Show filters
447 topics marked with the following tags:
Displaying 11-20 of 447
Sort by:
Attacker Value
High

CVE-2021-22707

Disclosure Date: July 21, 2021 (last updated July 29, 2021)
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.
Attacker Value
High

CVE-2020-35846

Disclosure Date: December 30, 2020 (last updated January 01, 2021)
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
Attacker Value
Low

CVE-2020-9269

Disclosure Date: February 18, 2020 (last updated June 05, 2020)
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
Attacker Value
Very High
The © 2021 Rupee Invoice System - Mayuri K | Designed by : Mayurik K is vulnerable to remote SQL-Injection-Bypass-Authentication. remote SQL-Injection-Bypass-Authentication: https://portswigger.net/support/using-sql-injection-to-bypass-authentication. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads. When the user will sending a malicious query or malicious payload to the MySQL server for those three accounts, he can bypass the login credentials and take control of admin account.
1
Attacker Value
Very High

CVE-2022-29110

Last updated May 10, 2022
Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-29109.
1
Attacker Value
Very High

CVE-2020-10224

Disclosure Date: March 08, 2020 (last updated June 05, 2020)
An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
Attacker Value
Very High

CVE-2013-3018

Disclosure Date: May 24, 2018 (last updated June 05, 2020)
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
Attacker Value
Unknown

CVE-2019-6447

Disclosure Date: January 16, 2019 (last updated July 30, 2020)
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.
Attacker Value
Very Low

CVE-2017-9554

Disclosure Date: July 24, 2017 (last updated July 30, 2020)
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
Attacker Value
Moderate

CVE-2017-6529

Disclosure Date: March 09, 2017 (last updated June 05, 2020)
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.