Total
163 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16060 | 1 Mitsubishielectric | 2 Smartrtu, Smartrtu Firmware | 2021-10-21 | 5.0 MEDIUM | 7.5 HIGH |
| Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI. | |||||
| CVE-2015-2873 | 1 Trendmicro | 1 Deep Discovery Inspector | 2021-09-09 | 5.5 MEDIUM | N/A |
| Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL. | |||||
| CVE-2020-11561 | 1 Nchsoftware | 1 Express Invoice | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. | |||||
| CVE-2019-17503 | 1 Kirona | 1 Dynamic Resource Scheduling | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc. | |||||
| CVE-2020-26150 | 1 Logaritmo | 1 Aware Callmanager | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | |||||
| CVE-2019-14927 | 2 Inea, Mitsubishielectric | 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data). | |||||
| CVE-2019-9552 | 1 Eloan Project | 1 Eloan | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI. | |||||
| CVE-2020-13474 | 1 Nchsoftware | 1 Express Accounts | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users. | |||||
| CVE-2019-17646 | 1 Centreon | 1 Centreon | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. It provides sensitive information via an unauthenticated direct request for api/external.php?object=centreon_metric&action=listByService. | |||||
| CVE-2020-28937 | 1 Openclinic Project | 1 Openclinic | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI. | |||||
| CVE-2020-13850 | 1 Pandorafms | 1 Pandora Fms | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Artica Pandora FMS 7.44 has inadequate access controls on a web folder. | |||||
| CVE-2019-17645 | 1 Centreon | 1 Centreon | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/service/refreshMacroAjax.php. | |||||
| CVE-2019-17644 | 1 Centreon | 1 Centreon | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/refreshMacroAjax.php. | |||||
| CVE-2019-25012 | 1 Webform Report Project | 1 Webform Report | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2019-12768 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing. | |||||
| CVE-2019-20484 | 1 Vikisolutions | 1 Vera | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in. | |||||
| CVE-2020-10248 | 1 Meinbwa | 2 Direx-pro, Direx-pro Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3. | |||||
| CVE-2019-17643 | 1 Centreon | 1 Centreon | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXMLHost4Services.php. | |||||
| CVE-2020-8439 | 1 Monstra | 1 Monstra | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI. | |||||
| CVE-2020-24765 | 1 Mind | 1 Imind Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. | |||||