| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8794 | Cri | 0.01 | 9.8 | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution. | ||
| CVE-2018-8793 | Cri | 0.01 | 9.8 | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution. | ||
| CVE-2019-7412 | Cri | 0.64 | 9.8 | 0.03 | Feb 5, 2019 | The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values. | ||
| CVE-2018-4056 | Cri | 0.64 | 9.8 | 0.03 | Feb 5, 2019 | An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN… | ||
| CVE-2018-18998 | Cri | 0.64 | 9.8 | 0.02 | Feb 5, 2019 | LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges. | ||
| CVE-2018-18996 | Cri | 0.64 | 9.8 | 0.02 | Feb 5, 2019 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server. | ||
| CVE-2016-1000282 | Cri | 0.68 | 9.8 | 0.13 | Feb 5, 2019 | Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection. | ||
| CVE-2018-20753 | Cri | 0.84 | 9.8 | 0.30 | KEV | Feb 5, 2019 | Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild. | |
| CVE-2017-18362 | Cri | 0.89 | 9.8 | 0.87 | KEV | Feb 5, 2019 | ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware… | |
| CVE-2019-1000023 | Cri | 0.64 | 9.8 | 0.02 | Feb 4, 2019 | OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL… | ||
| CVE-2019-1000006 | Cri | 0.64 | 9.8 | 0.02 | Feb 4, 2019 | RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via… | ||
| CVE-2019-1000001 | Cri | 0.64 | 9.8 | 0.02 | Feb 4, 2019 | TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass… | ||
| CVE-2018-20752 | Cri | 0.64 | 9.8 | 0.03 | Feb 4, 2019 | An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can… | ||
| CVE-2016-1000271 | Cri | 0.64 | 9.8 | 0.02 | Feb 4, 2019 | Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server. | ||
| CVE-2019-7316 | Cri | 0.64 | 9.8 | 0.03 | Feb 4, 2019 | An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability. | ||
| CVE-2019-7314 | Cri | 0.64 | 9.8 | 0.03 | Feb 4, 2019 | liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact. | ||
| CVE-2018-16492 | — | Cri | 0.57 | 9.8 | 0.03 | Feb 1, 2019 | A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. | |
| CVE-2018-16491 | — | Cri | 0.64 | 9.8 | 0.02 | Feb 1, 2019 | A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | |
| CVE-2018-16489 | — | Cri | 0.64 | 9.8 | 0.02 | Feb 1, 2019 | A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions. | |
| CVE-2018-16486 | — | Cri | 0.64 | 9.8 | 0.01 | Feb 1, 2019 | A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype. | |
| CVE-2019-7297 | Cri | 0.65 | 9.8 | 0.12 | Jan 31, 2019 | An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function… | ||
| CVE-2018-5560 | Cri | 0.65 | 10.0 | 0.02 | Jan 31, 2019 | A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device. | ||
| CVE-2018-12548 | Cri | 0.64 | 9.8 | 0.01 | Jan 31, 2019 | In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code. | ||
| CVE-2018-18941 | Cri | 0.64 | 9.8 | 0.02 | Jan 31, 2019 | In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this… | ||
| CVE-2019-7249 | Cri | 0.64 | 9.8 | 0.03 | Jan 31, 2019 | In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs. | ||
| CVE-2019-6438 | Cri | 0.64 | 9.8 | 0.02 | Jan 31, 2019 | SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. | ||
| CVE-2019-7234 | Cri | 0.59 | 9.1 | 0.02 | Jan 30, 2019 | An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file… | ||
| CVE-2018-20750 | Cri | 0.00 | 9.8 | 0.03 | Jan 30, 2019 | LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. | ||
| CVE-2018-20749 | Cri | 0.00 | 9.8 | 0.03 | Jan 30, 2019 | LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. | ||
| CVE-2018-20748 | Cri | 0.00 | 9.8 | 0.03 | Jan 30, 2019 | LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. | ||
| CVE-2018-17431 | Cri | 0.73 | 9.8 | 0.84 | Jan 30, 2019 | Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL. | ||
| CVE-2019-7160 | Cri | 0.64 | 9.8 | 0.03 | Jan 29, 2019 | idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. | ||
| CVE-2018-10612 | Cri | 0.64 | 9.8 | 0.01 | Jan 29, 2019 | In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. | ||
| CVE-2019-6991 | Cri | 0.00 | 9.8 | 0.03 | Jan 28, 2019 | A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username. | ||
| CVE-2019-6978 | Cri | 0.57 | 9.8 | 0.04 | Jan 28, 2019 | The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. | ||
| CVE-2019-6703 | Cri | 0.66 | 9.8 | 0.26 | Jan 27, 2019 | Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to… | ||
| CVE-2019-6798 | Cri | 0.64 | 9.8 | 0.04 | Jan 26, 2019 | An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. | ||
| CVE-2019-6805 | Cri | 0.64 | 9.8 | 0.01 | Jan 25, 2019 | SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. | ||
| CVE-2019-1651 | Cri | 0.65 | 9.9 | 0.05 | Jan 24, 2019 | A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An… | ||
| CVE-2019-6713 | Cri | 0.64 | 9.8 | 0.02 | Jan 23, 2019 | app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call. | ||
| CVE-2017-17836 | Cri | 0.64 | 9.8 | 0.02 | Jan 23, 2019 | In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all… | ||
| CVE-2019-6260 | Cri | 0.64 | 9.8 | 0.04 | Jan 22, 2019 | The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases… | ||
| CVE-2018-6444 | Cri | 0.64 | 9.8 | 0.03 | Jan 22, 2019 | A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands. | ||
| CVE-2019-6339 | Cri | 0.59 | 9.8 | 0.33 | Jan 22, 2019 | In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom)… | ||
| CVE-2018-19635 | Cri | 0.64 | 9.8 | 0.01 | Jan 22, 2019 | CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. | ||
| CVE-2019-6503 | Cri | 0.64 | 9.8 | 0.02 | Jan 22, 2019 | There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method. | ||
| CVE-2019-6497 | Cri | 0.64 | 9.8 | 0.01 | Jan 20, 2019 | Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter. | ||
| CVE-2019-3774 | — | Cri | 0.64 | 9.8 | 0.03 | Jan 18, 2019 | Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | |
| CVE-2019-3773 | Cri | 0.64 | 9.8 | 0.04 | Jan 18, 2019 | Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | ||
| CVE-2019-3772 | Cri | 0.57 | 9.8 | 0.03 | Jan 18, 2019 | Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. |
- risk 0.01cvss 9.8epss 0.07
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
- risk 0.01cvss 9.8epss 0.07
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
- risk 0.64cvss 9.8epss 0.03
The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values.
- risk 0.64cvss 9.8epss 0.03
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN…
- risk 0.64cvss 9.8epss 0.02
LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges.
- risk 0.64cvss 9.8epss 0.02
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.
- risk 0.68cvss 9.8epss 0.13
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
- risk 0.84cvss 9.8epss 0.30
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.
- risk 0.89cvss 9.8epss 0.87
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware…
- risk 0.64cvss 9.8epss 0.02
OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL…
- risk 0.64cvss 9.8epss 0.02
RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via…
- risk 0.64cvss 9.8epss 0.02
TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass…
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can…
- risk 0.64cvss 9.8epss 0.02
Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability.
- risk 0.64cvss 9.8epss 0.03
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
- risk 0.57cvss 9.8epss 0.03
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
- risk 0.64cvss 9.8epss 0.02
A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
- risk 0.64cvss 9.8epss 0.02
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.
- risk 0.64cvss 9.8epss 0.01
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.
- risk 0.65cvss 9.8epss 0.12
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function…
- risk 0.65cvss 10.0epss 0.02
A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.
- risk 0.64cvss 9.8epss 0.01
In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.
- risk 0.64cvss 9.8epss 0.02
In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this…
- risk 0.64cvss 9.8epss 0.03
In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs.
- risk 0.64cvss 9.8epss 0.02
SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.
- risk 0.59cvss 9.1epss 0.02
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file…
- risk 0.00cvss 9.8epss 0.03
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
- risk 0.00cvss 9.8epss 0.03
LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
- risk 0.00cvss 9.8epss 0.03
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.
- risk 0.73cvss 9.8epss 0.84
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.
- risk 0.64cvss 9.8epss 0.03
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.
- risk 0.64cvss 9.8epss 0.01
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.
- risk 0.00cvss 9.8epss 0.03
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.
- risk 0.57cvss 9.8epss 0.04
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
- risk 0.66cvss 9.8epss 0.26
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to…
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
- risk 0.64cvss 9.8epss 0.01
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
- risk 0.65cvss 9.9epss 0.05
A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An…
- risk 0.64cvss 9.8epss 0.02
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call.
- risk 0.64cvss 9.8epss 0.02
In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all…
- risk 0.64cvss 9.8epss 0.04
The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases…
- risk 0.64cvss 9.8epss 0.03
A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands.
- risk 0.59cvss 9.8epss 0.33
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom)…
- risk 0.64cvss 9.8epss 0.01
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.
- risk 0.64cvss 9.8epss 0.02
There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method.
- risk 0.64cvss 9.8epss 0.01
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
- risk 0.64cvss 9.8epss 0.03
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
- risk 0.64cvss 9.8epss 0.04
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
- risk 0.57cvss 9.8epss 0.03
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.