-02-07 |
2020-02-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code. |
|
5 |
CVE-2014-5140 |
89 |
1
|
Sql |
2020-01-03 |
2020-01-14 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book. |
|
6 |
CVE-2014-5091 |
20 |
1
|
Exec Code |
2020-02-07 |
2020-02-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. |
|
7 |
CVE-2014-4968 |
|
1
|
Exec Code |
2020-02-12 |
2020-02-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636. |
|
8 |
CVE-2014-4170 |
269 |
1
|
+Info |
2020-02-13 |
2020-02-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information. |
|
9 |
CVE-2014-4019 |
200 |
1
|
+Info |
2020-02-20 |
2020-02-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. |
|
10 |
CVE-2013-7185 |
119 |
1
|
Overflow Mem. Corr. |
2020-01-14 |
2020-01-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PotPlayer 1.5.40688: .avi File Memory Corruption |
|
11 |
CVE-2013-7051 |
287 |
1
|
Bypass |
2020-02-04 |
2020-02-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters |
|
12 |
CVE-2013-6231 |
269 |
1
|
|
2020-01-10 |
2020-01-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script |
|
13 |
CVE-2013-6225 |
22 |
1
|
Exec Code Dir. Trav. |
2020-01-13 |
2020-01-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability |
|
14 |
CVE-2013-5945 |
89 |
1
|
Exec Code Sql |
2020-02-11 |
2021-04-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. |
|
15 |
CVE-2013-5656 |
787 |
1
|
Overflow |
2020-01-07 |
2020-01-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability |
|
16 |
CVE-2013-4865 |
352 |
1
|
CSRF |
2020-01-28 |
2020-02-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter. |
|
17 |
CVE-2013-4864 |
918 |
1
|
|
2020-01-28 |
2020-02-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue. |
|
18 |
CVE-2013-4863 |
287 |
1
|
Exec Code |
2020-01-28 |
2020-02-04 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag. |
|
19 |
CVE-2013-4862 |
863 |
1
|
|
2020-01-28 |
2020-02-04 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. |
|
20 |
CVE-2013-4861 |
22 |
1
|
Dir. Trav. |
2020-01-28 |
2020-02-04 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter. |
|
21 |
CVE-2013-4211 |
94 |
1
|
Exec Code |
2020-02-14 |
2020-02-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code |
|
22 |
CVE-2013-3629 |
|
1
|
Exec Code |
2020-02-07 |
2020-02-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution |
|
23 |
CVE-2013-3628 |
74 |
1
|
Exec Code |
2020-02-07 |
2020-02-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability |
|
24 |
CVE-2013-3591 |
434 |
1
|
Exec Code |
2020-02-07 |
2020-02-11 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability |
|
25 |
CVE-2013-3568 |
352 |
1
|
CSRF |
2020-02-06 |
2020-02-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. |
|
26 |
CVE-2013-3317 |
287 |
1
|
Bypass |
2020-01-29 |
2020-02-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. |
|
27 |
CVE-2013-3316 |
287 |
1
|
Bypass |
2020-01-29 |
2020-02-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". |
|
28 |
CVE-2013-3214 |
74 |
1
|
|
2020-01-28 |
2020-01-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. |
|
29 |
CVE-2013-3212 |
74 |
1
|
Exec Code |
2020-01-28 |
2020-02-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. |
|
30 |
CVE-2013-2748 |
434 |
1
|
|
2020-01-28 |
2020-02-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. |
|
31 |
CVE-2013-2678 |
74 |
1
|
Exec Code +Info |
2020-02-04 |
2020-02-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. |
|
32 |
CVE-2013-2637 |
79 |
1
|
Exec Code XSS |
2020-02-12 |
2020-02-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. |
|
33 |
CVE-2013-2574 |
863 |
1
|
+Info |
2020-01-29 |
2020-02-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. |
|
34 |
CVE-2013-2572 |
798 |
1
|
Bypass |
2020-01-29 |
2020-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files. |
|
35 |
CVE-2013-2571 |
20 |
1
|
Exec Code |
2020-01-28 |
2020-02-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer. |
|
36 |
CVE-2013-2567 |
798 |
1
|
Bypass +Info |
2020-01-29 |
2020-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information. |
|
37 |
CVE-2013-2474 |
22 |
1
|
Dir. Trav. |
2020-01-27 |
2020-01-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter. |
|
38 |
CVE-2013-2294 |
79 |
1
|
XSS |
2020-01-30 |
2020-01-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a (1) tag name to the Shortlog table in templates/shortlog.php or branch name to the (2) Shortlog table in templates/shortlog.php or (3) Heads table in plates/summary.php. |
|
39 |
CVE-2013-2097 |
|
1
|
Exec Code |
2020-02-12 |
2020-02-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
ZPanel through 10.1.0 has Remote Command Execution |
|
40 |
CVE-2013-2010 |
74 |
1
|
Exec Code |
2020-02-12 |
2020-02-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability |
|
41 |
CVE-2013-1599 |
78 |
1
|
Exec Code |
2020-01-28 |
2021-04-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface. |
|
42 |
CVE-2013-1594 |
200 |
1
|
+Info |
2020-01-24 |
2020-01-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text. |
|
43 |
CVE-2013-1592 |
120 |
1
|
Exec Code Overflow |
2020-01-23 |
2020-01-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. |
|
44 |
CVE-2013-1360 |
287 |
1
|
Bypass |
2020-02-11 |
2020-02-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. |
|
45 |
CVE-2013-1359 |
287 |
2
|
Bypass |
2020-02-11 |
2020-02-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. |
|
46 |
CVE-2013-0803 |
434 |
1
|
Exec Code |
2020-02-11 |
2020-02-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. |
|
47 |
CVE-2012-6614 |
862 |
1
|
|
2020-02-19 |
2020-03-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. |
|
48 |
CVE-2012-6613 |
|
1
|
|
2020-01-25 |
2020-01-30 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account. |
|
49 |
CVE-2012-5340 |
190 |
1
|
Overflow |
2020-01-23 |
2020-01-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. |
|
50 |
CVE-2012-4284 |
|
1
|
Exec Code |
2020-01-10 |
2020-01-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code |
