Total
168 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16340 | 1 Linksys | 6 Velop Whw0301, Velop Whw0301 Firmware, Velop Whw0302 and 3 more | 2021-07-21 | 6.4 MEDIUM | 9.8 CRITICAL |
| Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. | |||||
| CVE-2019-17503 | 1 Kirona | 1 Dynamic Resource Scheduling | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc. | |||||
| CVE-2019-20484 | 1 Vikisolutions | 1 Vera | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in. | |||||
| CVE-2019-12768 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing. | |||||
| CVE-2019-17643 | 1 Centreon | 1 Centreon | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXMLHost4Services.php. | |||||
| CVE-2019-25012 | 1 Webform Report Project | 1 Webform Report | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2020-28937 | 1 Openclinic Project | 1 Openclinic | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI. | |||||
| CVE-2019-17646 | 1 Centreon | 1 Centreon | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. It provides sensitive information via an unauthenticated direct request for api/external.php?object=centreon_metric&action=listByService. | |||||
| CVE-2020-24765 | 1 Mind | 1 Imind Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. | |||||
| CVE-2017-14244 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2021-06-21 | 10.0 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi. | |||||
| CVE-2019-3917 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request. | |||||
| CVE-2019-3934 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2020-10-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code. | |||||
| CVE-2019-3933 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2020-10-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the access code. | |||||
| CVE-2019-1899 | 1 Cisco | 6 Rv110w, Rv110w Firmware, Rv130w and 3 more | 2020-10-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web interface of the router. | |||||
| CVE-2019-1898 | 1 Cisco | 6 Rv110w, Rv110w Firmware, Rv130w and 3 more | 2020-10-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file. | |||||
| CVE-2019-9884 | 1 Eclass | 1 Eclass Ip | 2020-10-16 | 10.0 HIGH | 9.8 CRITICAL |
| eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page. | |||||
| CVE-2019-6551 | 1 Pangea-comm | 1 Fax Ata | 2020-10-05 | 7.8 HIGH | 7.5 HIGH |
| Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition. | |||||
| CVE-2020-24660 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2020-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package. | |||||
| CVE-2018-0267 | 1 Cisco | 1 Unified Communications Manager | 2020-09-04 | 2.1 LOW | 6.5 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116. | |||||
| CVE-2018-0266 | 1 Cisco | 1 Unified Communications Manager | 2020-09-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218. | |||||