CVE-2014-4019

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores fragile information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. (CVSS:5.0) (Concluding Update:2020-02-28)

2020-02-19T20:00:00-05:00February 19th, 2020|Vulnerabilities with Exploits|

CVE-2012-2629

Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) system_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php. (CVSS:6.8) (Closing Update:2020-02-28)

2020-02-19T20:00:00-05:00February 19th, 2020|Vulnerabilities with Exploits|

CVE-2012-6614

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. (CVSS:9.0) (Closing Update:2020-03-05)

2020-02-18T20:00:00-05:00February 18th, 2020|Vulnerabilities with Exploits|

CVE-2013-4211

A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 owed to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code (CVSS:7.5) (Concluding Update:2020-02-19)

2020-02-13T20:00:00-05:00February 13th, 2020|Vulnerabilities with Exploits|

CVE-2014-4170

A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient accession restrictions in the data.php script, which could let a remote malicious user obtain admittance or modify or delete database information. (CVSS:7.5) (Concluding Update:2020-02-19)

2020-02-12T20:00:00-05:00February 12th, 2020|Vulnerabilities with Exploits|

CVE-2013-2637

A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. (CVSS:4.3) (Concluding Update:2020-02-18)

2020-02-11T20:00:00-05:00February 11th, 2020|Vulnerabilities with Exploits|

CVE-2014-4968

The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636. (CVSS:6.8) (Terminal Update:2020-02-19)

2020-02-11T20:00:00-05:00February 11th, 2020|Vulnerabilities with Exploits|

CVE-2014-8347

An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges. (CVSS:4.6) (Closing Update:2020-02-13)

2020-02-10T20:00:00-05:00February 10th, 2020|Vulnerabilities with Exploits|
Go to Top