| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6162 | Cri | 0.59 | 9.1 | 0.02 | Jan 10, 2020 | An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c. | ||
| CVE-2014-5093 | Cri | 0.67 | 9.8 | 0.04 | Jan 10, 2020 | Status2k does not remove the install directory allowing credential reset. | ||
| CVE-2013-7380 | Cri | 0.64 | 9.8 | 0.02 | Jan 10, 2020 | The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability | ||
| CVE-2014-5081 | Cri | 0.68 | 9.8 | 0.10 | Jan 10, 2020 | sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass | ||
| CVE-2014-4984 | Cri | 0.64 | 9.8 | 0.03 | Jan 10, 2020 | Déjà Vu Crescendo Sales CRM has remote SQL Injection | ||
| CVE-2014-4982 | Cri | 0.64 | 9.8 | 0.05 | Jan 10, 2020 | LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server. | ||
| CVE-2020-6756 | Cri | 0.68 | 9.8 | 0.11 | Jan 9, 2020 | languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter. | ||
| CVE-2019-20374 | Cri | 0.00 | 9.6 | 0.02 | Jan 9, 2020 | A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to… | ||
| CVE-2012-3807 | Cri | 0.69 | 9.8 | 0.32 | Jan 9, 2020 | Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. | ||
| CVE-2012-2226 | Cri | 0.67 | 9.8 | 0.07 | Jan 9, 2020 | Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | ||
| CVE-2012-2714 | Cri | 0.64 | 9.8 | 0.03 | Jan 9, 2020 | The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier. | ||
| CVE-2012-1259 | Cri | 0.67 | 9.8 | 0.04 | Jan 9, 2020 | Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to… | ||
| CVE-2019-6330 | Cri | 0.64 | 9.8 | 0.02 | Jan 9, 2020 | A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege. | ||
| CVE-2019-4651 | Cri | 0.64 | 9.8 | 0.01 | Jan 9, 2020 | IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962. | ||
| CVE-2014-3449 | Cri | 0.64 | 9.8 | 0.03 | Jan 9, 2020 | BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability | ||
| CVE-2014-3448 | Cri | 0.64 | 9.8 | 0.04 | Jan 9, 2020 | BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload | ||
| CVE-2014-2651 | Cri | 0.64 | 9.8 | 0.02 | Jan 9, 2020 | Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface | ||
| CVE-2014-2650 | Cri | 0.64 | 9.8 | 0.03 | Jan 9, 2020 | Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface | ||
| CVE-2011-5266 | Cri | 0.64 | 9.8 | 0.01 | Jan 8, 2020 | Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. | ||
| CVE-2019-9812 | Cri | 0.61 | 9.3 | 0.01 | Jan 8, 2020 | Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then… | ||
| CVE-2020-5510 | Cri | 0.64 | 9.8 | 0.02 | Jan 8, 2020 | PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. | ||
| CVE-2019-19495 | Cri | 0.64 | 9.8 | 0.04 | Jan 8, 2020 | The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET… | ||
| CVE-2019-5082 | Cri | 0.64 | 9.8 | 0.03 | Jan 8, 2020 | An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can… | ||
| CVE-2019-20367 | Cri | 0.52 | 9.1 | 0.03 | Jan 8, 2020 | nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). | ||
| CVE-2019-10777 | — | Cri | 0.64 | 9.8 | 0.02 | Jan 8, 2020 | In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName". | |
| CVE-2019-19518 | Cri | 0.64 | 9.8 | 0.03 | Jan 8, 2020 | CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands. | ||
| CVE-2019-17076 | Cri | 0.64 | 9.8 | 0.03 | Jan 8, 2020 | An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data when parsing JSON in several APIs may cause Denial of Service (DoS), remote code execution (RCE), and/or deletion of files on the Jamf Pro server. | ||
| CVE-2019-10778 | — | Cri | 0.57 | 9.8 | 0.03 | Jan 8, 2020 | devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization. | |
| CVE-2014-2072 | Cri | 0.67 | 9.8 | 0.07 | Jan 8, 2020 | Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks | ||
| CVE-2014-1860 | Cri | 0.64 | 9.8 | 0.04 | Jan 8, 2020 | Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities | ||
| CVE-2014-1409 | Cri | 0.59 | 9.1 | 0.04 | Jan 8, 2020 | MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords | ||
| CVE-2014-1598 | Cri | 0.64 | 9.8 | 0.01 | Jan 8, 2020 | centurystar 7.12 ActiveX Control has a Stack Buffer Overflow | ||
| CVE-2020-6170 | Cri | 0.67 | 9.8 | 0.07 | Jan 8, 2020 | An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI. | ||
| CVE-2019-20361 | Cri | 0.74 | 9.8 | 0.85 | Jan 8, 2020 | There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability). | ||
| CVE-2019-17146 | Cri | 0.64 | 9.8 | 0.10 | Jan 7, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default.… | ||
| CVE-2020-5841 | Cri | 0.64 | 9.8 | 0.01 | Jan 7, 2020 | An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication. | ||
| CVE-2019-14906 | Cri | 0.64 | 9.8 | 0.02 | Jan 7, 2020 | A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface… | ||
| CVE-2020-5307 | Cri | 0.65 | 9.8 | 0.16 | Jan 7, 2020 | PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and… | ||
| CVE-2019-10776 | — | Cri | 0.57 | 9.8 | 0.02 | Jan 7, 2020 | In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2. | |
| CVE-2014-8673 | Cri | 0.68 | 9.8 | 0.12 | Jan 7, 2020 | Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33. | ||
| CVE-2019-14837 | Cri | 0.52 | 9.1 | 0.02 | Jan 7, 2020 | A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be… | ||
| CVE-2013-5122 | Cri | 0.64 | 9.8 | 0.04 | Jan 7, 2020 | Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access | ||
| CVE-2015-5951 | Cri | 0.65 | 9.9 | 0.03 | Jan 6, 2020 | A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands. | ||
| CVE-2019-16273 | Cri | 0.64 | 9.8 | 0.02 | Jan 6, 2020 | DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing… | ||
| CVE-2019-16272 | Cri | 0.64 | 9.8 | 0.01 | Jan 6, 2020 | On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement. | ||
| CVE-2020-5514 | Cri | 0.63 | 9.1 | 0.44 | Jan 6, 2020 | Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. | ||
| CVE-2019-18792 | Cri | 0.52 | 9.1 | 0.03 | Jan 6, 2020 | An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data)… | ||
| CVE-2016-11017 | Cri | 0.64 | 9.8 | 0.04 | Jan 6, 2020 | The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login… | ||
| CVE-2019-20343 | Cri | 0.64 | 9.8 | 0.02 | Jan 6, 2020 | The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an… | ||
| CVE-2020-5519 | Cri | 0.57 | 9.8 | 0.01 | Jan 6, 2020 | The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen. |
- risk 0.59cvss 9.1epss 0.02
An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c.
- risk 0.67cvss 9.8epss 0.04
Status2k does not remove the install directory allowing credential reset.
- risk 0.64cvss 9.8epss 0.02
The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability
- risk 0.68cvss 9.8epss 0.10
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass
- risk 0.64cvss 9.8epss 0.03
Déjà Vu Crescendo Sales CRM has remote SQL Injection
- risk 0.64cvss 9.8epss 0.05
LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.
- risk 0.68cvss 9.8epss 0.11
languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.
- risk 0.00cvss 9.6epss 0.02
A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to…
- risk 0.69cvss 9.8epss 0.32
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.
- risk 0.67cvss 9.8epss 0.07
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.
- risk 0.64cvss 9.8epss 0.03
The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.
- risk 0.67cvss 9.8epss 0.04
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to…
- risk 0.64cvss 9.8epss 0.02
A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.
- risk 0.64cvss 9.8epss 0.01
IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962.
- risk 0.64cvss 9.8epss 0.03
BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability
- risk 0.64cvss 9.8epss 0.04
BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload
- risk 0.64cvss 9.8epss 0.02
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface
- risk 0.64cvss 9.8epss 0.03
Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface
- risk 0.64cvss 9.8epss 0.01
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
- risk 0.61cvss 9.3epss 0.01
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then…
- risk 0.64cvss 9.8epss 0.02
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
- risk 0.64cvss 9.8epss 0.04
The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET…
- risk 0.64cvss 9.8epss 0.03
An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can…
- risk 0.52cvss 9.1epss 0.03
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
- risk 0.64cvss 9.8epss 0.02
In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName".
- risk 0.64cvss 9.8epss 0.03
CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data when parsing JSON in several APIs may cause Denial of Service (DoS), remote code execution (RCE), and/or deletion of files on the Jamf Pro server.
- risk 0.57cvss 9.8epss 0.03
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization.
- risk 0.67cvss 9.8epss 0.07
Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks
- risk 0.64cvss 9.8epss 0.04
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
- risk 0.59cvss 9.1epss 0.04
MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords
- risk 0.64cvss 9.8epss 0.01
centurystar 7.12 ActiveX Control has a Stack Buffer Overflow
- risk 0.67cvss 9.8epss 0.07
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.
- risk 0.74cvss 9.8epss 0.85
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
- risk 0.64cvss 9.8epss 0.10
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default.…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication.
- risk 0.64cvss 9.8epss 0.02
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface…
- risk 0.65cvss 9.8epss 0.16
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and…
- risk 0.57cvss 9.8epss 0.02
In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2.
- risk 0.68cvss 9.8epss 0.12
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.
- risk 0.52cvss 9.1epss 0.02
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be…
- risk 0.64cvss 9.8epss 0.04
Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access
- risk 0.65cvss 9.9epss 0.03
A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.
- risk 0.64cvss 9.8epss 0.02
DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing…
- risk 0.64cvss 9.8epss 0.01
On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement.
- risk 0.63cvss 9.1epss 0.44
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
- risk 0.52cvss 9.1epss 0.03
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data)…
- risk 0.64cvss 9.8epss 0.04
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login…
- risk 0.64cvss 9.8epss 0.02
The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an…
- risk 0.57cvss 9.8epss 0.01
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen.