Search
Total
2894 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12842 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php. | |||||
| CVE-2020-35458 | 1 Clusterlabs | 1 Hawk | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser. | |||||
| CVE-2019-0222 | 4 Apache, Debian, Netapp and 1 more | 8 Activemq, Debian Linux, E-series Santricity Web Services and 5 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. | |||||
| CVE-2020-7206 | 1 Hp | 1 Nagios-plugins-hpilo | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability. | |||||
| CVE-2019-14242 | 2 Bitdefender, Microsoft | 5 Antivirus Plus, Endpoint Security Tool, Internet Security and 2 more | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. | |||||
| CVE-2019-7539 | 1 Ipycache Project | 1 Ipycache | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A code injection issue was discovered in ipycache through 2016-05-31. | |||||
| CVE-2020-8961 | 1 Avira | 1 Free Antivirus | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality. | |||||
| CVE-2019-11495 | 1 Couchbase | 1 Couchbase Server | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0. | |||||
| CVE-2019-0308 | 1 Sap | 1 E-commerce | 2021-07-21 | 3.5 LOW | 6.8 MEDIUM |
| An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection. | |||||
| CVE-2020-8584 | 1 Netapp | 4 Element Os, Hci Management Node, Hci Storage Node and 1 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution. | |||||
| CVE-2020-36245 | 1 Gramaddict | 1 Gramaddict | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network. | |||||
| CVE-2020-35121 | 1 Keysight | 1 Database Connector | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro. | |||||
| CVE-2020-15817 | 1 Jetbrains | 1 Youtrack | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. | |||||
| CVE-2019-18792 | 2 Debian, Suricata-ids | 2 Debian Linux, Suricata | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet. | |||||
| CVE-2020-12839 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php. | |||||
| CVE-2019-10760 | 1 Safer-eval Project | 1 Safer-eval | 2021-07-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. | |||||
| CVE-2019-8908 | 1 Wtcms Project | 1 Wtcms | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header. | |||||
| CVE-2020-17456 | 1 Seowonintech | 4 Slc-130, Slc-130 Firmware, Slr-120s and 1 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page. | |||||
| CVE-2019-17575 | 1 Wbce | 1 Wbce Cms | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg file, and then change the file's base name to filename.ph and change the file's extension to p. Because of concatenation, the name is then treated as filename.php.) At the result, remote attackers can execute arbitrary PHP code. | |||||
| CVE-2019-25022 | 1 Scytl | 1 Secure Vote | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation. | |||||
| CVE-2019-12548 | 1 Bludit | 1 Bludit | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. | |||||
| CVE-2020-9377 | 1 Dlink | 2 Dir-610, Dir-610 Firmware | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-1959 | 1 Apache | 1 Syncope | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code. | |||||
| CVE-2019-15490 | 1 It-novum | 1 Openitcockpit | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. | |||||
| CVE-2020-6296 | 1 Sap | 2 Abap Platform, Netweaver As Abap | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. | |||||
| CVE-2019-20002 | 1 Solarwinds | 1 Webhelpdesk | 2021-07-21 | 6.0 MEDIUM | 7.8 HIGH |
| Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | |||||
| CVE-2020-13994 | 1 Mods-for-hesk | 1 Mods For Hesk | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker. | |||||
| CVE-2019-15766 | 1 Kslabs | 1 Ksweb | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to (and the config_text parameter set to the content of the file to be created). This can be a PHP file that is written to in the public web directory and subsequently executed. The attacker must have network connectivity to the PHP server that is running on the Android device. | |||||
| CVE-2019-7903 | 1 Magento | 1 Magento | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template. | |||||
| CVE-2019-3493 | 1 Microfocus | 2 Network Automation, Network Operations Management | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution. | |||||
| CVE-2020-6230 | 1 Sap | 1 Orientdb | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection. An attacker could thereby control the behavior of the application. | |||||
| CVE-2019-16652 | 1 Geniusbytes | 1 Genius Server | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to execute arbitrary commands. | |||||
| CVE-2020-14971 | 1 Pi-hole | 1 Pi-hole | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.gz archive. The attacker then modifies the host parameter in dnsmasq.d files, and then compresses and uploads these files again. | |||||
| CVE-2020-24354 | 1 Zyxel | 2 Vmg5313-b30b, Vmg5313-b30b Firmware | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. | |||||
| CVE-2019-7731 | 1 Mywebsql | 1 Mywebsql | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file. | |||||
| CVE-2019-14786 | 1 Rankmath | 1 Seo | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter. | |||||
| CVE-2019-10759 | 1 Safer-eval Project | 1 Safer-eval | 2021-07-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. | |||||
| CVE-2019-8341 | 1 Pocoo | 1 Jinja2 | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. | |||||
| CVE-2019-9002 | 2 Pixeline, Tiny Issue Project | 2 Bugs, Tiny Issue | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is completed. | |||||
| CVE-2019-9041 | 1 Zzzcms | 1 Zzzphp | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring. | |||||
| CVE-2019-6289 | 1 Dedecms | 1 Dedecms | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename. | |||||
| CVE-2020-22427 | 1 Nagios | 1 Nagios Xi | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| ** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time. | |||||
| CVE-2020-15541 | 1 Solarwinds | 1 Serv-u Ftp Server | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. | |||||
| CVE-2019-20530 | 1 Google | 1 Android | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), P(9.0), and Q(10.0) software. Arbitrary code execution is possible on the lock screen. The Samsung ID is SVE-2019-15266 (December 2019). | |||||
| CVE-2020-9664 | 1 Magento | 1 Magento | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-12838 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php. | |||||
| CVE-2019-12115 | 1 Onap | 1 Open Network Automation Platform | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12114 | 1 Onap | 1 Open Network Automation Platform | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12118 | 1 Onap | 1 Open Network Automation Platform | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-10666 | 1 Librenms | 1 Librenms | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring. | |||||