Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-17 | CVE-2019-15065 | Unspecified vulnerability in Hinet Gpon Firmware A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. | 7.5 |
| 2019-10-17 | CVE-2019-13412 | Unspecified vulnerability in Hinet Gpon Firmware A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. | 7.5 |
| 2019-10-17 | CVE-2019-13410 | Information Exposure vulnerability in Topmeeting TOPMeeting before version 8.8 (2019/08/19) shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page. | 7.5 |
| 2019-10-17 | CVE-2019-17119 | SQL Injection vulnerability in Wikidsystems TWO Factor Authentication Enterprise Server Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter. | 8.8 |
| 2019-10-17 | CVE-2019-15627 | Link Following vulnerability in Trendmicro Deep Security 10.0/11.0/12.0 Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. | 7.1 |
| 2019-10-17 | CVE-2019-15626 | Cleartext Transmission of Sensitive Information vulnerability in Trendmicro Deep Security 10.0/11.0/12.0 The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. | 7.5 |
| 2019-10-17 | CVE-2019-13657 | Use of Hard-coded Credentials vulnerability in Broadcom CA Performance Management and Network Operations CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | 8.8 |
| 2019-10-17 | CVE-2019-17118 | Cross-Site Request Forgery (CSRF) vulnerability in Wikidsystems 2FA Enterprise Server A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices. | 8.8 |
| 2019-10-17 | CVE-2019-17117 | SQL Injection vulnerability in Wikidsystems 2FA Enterprise Server A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter. | 8.8 |
| 2019-10-17 | CVE-2019-16917 | SQL Injection vulnerability in Wikidsystems TWO Factor Authentication Enterprise Server WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. | 8.8 |