Max CVSS 10.0 Min CVSS 5.0 Total Count7
IDCVSSSummaryLast (major) updatePublished
CVE-2018-15536 5.8
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal
24-08-2018 - 15:29 24-08-2018 - 15:29
CVE-2018-15535 5.0
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve
24-08-2018 - 15:29 24-08-2018 - 15:29
CVE-2017-12577 10.0
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission
24-08-2018 - 15:29 24-08-2018 - 15:29
CVE-2017-12576 9.0
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you log
24-08-2018 - 15:29 24-08-2018 - 15:29
CVE-2017-12575 5.0
An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted
24-08-2018 - 15:29 24-08-2018 - 15:29
CVE-2017-12574 10.0
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthoriz
24-08-2018 - 15:29 24-08-2018 - 15:29
CVE-2014-0114 7.5
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "m
06-01-2017 - 21:59 30-04-2014 - 06:49
Back to Top Mark selected
Back to Top