N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at...
9.8CVSS
9.7AI Score
0.001EPSS
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH...
9.8CVSS
9.5AI Score
0.001EPSS
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control....
7.8CVSS
7.5AI Score
0.0004EPSS
The kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribe_email and subscribe_name POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp...
9.8CVSS
9.5AI Score
0.006EPSS
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves...
5.9CVSS
5.5AI Score
0.004EPSS
7.4CVSS
6.9AI Score
0.017EPSS
6.1CVSS
6AI Score
0.002EPSS
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior...
6.1CVSS
6.1AI Score
0.001EPSS
On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can...
5.3CVSS
5.2AI Score
0.002EPSS
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName...
6.8AI Score
0.007EPSS
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the....
7.6AI Score
0.01EPSS
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint...
6.9AI Score
0.017EPSS
The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes....
7.4AI Score
0.019EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to...
5.9AI Score
0.011EPSS
The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute.....
7.7AI Score
0.003EPSS
Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained.....
8.2AI Score
0.046EPSS
tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the .\pipe__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code...
7.5AI Score
0.006EPSS
The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free...
7.1AI Score
0.038EPSS
Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party...
5.9AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid...
5.8AI Score
0.011EPSS
Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for...
6.3AI Score
0.039EPSS
Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect...
7AI Score
0.125EPSS
Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users...
6.8AI Score
0.008EPSS