| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5821 | Cri | 0.65 | 9.8 | 0.17 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-5820 | Cri | 0.65 | 9.8 | 0.19 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-5819 | Cri | 0.65 | 9.8 | 0.19 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-5817 | Cri | 0.73 | 9.8 | 0.83 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-5816 | Cri | 0.74 | 9.8 | 0.86 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-5815 | Cri | 0.69 | 9.8 | 0.34 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-5814 | Cri | 0.64 | 9.8 | 0.09 | Feb 15, 2018 | A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | ||
| CVE-2017-5810 | Cri | 0.64 | 9.8 | 0.05 | Feb 15, 2018 | A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | ||
| CVE-2017-5807 | Cri | 0.65 | 9.8 | 0.22 | Feb 15, 2018 | A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | ||
| CVE-2017-5806 | Cri | 0.66 | 9.8 | 0.23 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | ||
| CVE-2017-5805 | Cri | 0.66 | 9.8 | 0.23 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | ||
| CVE-2017-5804 | Cri | 0.66 | 9.8 | 0.23 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | ||
| CVE-2017-5802 | Cri | 0.64 | 9.8 | 0.02 | Feb 15, 2018 | A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found. | ||
| CVE-2017-5792 | Cri | 0.69 | 9.8 | 0.35 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | ||
| CVE-2017-5790 | Cri | 0.65 | 9.8 | 0.18 | Feb 15, 2018 | A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. | ||
| CVE-2017-12561 | Cri | 0.66 | 9.8 | 0.31 | Feb 15, 2018 | A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found. | ||
| CVE-2017-12558 | Cri | 0.67 | 9.8 | 0.38 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | ||
| CVE-2017-12557 | Cri | 0.73 | 9.8 | 0.80 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | ||
| CVE-2017-12556 | Cri | 0.67 | 9.8 | 0.38 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | ||
| CVE-2017-12542 | Cri | 0.76 | 10.0 | 0.99 | Feb 15, 2018 | A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found. | ||
| CVE-2016-8519 | Cri | 0.66 | 9.8 | 0.28 | Feb 15, 2018 | A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found. | ||
| CVE-2016-8512 | Cri | 0.64 | 9.8 | 0.06 | Feb 15, 2018 | A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found. | ||
| CVE-2016-8511 | Cri | 0.65 | 9.8 | 0.16 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found. | ||
| CVE-2011-4973 | Cri | 0.64 | 9.8 | 0.01 | Feb 15, 2018 | Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password. | ||
| CVE-2018-7054 | Cri | 0.64 | 9.8 | 0.02 | Feb 15, 2018 | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191. | ||
| CVE-2018-7053 | Cri | 0.64 | 9.8 | 0.02 | Feb 15, 2018 | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order. | ||
| CVE-2017-17301 | Cri | 0.64 | 9.8 | 0.01 | Feb 15, 2018 | Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01,… | ||
| CVE-2018-5440 | Cri | 0.64 | 9.8 | 0.03 | Feb 15, 2018 | A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted… | ||
| CVE-2018-7039 | Cri | 0.64 | 9.8 | 0.01 | Feb 14, 2018 | CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer… | ||
| CVE-2017-18187 | Cri | 0.00 | 9.8 | 0.03 | Feb 14, 2018 | In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c. | ||
| CVE-2018-1287 | — | Cri | 0.64 | 9.8 | 0.03 | Feb 14, 2018 | In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. | |
| CVE-2018-5459 | Cri | 0.64 | 9.8 | 0.03 | Feb 13, 2018 | An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port… | ||
| CVE-2018-6953 | Cri | 0.64 | 9.8 | 0.02 | Feb 13, 2018 | In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses. | ||
| CVE-2018-1383 | Cri | 0.59 | 9.1 | 0.03 | Feb 13, 2018 | A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117. | ||
| CVE-2018-6948 | Cri | 0.64 | 9.8 | 0.02 | Feb 13, 2018 | In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNL_MAX_PREFIX_SIZE; the buffer has the size CCNL_MAX_PREFIX_SIZE. However, when NFN is enabled, additional characters… | ||
| CVE-2018-6928 | Cri | 0.64 | 9.8 | 0.02 | Feb 13, 2018 | PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. | ||
| CVE-2018-0488 | Cri | 0.64 | 9.8 | 0.05 | Feb 13, 2018 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. | ||
| CVE-2018-0487 | Cri | 0.64 | 9.8 | 0.03 | Feb 13, 2018 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. | ||
| CVE-2018-6911 | Cri | 0.68 | 9.8 | 0.13 | Feb 13, 2018 | The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). | ||
| CVE-2018-6292 | Cri | 0.64 | 9.8 | 0.04 | Feb 13, 2018 | Remote Code Execution in Saperion Web Client version 7.5.2 83166. | ||
| CVE-2018-1297 | — | Cri | 0.65 | 9.8 | 0.10 | Feb 13, 2018 | When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. | |
| CVE-2017-13229 | Cri | 0.64 | 9.8 | 0.02 | Feb 12, 2018 | A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703. | ||
| CVE-2018-6893 | Cri | 0.64 | 9.8 | 0.03 | Feb 12, 2018 | controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering. | ||
| CVE-2018-6863 | Cri | 0.64 | 9.8 | 0.02 | Feb 12, 2018 | SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter. | ||
| CVE-2018-6892 | Cri | 0.74 | 9.8 | 0.94 | Feb 11, 2018 | An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the… | ||
| CVE-2017-18174 | Cri | 0.00 | 9.8 | 0.03 | Feb 11, 2018 | In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. | ||
| CVE-2018-1000060 | — | Cri | 0.00 | 9.8 | 0.02 | Feb 9, 2018 | Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack… | |
| CVE-2018-1000059 | Cri | 0.64 | 9.8 | 0.02 | Feb 9, 2018 | ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system. | ||
| CVE-2018-1000044 | Cri | 0.64 | 9.8 | 0.02 | Feb 9, 2018 | Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors… | ||
| CVE-2018-1000043 | Cri | 0.64 | 9.8 | 0.04 | Feb 9, 2018 | Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be… |
- risk 0.65cvss 9.8epss 0.17
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.65cvss 9.8epss 0.19
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.65cvss 9.8epss 0.19
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.73cvss 9.8epss 0.83
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.74cvss 9.8epss 0.86
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.69cvss 9.8epss 0.34
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.64cvss 9.8epss 0.09
A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
- risk 0.64cvss 9.8epss 0.05
A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
- risk 0.65cvss 9.8epss 0.22
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
- risk 0.66cvss 9.8epss 0.23
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
- risk 0.66cvss 9.8epss 0.23
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
- risk 0.66cvss 9.8epss 0.23
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
- risk 0.64cvss 9.8epss 0.02
A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.
- risk 0.69cvss 9.8epss 0.35
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
- risk 0.65cvss 9.8epss 0.18
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.
- risk 0.66cvss 9.8epss 0.31
A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.
- risk 0.67cvss 9.8epss 0.38
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
- risk 0.73cvss 9.8epss 0.80
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
- risk 0.67cvss 9.8epss 0.38
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
- risk 0.76cvss 10.0epss 0.99
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
- risk 0.66cvss 9.8epss 0.28
A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found.
- risk 0.64cvss 9.8epss 0.06
A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.
- risk 0.65cvss 9.8epss 0.16
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.
- risk 0.64cvss 9.8epss 0.01
Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.
- risk 0.64cvss 9.8epss 0.01
Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01,…
- risk 0.64cvss 9.8epss 0.03
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted…
- risk 0.64cvss 9.8epss 0.01
CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer…
- risk 0.00cvss 9.8epss 0.03
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
- risk 0.64cvss 9.8epss 0.03
In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
- risk 0.64cvss 9.8epss 0.03
An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port…
- risk 0.64cvss 9.8epss 0.02
In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses.
- risk 0.59cvss 9.1epss 0.03
A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.
- risk 0.64cvss 9.8epss 0.02
In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNL_MAX_PREFIX_SIZE; the buffer has the size CCNL_MAX_PREFIX_SIZE. However, when NFN is enabled, additional characters…
- risk 0.64cvss 9.8epss 0.02
PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.
- risk 0.64cvss 9.8epss 0.05
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
- risk 0.64cvss 9.8epss 0.03
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
- risk 0.68cvss 9.8epss 0.13
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
- risk 0.64cvss 9.8epss 0.04
Remote Code Execution in Saperion Web Client version 7.5.2 83166.
- risk 0.65cvss 9.8epss 0.10
When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
- risk 0.64cvss 9.8epss 0.02
A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703.
- risk 0.64cvss 9.8epss 0.03
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering.
- risk 0.64cvss 9.8epss 0.02
SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter.
- risk 0.74cvss 9.8epss 0.94
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the…
- risk 0.00cvss 9.8epss 0.03
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.
- risk 0.00cvss 9.8epss 0.02
Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack…
- risk 0.64cvss 9.8epss 0.02
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system.
- risk 0.64cvss 9.8epss 0.02
Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors…
- risk 0.64cvss 9.8epss 0.04
Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be…