Search
Total
2894 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12116 | 1 Onap | 1 Open Network Automation Platform | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2020-6230 | 1 Sap | 1 Orientdb | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection. An attacker could thereby control the behavior of the application. | |||||
| CVE-2020-35121 | 1 Keysight | 1 Database Connector | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro. | |||||
| CVE-2019-20002 | 1 Solarwinds | 1 Webhelpdesk | 2021-07-21 | 6.0 MEDIUM | 7.8 HIGH |
| Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | |||||
| CVE-2019-8371 | 1 Open-emr | 1 Openemr | 2021-07-21 | 9.0 HIGH | 7.2 HIGH |
| OpenEMR v5.0.1-6 allows code execution. | |||||
| CVE-2019-17575 | 1 Wbce | 1 Wbce Cms | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg file, and then change the file's base name to filename.ph and change the file's extension to p. Because of concatenation, the name is then treated as filename.php.) At the result, remote attackers can execute arbitrary PHP code. | |||||
| CVE-2020-6208 | 1 Sap | 1 Crystal Reports | 2021-07-21 | 4.4 MEDIUM | 8.2 HIGH |
| SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability. | |||||
| CVE-2020-7205 | 1 Hpe | 118 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4200 Gen9 Server and 115 more | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is related to using insmod in GRUB2 in the specific impacted HPE product and HPE is addressing this issue. HPE has made the following software updates and mitigation information to resolve the vulnerability in Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. HPE provided latest Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting Toolkit which includes the GRUB2 patch to resolve this vulnerability. These new boot images will update GRUB2 and the Forbidden Signature Database (DBX). After the DBX is updated, users will not be able to boot to the older IP, SPP or Scripting ToolKit with Secure Boot enabled. HPE have provided a standalone DBX update tool to work with Microsoft Windows, and supported Linux Operating Systems. These tools can be used to update the Forbidden Signature Database (DBX) from within the OS. **Note:** This DBX update mitigates the GRUB2 issue with insmod enabled, and the "Boot Hole" issue for HPE signed GRUB2 applications. | |||||
| CVE-2019-7539 | 1 Ipycache Project | 1 Ipycache | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A code injection issue was discovered in ipycache through 2016-05-31. | |||||
| CVE-2019-6289 | 1 Dedecms | 1 Dedecms | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename. | |||||
| CVE-2019-12115 | 1 Onap | 1 Open Network Automation Platform | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-8942 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943. | |||||
| CVE-2019-12548 | 1 Bludit | 1 Bludit | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. | |||||
| CVE-2019-0308 | 1 Sap | 1 E-commerce | 2021-07-21 | 3.5 LOW | 6.8 MEDIUM |
| An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection. | |||||
| CVE-2019-12118 | 1 Onap | 1 Open Network Automation Platform | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2020-25967 | 2 Fastadmin, Microsoft | 2 Fastadmin, Windows | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability. | |||||
| CVE-2020-14971 | 1 Pi-hole | 1 Pi-hole | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.gz archive. The attacker then modifies the host parameter in dnsmasq.d files, and then compresses and uploads these files again. | |||||
| CVE-2020-6296 | 1 Sap | 2 Abap Platform, Netweaver As Abap | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. | |||||
| CVE-2020-22427 | 1 Nagios | 1 Nagios Xi | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| ** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time. | |||||
| CVE-2019-16652 | 1 Geniusbytes | 1 Genius Server | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to execute arbitrary commands. | |||||
| CVE-2019-10173 | 2 Oracle, Xstream Project | 10 Banking Platform, Business Activity Monitoring, Communications Billing And Revenue Management Elastic Charging Engine and 7 more | 2021-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285) | |||||
| CVE-2021-35514 | 1 Narou Project | 1 Narou | 2021-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel. | |||||
| CVE-2021-25654 | 1 Avaya | 1 Aura Device Services | 2021-07-01 | 4.6 MEDIUM | 7.8 HIGH |
| An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services. | |||||
| CVE-2021-32924 | 1 Invisioncommunity | 1 Ips Community Suite | 2021-06-16 | 6.0 MEDIUM | 8.8 HIGH |
| Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method. | |||||
| CVE-2021-30461 | 1 Voipmonitor | 1 Voipmonitor | 2021-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php. | |||||
| CVE-2021-29440 | 1 Getgrav | 1 Grav | 2021-06-08 | 6.5 MEDIUM | 7.2 HIGH |
| Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11. | |||||
| CVE-2008-0456 | 1 Apache | 1 Http Server | 2021-06-06 | 2.6 LOW | N/A |
| CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. | |||||
| CVE-2021-22900 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-06-04 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | |||||
| CVE-2021-27811 | 1 Qibosoft | 1 Qibosoft | 2021-06-03 | 6.5 MEDIUM | 7.2 HIGH |
| A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of client_upgrade_edition.php and Upgrade.php. | |||||
| CVE-2019-14827 | 1 Moodle | 1 Moodle | 2021-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates. This affects versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions. | |||||
| CVE-2017-4964 | 1 Cloudfoundry | 1 Bosh Azure Cpi | 2021-05-27 | 4.6 MEDIUM | 8.8 HIGH |
| Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." | |||||
| CVE-2021-22117 | 2 Microsoft, Vmware | 2 Windows, Rabbitmq | 2021-05-25 | 4.6 MEDIUM | 7.8 HIGH |
| RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. | |||||
| CVE-2021-3411 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2021-05-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-29475 | 1 Hedgedoc | 1 Hedgedoc | 2021-05-14 | 5.8 MEDIUM | 10.0 CRITICAL |
| HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability to modify a note. This will affect all instances, which have pdf export enabled. This issue has been fixed by https://github.com/hedgedoc/hedgedoc/commit/c1789474020a6d668d616464cb2da5e90e123f65 and is available in version 1.5.0. Starting the CodiMD/HedgeDoc instance with `CMD_ALLOW_PDF_EXPORT=false` or set `"allowPDFExport": false` in config.json can mitigate this issue for those who cannot upgrade. This exploit works because while PhantomJS doesn't actually render the `file:///` references to the PDF file itself, it still uses them internally, and exfiltration is possible, and easy through JavaScript rendering. The impact is pretty bad, as the attacker is able to read the CodiMD/HedgeDoc `config.json` file as well any other files on the filesystem. Even though the suggested Docker deploy option doesn't have many interesting files itself, the `config.json` still often contains sensitive information, database credentials, and maybe OAuth secrets among other things. | |||||
| CVE-2021-21415 | 1 Prisma | 1 Language-tools | 2021-05-09 | 6.8 MEDIUM | 7.8 HIGH |
| Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a project that has a .vscode/settings.json file that sets a value for "prismaFmtBinPath". That custom binary is executed when auto-formatting is triggered by VS Code or when validation checks are triggered after each keypress on a *.prisma file. Fixed in versions 2.20.0 and 20.0.27. As a workaround users can either edit or delete the `.vscode/settings.json` file or check if the binary is malicious and delete it. | |||||
| CVE-2021-29465 | 1 Discord | 1 Discord-recon | 2021-04-27 | 7.5 HIGH | 9.8 CRITICAL |
| Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the command results. This can result in remote code execution when the user overwrite important files on the system. As a workaround, bot maintainers can edit their `setting.py` file then add `<` and `>` into the `RCE` variable inside of it to fix the issue without an update. The vulnerability is patched in version 0.0.4. | |||||
| CVE-2021-27602 | 1 Sap | 1 Commerce | 2021-04-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the source rules and perform remote code execution enabling them to compromise the confidentiality, integrity and availability of the application. | |||||
| CVE-2009-2372 | 1 Drupal | 1 Drupal | 2021-04-21 | 6.5 MEDIUM | N/A |
| Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. | |||||
| CVE-2021-23281 | 1 Eaton | 1 Intelligent Power Manager | 2021-04-20 | 7.5 HIGH | 10.0 CRITICAL |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code. | |||||
| CVE-2007-5593 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2021-04-19 | 6.8 MEDIUM | N/A |
| install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified. | |||||
| CVE-2021-1362 | 1 Cisco | 4 Prime License Manager, Unified Communications Manager, Unified Communications Manager Im \& Presence Service and 1 more | 2021-04-15 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device. | |||||
| CVE-2014-0602 | 1 Microfocus | 1 Security Manager | 2021-04-13 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3460. | |||||
| CVE-2012-5932 | 1 Microfocus | 1 Privileged User Manager | 2021-04-13 | 10.0 HIGH | N/A |
| Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request. | |||||
| CVE-2007-5331 | 2 Broadcom, Ca | 6 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite and 3 more | 2021-04-09 | 10.0 HIGH | N/A |
| Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers. | |||||
| CVE-2016-7102 | 1 Owncloud | 1 Owncloud Desktop Client | 2021-04-09 | 4.6 MEDIUM | 8.4 HIGH |
| ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. | |||||
| CVE-2012-2971 | 1 Microsoft | 1 Windows | 2021-04-07 | 7.5 HIGH | N/A |
| The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. | |||||
| CVE-2009-3705 | 1 Achievo | 1 Achievo | 2021-04-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | |||||
| CVE-2017-14077 | 1 Phpcaptcha | 1 Securimage | 2021-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php. | |||||
| CVE-2007-4596 | 1 Php | 1 Php | 2021-03-29 | 7.5 HIGH | N/A |
| The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments. | |||||
| CVE-2017-7402 | 1 Lucidcrew | 1 Pixie | 2021-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg. | |||||