| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118. |
| A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used. |
| One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via UART pins without any restrictions, which leads to full system compromise and disclosure of user communications. |
| Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php. |
| LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution. |
| Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. |
| Denial of service in Gemalto's Sentinel LDK RTE version before 7.65 |
| Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service |
| Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams |
| Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams |
| Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams |
| Remote password change in Hanwha Techwin Smartcams |
| Authentication bypass in Hanwha Techwin Smartcams |
| Remote code execution in Hanwha Techwin Smartcams |
| Buffer overflow in Hanwha Techwin Smartcams |
| An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams |
| Unencrypted way of remote control and communications in Hanwha Techwin Smartcams |
| Unsecured way of firmware update in Hanwha Techwin Smartcams |
| Arbitrary File Read in Saperion Web Client version 7.5.2 83166. |
| Remote Code Execution in Saperion Web Client version 7.5.2 83166. |
