Total
4629 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20931 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | |||||
CVE-2018-20896 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.3 LOW | 3.9 LOW |
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). | |||||
CVE-2018-20775 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. | |||||
CVE-2018-20773 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. | |||||
CVE-2018-20772 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. | |||||
CVE-2018-20768 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file. | |||||
CVE-2018-20717 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer. | |||||
CVE-2018-20605 | 1 Txjia | 1 Imcat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. | |||||
CVE-2018-20599 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. | |||||
CVE-2018-20325 | 1 Definitions Project | 1 Definitions | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution. | |||||
CVE-2018-20300 | 1 Phome | 1 Empirecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file. | |||||
CVE-2018-20133 | 1 Ymlref Project | 1 Ymlref | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
ymlref allows code injection. | |||||
CVE-2018-20129 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filename=1.jpg.p*hp value. | |||||
CVE-2018-20027 | 1 Lisa-lab | 1 Pylearn2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The yaml_parse.load method in Pylearn2 allows code injection. | |||||
CVE-2018-1808 | 1 Ibm | 1 Websphere Commerce | 2024-11-21 | 6.5 MEDIUM | 4.3 MEDIUM |
IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828. | |||||
CVE-2018-1792 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947. | |||||
CVE-2018-1275 | 2 Oracle, Vmware | 19 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 16 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. | |||||
CVE-2018-1270 | 4 Debian, Oracle, Redhat and 1 more | 28 Debian Linux, Application Testing Suite, Big Data Discovery and 25 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. | |||||
CVE-2018-1260 | 1 Pivotal Software | 1 Spring Security Oauth | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint. | |||||
CVE-2018-1207 | 1 Dell | 2 Emc Idrac7, Emc Idrac8 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. |