CVEbaza.plSłownik CWECWE-16
Common Weakness Enumeration

CWE-16

CVE: 317
Podatności CVE z CWE-16 (317)
10.0
CVSS
HIGH
CVE-2013-4316

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

pub. 2013-09-30
10.0
CVSS
HIGH
CVE-2013-1221

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.

pub. 2013-05-09
10.0
CVSS
HIGH
CVE-2011-4501

The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

pub. 2011-11-22
10.0
CVSS
HIGH
CVE-2010-4586

The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508.

pub. 2010-12-22
10.0
CVSS
HIGH
CVE-2010-2977

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611.

pub. 2010-08-10
10.0
CVSS
HIGH
CVE-2010-2276

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.

pub. 2010-06-15
10.0
CVSS
HIGH
CVE-2009-3956

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.

pub. 2010-01-13
10.0
CVSS
HIGH
CVE-2009-2357

The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.

pub. 2009-07-07
10.0
CVSS
HIGH
CVE-2008-6820

The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856.

pub. 2009-06-03
10.0
CVSS
HIGH
CVE-2009-0621

Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.

pub. 2009-02-26
10.0
CVSS
HIGH
CVE-2008-4212

Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.

pub. 2008-10-10
10.0
CVSS
HIGH
CVE-2008-1662

Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."

pub. 2008-08-01
10.0
CVSS
HIGH
CVE-2008-1392

The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.

pub. 2008-03-20
10.0
CVSS
HIGH
CVE-2007-5419

The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface.

pub. 2007-10-12
10.0
CVSS
HIGH
CVE-2007-4074

The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others.

pub. 2007-07-30
10.0
CVSS
HIGH
CVE-2005-4837

snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.

pub. 2005-12-31
10.0
CVSS
HIGH
CVE-2003-1357

ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.

pub. 2003-12-31
10.0
CVSS
HIGH
CVE-2003-1422

Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.

pub. 2003-12-31
9.8
CVSS
CRITICAL
CVE-2024-46909

Podatność w Progress WhatsUp Gold umożliwia zdalnemu, nieuwierzytelnionemu atakującemu wykonanie dowolnego kodu w kontekście konta serwisowego. Ocena CVSS 9.8 (CRITICAL) wskazuje na wyjątkowo wysokie ryzyko i minimalną barierę wejścia dla atakującego.

pub. 2024-12-02
9.8
CVSS
CRITICAL
CVE-2018-11922

Błędna konfiguracja aplikacji Touch Pal na urządzeniach Qualcomm umożliwia zbieranie danych o zachowaniu użytkownika bez jego wiedzy i zgody. Podatność uzyskała ocenę krytyczną CVSS 9.8, co wskazuje na możliwość zdalnego i nieautoryzowanego pozyskania wrażliwych informacji.

pub. 2024-11-26
Pokazano 20 z 317 podatności
Informacje
ID: CWE-16
Podatności: 317
MITRE CWE ↗
← Słownik CWE