Search
Total
349 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18386 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 9.0 HIGH | 7.2 HIGH |
| cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). | |||||
| CVE-2018-20914 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 4.9 MEDIUM | 7.3 HIGH |
| In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). | |||||
| CVE-2019-6800 | 1 Titanhq | 1 Spamtitan | 2019-06-06 | 8.5 HIGH | 7.5 HIGH |
| In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands. | |||||
| CVE-2017-14523 | 1 Wondercms | 1 Wondercms | 2019-04-30 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack. | |||||
| CVE-2017-1000217 | 1 Opencast | 1 Opencast | 2019-04-29 | 6.8 MEDIUM | 8.8 HIGH |
| Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0. | |||||
| CVE-2017-17511 | 2 Debian, Kildclient | 2 Debian Linux, Kildclient | 2019-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c. | |||||
| CVE-2018-1000130 | 1 Jolokia | 1 Webarchive Agent | 2019-03-08 | 6.8 MEDIUM | 8.1 HIGH |
| A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server. | |||||
| CVE-2017-7703 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. | |||||
| CVE-2015-2180 | 1 Roundcube | 1 Webmail | 2018-10-30 | 9.0 HIGH | 8.8 HIGH |
| The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. | |||||
| CVE-2014-7952 | 1 Google | 1 Android | 2018-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams. | |||||
| CVE-2018-6519 | 2 Debian, Simplesamlphp | 2 Debian Linux, Saml2 | 2018-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. | |||||
| CVE-2017-7846 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Thunderbird, Enterprise Linux Desktop and 4 more | 2018-08-07 | 6.8 MEDIUM | 8.8 HIGH |
| It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2. | |||||
| CVE-2017-18266 | 3 Canonical, Debian, Freedesktop | 3 Ubuntu Linux, Debian Linux, Xdg-utils | 2018-06-14 | 6.8 MEDIUM | 8.8 HIGH |
| The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. | |||||
| CVE-2015-1975 | 1 Ibm | 1 Tivoli Directory Server | 2018-05-10 | 4.6 MEDIUM | 7.8 HIGH |
| The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694. | |||||
| CVE-2017-17512 | 1 Sensible-utils Project | 1 Sensible-utils | 2018-03-16 | 6.8 MEDIUM | 8.8 HIGH |
| sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument. | |||||
| CVE-2017-5799 | 1 Hp | 1 Opencall Media Platform | 2018-03-15 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x). | |||||
| CVE-2017-1000454 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-01-16 | 4.6 MEDIUM | 7.8 HIGH |
| CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | |||||
| CVE-2017-15313 | 1 Huawei | 1 Smartcare | 2018-01-05 | 6.5 MEDIUM | 8.8 HIGH |
| Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device. | |||||
| CVE-2016-7125 | 1 Php | 1 Php | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. | |||||
| CVE-2017-17533 | 1 Tkabber Project | 1 Tkabber | 2018-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the attack cannot occur because of the argument-parsing behavior of the Tcl exec function. | |||||
| CVE-2017-17527 | 2 Debian, Pasdoc Project | 2 Debian Linux, Pasdoc | 2018-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used. | |||||
| CVE-2017-17515 | 2 Debian, Ecmwf | 2 Debian Linux, Metview | 2018-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environment variable is not enabled in the shipped product. | |||||
| CVE-2017-17514 | 2 Debian, Nip2 Project | 2 Debian Linux, Nip2 | 2018-01-02 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable. | |||||
| CVE-2017-17513 | 1 Tug | 1 Tex Live | 2018-01-02 | 6.8 MEDIUM | 8.8 HIGH |
| TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua. | |||||
| CVE-2017-17535 | 1 Gjots2 Project | 1 Gjots2 | 2017-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | |||||
| CVE-2017-17516 | 1 Reddit Terminal Viewer Project | 1 Reddit Terminal Viewer | 2017-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | |||||
| CVE-2017-17517 | 1 Sylpheed Project | 1 Sylpheed | 2017-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | |||||
| CVE-2017-17519 | 1 Ocaml Batteries Project | 1 Ocaml Batteries | 2017-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | |||||
| CVE-2017-17523 | 1 Lilypond | 1 Lilypond | 2017-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument. | |||||
| CVE-2017-17534 | 1 Mensis Project | 1 Mensis | 2017-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521. | |||||
| CVE-2017-17528 | 1 Scummvm | 1 Scummvm | 2017-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | |||||
| CVE-2017-17529 | 1 Abisource | 1 Abiword | 2017-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | |||||
| CVE-2017-17530 | 1 Geomview | 1 Geomview | 2017-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | |||||
| CVE-2017-17532 | 1 Kiwi Project | 1 Kiwi | 2017-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | |||||
| CVE-2017-17525 | 1 Xtuple | 1 Postbooks | 2017-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | |||||
| CVE-2017-17524 | 1 Swi-prolog | 1 Swi-prolog | 2017-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | |||||
| CVE-2017-17522 | 1 Python | 1 Python | 2017-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting. | |||||
| CVE-2017-17520 | 1 Debian | 1 Tin | 2017-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs." | |||||
| CVE-2017-17526 | 1 Giac Project | 1 Giac | 2017-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | |||||
| CVE-2015-5227 | 1 Inboundnow | 1 Wordpress Landing Pages | 2017-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter. | |||||
| CVE-2017-9135 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2017-05-26 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program like cURL. There is one test accessible via cURL that does not properly sanitize user input, allowing an attacker to execute shell commands as the root user. | |||||
| CVE-2017-9133 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2017-05-26 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user. | |||||
| CVE-2017-2140 | 1 Gaku | 1 Tablacus Explorer | 2017-05-06 | 6.8 MEDIUM | 8.8 HIGH |
| Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. | |||||
| CVE-2015-8258 | 1 Axis | 1 Axis Communications Firmware | 2017-04-13 | 7.8 HIGH | 7.5 HIGH |
| AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability." | |||||
| CVE-2017-5585 | 1 Opentext | 1 Documentum Content Server | 2017-03-02 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520. | |||||
| CVE-2015-3200 | 3 Hp, Lighttpd, Oracle | 3 Virtual Customer Access System, Lighttpd, Solaris | 2016-12-24 | 5.0 MEDIUM | 7.5 HIGH |
| mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. | |||||
| CVE-2016-6754 | 1 Google | 1 Android | 2016-12-24 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937. | |||||
| CVE-2016-2204 | 1 Symantec | 1 Messaging Gateway | 2016-12-03 | 6.5 MEDIUM | 8.2 HIGH |
| The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | |||||
| CVE-2016-5685 | 1 Dell | 4 Idrac7, Idrac7 Firmware, Idrac8 and 1 more | 2016-12-01 | 9.0 HIGH | 8.8 HIGH |
| Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | |||||