Vulnerabilities (CVE)

Filtered by CWE-94
Total 4642 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5779 1 Mitel 2 Connect Onsite, St14.2 2024-11-21 10.0 HIGH 9.8 CRITICAL
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.
CVE-2018-5158 4 Canonical, Debian, Mozilla and 1 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
CVE-2018-4031 1 Getcujo 1 Smart Firewall 2024-11-21 10.0 HIGH 10.0 CRITICAL
An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability.
CVE-2018-3784 1 Cryo Project 1 Cryo 2024-11-21 7.5 HIGH 9.8 CRITICAL
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization.
CVE-2018-3700 2 Intel, Microsoft 2 Usb 3.0 Extensible Host Controller Driver, Windows 7 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access.
CVE-2018-3686 1 Intel 1 Sa-00086 Detection Tool 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access.
CVE-2018-3608 2 Microsoft, Trendmicro 7 Windows, Antivirus \+ Security, Internet Security and 4 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.
CVE-2018-2491 1 Sap 1 Fiori Client 2024-11-21 6.8 MEDIUM 7.8 HIGH
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the hyperlink in the viewer. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.
CVE-2018-2427 1 Sap 2 Businessobjects Business Intelligence, Crystal Reports 2024-11-21 6.5 MEDIUM 8.8 HIGH
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
CVE-2018-2418 1 Sap 1 Maxdb Odbc Driver 2024-11-21 7.5 HIGH 5.5 MEDIUM
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
CVE-2018-2363 1 Sap 2 Business Application Software Integrated Solution, Netweaver 2024-11-21 6.5 MEDIUM 8.8 HIGH
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.
CVE-2018-21023 1 Centreon 1 Centreon Web 2024-11-21 6.5 MEDIUM 8.8 HIGH
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
CVE-2018-21005 1 Bbpress Move Topics Project 1 Bbpress Move Topics 2024-11-21 7.5 HIGH 9.8 CRITICAL
The bbp-move-topics plugin before 1.1.6 for WordPress has code injection.
CVE-2018-20988 1 Google Forms Project 1 Google Forms 2024-11-21 5.0 MEDIUM 7.5 HIGH
The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.
CVE-2018-20931 1 Cpanel 1 Cpanel 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).
CVE-2018-20896 1 Cpanel 1 Cpanel 2024-11-21 3.3 LOW 3.9 LOW
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).
CVE-2018-20775 1 Frog Cms Project 1 Frog Cms 2024-11-21 6.5 MEDIUM 7.2 HIGH
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.
CVE-2018-20773 1 Frog Cms Project 1 Frog Cms 2024-11-21 6.5 MEDIUM 7.2 HIGH
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.
CVE-2018-20772 1 Frog Cms Project 1 Frog Cms 2024-11-21 6.5 MEDIUM 7.2 HIGH
Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.
CVE-2018-20768 1 Xerox 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.