Total
3574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1999023 | 1 Wesnoth | 1 The Battle For Wesnoth | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content. | |||||
| CVE-2018-19404 | 1 Yxcms | 1 Yxcms | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. This is related to the onlineinstall and import functions. | |||||
| CVE-2018-17126 | 1 Chshcms | 1 Cscms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. | |||||
| CVE-2018-17131 | 1 Phpmywind | 1 Phpmywind | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. | |||||
| CVE-2018-7801 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. | |||||
| CVE-2018-8346 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345. | |||||
| CVE-2018-11781 | 4 Apache, Canonical, Debian and 1 more | 7 Spamassassin, Ubuntu Linux, Debian Linux and 4 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. | |||||
| CVE-2018-16168 | 1 Jpcert | 1 Logontracer | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors. | |||||
| CVE-2018-20133 | 1 Ymlref Project | 1 Ymlref | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| ymlref allows code injection. | |||||
| CVE-2018-16975 | 1 Elefantcms | 1 Elefant | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in apps/designer/handlers/csspreview.php. | |||||
| CVE-2017-1753 | 1 Ibm | 6 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 3 more | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655. | |||||
| CVE-2018-14804 | 1 Emerson | 1 Ams Device Manager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. | |||||
| CVE-2019-7731 | 1 Mywebsql | 1 Mywebsql | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file. | |||||
| CVE-2016-4391 | 1 Hp | 1 Arcsight Winc Connector | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. | |||||
| CVE-2018-20325 | 1 Definitions Project | 1 Definitions | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution. | |||||
| CVE-2018-18835 | 1 Doccms | 1 Doccms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. | |||||
| CVE-2018-16604 | 1 Nibbleblog | 1 Nibbleblog | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}"). | |||||
| CVE-2018-17133 | 1 Phpmywind | 1 Phpmywind | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. | |||||
| CVE-2018-8345 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8346. | |||||
| CVE-2019-7719 | 1 Nibbleblog | 1 Nibbleblog | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. | |||||