Search
Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12995 | 1 Onefilecms | 1 Onefilecms | 2018-08-20 | 6.5 MEDIUM | 8.8 HIGH |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. | |||||
| CVE-2018-12994 | 1 Onefilecms | 1 Onefilecms | 2018-08-20 | 6.5 MEDIUM | 8.8 HIGH |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. | |||||
| CVE-2017-9774 | 1 Horde | 1 Horde Image Api | 2018-08-18 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. | |||||
| CVE-2017-7798 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-09 | 6.8 MEDIUM | 8.8 HIGH |
| The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. | |||||
| CVE-2018-10515 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-05-24 | 6.5 MEDIUM | 7.2 HIGH |
| In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive. | |||||
| CVE-2018-10236 | 1 Poscms | 1 Poscms | 2018-05-22 | 6.5 MEDIUM | 7.2 HIGH |
| POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name'] with no restrictions, and this value is written to the FCPATH.$file file. | |||||
| CVE-2018-10235 | 1 Poscms | 1 Poscms | 2018-05-22 | 6.5 MEDIUM | 7.2 HIGH |
| POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and write this code into the api/ucsso/config.php file. | |||||
| CVE-2018-1028 | 1 Microsoft | 6 Excel Services, Office, Office 2010 and 3 more | 2018-05-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server. | |||||
| CVE-2018-8074 | 1 Yiiframework | 1 Yii | 2018-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension. | |||||
| CVE-2018-8966 | 1 Zzcms | 1 Zzcms | 2018-04-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. | |||||
| CVE-2018-7271 | 1 Metinfo | 1 Metinfo | 2018-03-21 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell. | |||||
| CVE-2017-16670 | 1 Smartbear | 1 Soapui | 2018-03-19 | 6.8 MEDIUM | 7.8 HIGH |
| The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. | |||||
| CVE-2018-6889 | 1 Typesettercms | 1 Typesetter | 2018-03-06 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction. | |||||
| CVE-2018-2363 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver | 2018-01-29 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. | |||||
| CVE-2017-16905 | 2 Duolingo, Google | 2 Tinycards, Android | 2018-01-24 | 6.8 MEDIUM | 8.1 HIGH |
| The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack. | |||||
| CVE-2016-5424 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2018-01-05 | 4.6 MEDIUM | 7.1 HIGH |
| PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. | |||||
| CVE-2017-7411 | 1 Enalean | 1 Tuleap | 2017-12-27 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution). | |||||
| CVE-2017-16682 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver Internet Transaction Server | 2017-12-22 | 6.5 MEDIUM | 7.2 HIGH |
| SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. | |||||
| CVE-2017-15806 | 1 Zetacomponents | 1 Mail | 2017-12-02 | 6.8 MEDIUM | 8.1 HIGH |
| The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php." | |||||
| CVE-2014-4000 | 1 Cacti | 1 Cacti | 2017-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). | |||||
| CVE-2017-15935 | 1 Artica | 1 Pandora Fms | 2017-11-14 | 9.0 HIGH | 7.2 HIGH |
| Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file. | |||||
| CVE-2017-14353 | 1 Hp | 1 Ucmdb Foundation Software | 2017-11-11 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | |||||
| CVE-2017-7911 | 1 Cybervision | 1 Kaa Iot Platform | 2017-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution. | |||||
| CVE-2017-6455 | 1 Ntp | 1 Ntp | 2017-10-24 | 4.4 MEDIUM | 7.0 HIGH |
| NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. | |||||
| CVE-2017-13676 | 1 Norton | 1 Remove \& Reinstall | 2017-10-06 | 4.4 MEDIUM | 7.0 HIGH |
| Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability. | |||||
| CVE-2017-2809 | 1 Ansible-vault Project | 1 Ansible-vault | 2017-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. | |||||
| CVE-2017-14764 | 1 Genixcms | 1 Genixcms | 2017-09-29 | 6.5 MEDIUM | 8.8 HIGH |
| In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module. | |||||
| CVE-2014-9463 | 2 Vbseo, Vbulletin | 2 Vbseo, Vbulletin | 2017-09-29 | 9.0 HIGH | 8.8 HIGH |
| functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | |||||
| CVE-2015-9227 | 1 Alegrocart | 1 Alegrocart | 2017-09-18 | 6.5 MEDIUM | 7.2 HIGH |
| PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2. | |||||
| CVE-2017-14146 | 1 Helpdezk | 1 Helpdezk | 2017-09-06 | 6.5 MEDIUM | 8.8 HIGH |
| HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. | |||||
| CVE-2016-8020 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 6.0 MEDIUM | 8.0 HIGH |
| Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. | |||||
| CVE-2017-10835 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2017-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. | |||||
| CVE-2017-1469 | 1 Ibm | 1 Infosphere Information Server | 2017-08-25 | 4.6 MEDIUM | 7.8 HIGH |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. | |||||
| CVE-2017-8912 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-08-16 | 6.5 MEDIUM | 7.2 HIGH |
| ** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug." | |||||
| CVE-2017-11760 | 1 Projeqtor | 1 Projeqtor | 2017-08-09 | 6.5 MEDIUM | 8.8 HIGH |
| uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area. | |||||
| CVE-2017-11675 | 1 Zen-cart | 1 Zen Cart | 2017-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. | |||||
| CVE-2015-0249 | 1 Apache | 1 Roller | 2017-07-27 | 6.5 MEDIUM | 7.2 HIGH |
| The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL). | |||||
| CVE-2017-11421 | 1 Gnome-exe-thumbnailer Project | 1 Gnome-exe-thumbnailer | 2017-07-26 | 4.6 MEDIUM | 7.8 HIGH |
| gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename. | |||||
| CVE-2015-3640 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2017-07-25 | 6.0 MEDIUM | 7.5 HIGH |
| phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts. | |||||
| CVE-2015-3638 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2017-07-25 | 6.5 MEDIUM | 8.8 HIGH |
| phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable. | |||||
| CVE-2016-9862 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. | |||||
| CVE-2015-2252 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2017-06-20 | 9.3 HIGH | 8.8 HIGH |
| Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. | |||||
| CVE-2017-9442 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-09 | 6.5 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files." | |||||
| CVE-2017-8402 | 1 Pivotx | 1 Pivotx | 2017-06-08 | 6.5 MEDIUM | 8.8 HIGH |
| PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file. | |||||
| CVE-2015-6531 | 1 Paloaltonetworks | 1 Pan-os | 2017-06-08 | 9.3 HIGH | 7.8 HIGH |
| Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file. | |||||
| CVE-2016-4895 | 1 Setucocms Project | 1 Setucocms | 2017-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors. | |||||
| CVE-2016-5072 | 1 Oxidforge | 1 Oxid Eshop | 2017-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9. | |||||
| CVE-2017-7570 | 1 Pivotx | 1 Pivotx | 2017-04-13 | 6.5 MEDIUM | 8.8 HIGH |
| PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. | |||||
| CVE-2016-8354 | 1 Schneider-electric | 1 Unity Pro | 2017-03-15 | 5.1 MEDIUM | 7.0 HIGH |
| An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions. | |||||
| CVE-2016-5727 | 1 Simplemachines | 1 Simple Machines Forum | 2017-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. | |||||