Filtered by vendor Nuuo
Subscriptions
Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17934 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | N/A |
| NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code. | ||||
| CVE-2018-17894 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | N/A |
| NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access. | ||||
| CVE-2018-17892 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | N/A |
| NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution. | ||||
| CVE-2018-17890 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | 9.8 Critical |
| NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution. | ||||
| CVE-2018-17888 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | N/A |
| NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution. | ||||
| CVE-2018-15716 | 1 Nuuo | 5 Ne-2020, Ne-2040, Ne-4080 and 2 more | 2024-11-21 | N/A |
| NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. | ||||
| CVE-2018-11523 | 1 Nuuo | 2 Nvrmini 2, Nvrmini 2 Firmware | 2024-11-21 | N/A |
| upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. | ||||
| CVE-2016-6553 | 1 Nuuo | 2 Nt-4040 Titan, Nt-4040 Titan Firmware | 2024-11-21 | N/A |
| Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device. | ||||
| CVE-2016-15038 | 1 Nuuo | 1 Nvrmini 2 | 2024-11-21 | 6.5 Medium |
| A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258780. | ||||