Search
Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39160 | 1 Jupyterhub | 1 Nbgitpuller | 2021-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade. | |||||
| CVE-2021-37626 | 1 Contao | 1 Contao | 2021-08-20 | 6.5 MEDIUM | 7.2 HIGH |
| Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify fields that are shown in the front end. Update to Contao 4.4.56, 4.9.18 or 4.11.7 to resolve. If you cannot update then disable the login for untrusted back end users. | |||||
| CVE-2017-18113 | 1 Atlassian | 2 Data Center, Jira | 2021-08-10 | 6.8 MEDIUM | 8.8 HIGH |
| The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution (RCE) vulnerability. The vulnerability allowed for various problematic OSWorkflow classes to be used as part of workflows. The fix for this issue blocks usage of unsafe conditions, validators, functions and registers that are build-in into OSWorkflow library and other Jira dependencies. Atlassian-made functions or functions provided by 3rd party plugins are not affected by this fix. | |||||
| CVE-2021-24430 | 1 Optimocha | 1 Speed Booster Pack | 2021-08-10 | 6.5 MEDIUM | 7.2 HIGH |
| The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE | |||||
| CVE-2021-1518 | 1 Cisco | 1 Firepower Device Manager On-box | 2021-08-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific REST API commands. An attacker could exploit this vulnerability by sending a crafted HTTP request to the API subsystem of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system. To exploit this vulnerability, an attacker would need valid low-privileged user credentials. | |||||
| CVE-2019-12761 | 1 Python | 1 Pyxdg | 2021-08-03 | 5.1 MEDIUM | 7.5 HIGH |
| A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call. | |||||
| CVE-2021-25808 | 1 Bludit | 1 Bludit | 2021-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. | |||||
| CVE-2019-0193 | 1 Apache | 1 Solr | 2021-07-30 | 9.0 HIGH | 7.2 HIGH |
| In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. | |||||
| CVE-2019-9829 | 1 Maccms | 1 Maccms | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates. | |||||
| CVE-2020-26165 | 1 Qdpm | 1 Qdpm | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used. | |||||
| CVE-2019-10666 | 1 Librenms | 1 Librenms | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring. | |||||
| CVE-2020-24354 | 1 Zyxel | 2 Vmg5313-b30b, Vmg5313-b30b Firmware | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. | |||||
| CVE-2020-9377 | 1 Dlink | 2 Dir-610, Dir-610 Firmware | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-36245 | 1 Gramaddict | 1 Gramaddict | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network. | |||||
| CVE-2019-17107 | 1 Centreon | 1 Centreon Web | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect. | |||||
| CVE-2020-27192 | 1 Binarynights | 1 Forklift | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool. | |||||
| CVE-2020-35370 | 1 Raysync | 1 Raysync | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server. | |||||
| CVE-2019-8371 | 1 Open-emr | 1 Openemr | 2021-07-21 | 9.0 HIGH | 7.2 HIGH |
| OpenEMR v5.0.1-6 allows code execution. | |||||
| CVE-2020-13994 | 1 Mods-for-hesk | 1 Mods For Hesk | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker. | |||||
| CVE-2020-22427 | 1 Nagios | 1 Nagios Xi | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| ** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time. | |||||
| CVE-2020-6230 | 1 Sap | 1 Orientdb | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection. An attacker could thereby control the behavior of the application. | |||||
| CVE-2019-7903 | 1 Magento | 1 Magento | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template. | |||||
| CVE-2020-14971 | 1 Pi-hole | 1 Pi-hole | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.gz archive. The attacker then modifies the host parameter in dnsmasq.d files, and then compresses and uploads these files again. | |||||
| CVE-2019-16652 | 1 Geniusbytes | 1 Genius Server | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to execute arbitrary commands. | |||||
| CVE-2019-8942 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943. | |||||
| CVE-2019-7932 | 1 Magento | 1 Magento | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file. | |||||
| CVE-2019-7942 | 1 Magento | 1 Magento | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates. | |||||
| CVE-2019-20002 | 1 Solarwinds | 1 Webhelpdesk | 2021-07-21 | 6.0 MEDIUM | 7.8 HIGH |
| Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | |||||
| CVE-2019-17575 | 1 Wbce | 1 Wbce Cms | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg file, and then change the file's base name to filename.ph and change the file's extension to p. Because of concatenation, the name is then treated as filename.php.) At the result, remote attackers can execute arbitrary PHP code. | |||||
| CVE-2020-15817 | 1 Jetbrains | 1 Youtrack | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. | |||||
| CVE-2020-6296 | 1 Sap | 2 Abap Platform, Netweaver As Abap | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. | |||||
| CVE-2020-35121 | 1 Keysight | 1 Database Connector | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro. | |||||
| CVE-2019-14423 | 1 Eq-3 | 3 Ccu2, Ccu2 Firmware, Cux-daemon | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request. | |||||
| CVE-2019-9858 | 1 Horde | 1 Groupware | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it's never submitted by the forms, which default to securely using a random path.) | |||||
| CVE-2019-6289 | 1 Dedecms | 1 Dedecms | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename. | |||||
| CVE-2019-3493 | 1 Microfocus | 2 Network Automation, Network Operations Management | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution. | |||||
| CVE-2019-11354 | 1 Ea | 1 Origin | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication. | |||||
| CVE-2019-15766 | 1 Kslabs | 1 Ksweb | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to (and the config_text parameter set to the content of the file to be created). This can be a PHP file that is written to in the public web directory and subsequently executed. The attacker must have network connectivity to the PHP server that is running on the Android device. | |||||
| CVE-2019-0728 | 1 Microsoft | 1 Visual Studio Code | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'. | |||||
| CVE-2019-9041 | 1 Zzzcms | 1 Zzzphp | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring. | |||||
| CVE-2019-0222 | 4 Apache, Debian, Netapp and 1 more | 8 Activemq, Debian Linux, E-series Santricity Web Services and 5 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. | |||||
| CVE-2020-6208 | 1 Sap | 1 Crystal Reports | 2021-07-21 | 4.4 MEDIUM | 8.2 HIGH |
| SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability. | |||||
| CVE-2020-25967 | 2 Fastadmin, Microsoft | 2 Fastadmin, Windows | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability. | |||||
| CVE-2019-7539 | 1 Ipycache Project | 1 Ipycache | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A code injection issue was discovered in ipycache through 2016-05-31. | |||||
| CVE-2019-12548 | 1 Bludit | 1 Bludit | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. | |||||
| CVE-2021-25654 | 1 Avaya | 1 Aura Device Services | 2021-07-01 | 4.6 MEDIUM | 7.8 HIGH |
| An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services. | |||||
| CVE-2021-32924 | 1 Invisioncommunity | 1 Ips Community Suite | 2021-06-16 | 6.0 MEDIUM | 8.8 HIGH |
| Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method. | |||||
| CVE-2021-29440 | 1 Getgrav | 1 Grav | 2021-06-08 | 6.5 MEDIUM | 7.2 HIGH |
| Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11. | |||||
| CVE-2021-22900 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-06-04 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | |||||
| CVE-2021-27811 | 1 Qibosoft | 1 Qibosoft | 2021-06-03 | 6.5 MEDIUM | 7.2 HIGH |
| A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of client_upgrade_edition.php and Upgrade.php. | |||||