National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 131,245 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2014-9614

The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.

Published: February 19, 2020; 03:15:13 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2014-9613

Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php.

Published: February 19, 2020; 03:15:13 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2014-9612

SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter.

Published: February 19, 2020; 03:15:13 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2014-9609

Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action.

Published: February 19, 2020; 03:15:13 PM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2014-9608

Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Published: February 19, 2020; 03:15:13 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-9607

Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Published: February 19, 2020; 03:15:13 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-9606

Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/.

Published: February 19, 2020; 03:15:13 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-6062

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.

Published: February 19, 2020; 02:15:12 PM -05:00
(not available)
CVE-2020-6061

An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.

Published: February 19, 2020; 02:15:12 PM -05:00
(not available)
CVE-2019-17333

The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.1.fixS and below, versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7.

Published: February 19, 2020; 02:15:11 PM -05:00
(not available)
CVE-2019-10797

Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled.

Published: February 19, 2020; 02:15:11 PM -05:00
(not available)
CVE-2012-0055

OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.

Published: February 19, 2020; 01:15:09 PM -05:00
(not available)
CVE-2020-8959

Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking.

Published: February 19, 2020; 12:15:11 PM -05:00
(not available)
CVE-2020-8824

Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen.

Published: February 19, 2020; 12:15:11 PM -05:00
(not available)
CVE-2020-8441

JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product.

Published: February 19, 2020; 12:15:11 PM -05:00
(not available)
CVE-2019-12437

In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,

Published: February 19, 2020; 12:15:11 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-12246

SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools.

Published: February 19, 2020; 12:15:10 PM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-4230

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.

Published: February 19, 2020; 11:15:12 AM -05:00
(not available)
CVE-2020-4204

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960.

Published: February 19, 2020; 11:15:11 AM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2020-4200

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914.

Published: February 19, 2020; 11:15:11 AM -05:00
(not available)