Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-15625 |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2017-15624 |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2017-15623 |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2017-15622 |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2017-15621 |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2017-15620 |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2017-15619 |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2017-15618 |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2017-15617 |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2017-15616 |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2017-15615 |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2017-15614 |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2017-15613 |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2014-5070 |
Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2014-5068 |
Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-0087 |
The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2012-6667 |
Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action. Published: January 11, 2018; 11:29:00 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-4950 |
VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default. Published: January 11, 2018; 9:29:00 AM -0500 |
V3.0: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2017-4949 |
VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default. Published: January 11, 2018; 9:29:00 AM -0500 |
V3.0: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2018-0118 |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that is designed to submit malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the targeted device. Cisco Bug IDs: CSCvg51264. Published: January 11, 2018; 4:29:00 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |