Total
3570 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2767 | 4 Apache, Canonical, Debian and 1 more | 7 Mod Perl, Ubuntu Linux, Debian Linux and 4 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | |||||
| CVE-2018-19127 | 1 Phpcms | 1 Phpcms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring. | |||||
| CVE-2018-17030 | 1 Bigtreecms | 1 Bigtree Cms | 2024-02-04 | 6.0 MEDIUM | 7.5 HIGH |
| BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php. | |||||
| CVE-2018-7748 | 1 Servicenow | 1 Servicenow | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter. | |||||
| CVE-2018-19520 | 2 Php, Sdcms | 2 Php, Sdcms | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management. | |||||
| CVE-2018-17036 | 1 Ucms Project | 1 Ucms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. | |||||
| CVE-2018-20775 | 1 Frog Cms Project | 1 Frog Cms | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. | |||||
| CVE-2018-17364 | 1 Otcms | 1 Otcms | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter. | |||||
| CVE-2018-1207 | 1 Dell | 2 Emc Idrac7, Emc Idrac8 | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. | |||||
| CVE-2017-1789 | 1 Ibm | 1 Tivoli Monitoring | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034. | |||||
| CVE-2018-5158 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. | |||||
| CVE-2018-7271 | 1 Metinfo | 1 Metinfo | 2024-02-04 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell. | |||||
| CVE-2017-1329 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231. | |||||
| CVE-2018-1275 | 2 Oracle, Vmware | 19 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 16 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. | |||||
| CVE-2017-1248 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628. | |||||
| CVE-2018-8974 | 1 Cdc | 1 Microbetrace | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script type="text/javascript" src=' line. Fix released on 2018-03-28. | |||||
| CVE-2017-3907 | 1 Mcafee | 1 Mcafee Threat Intelligence Exchange | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | |||||
| CVE-2018-2418 | 1 Sap | 1 Maxdb Odbc Driver | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2018-11587 | 1 Centreon | 2 Centreon, Centreon Web | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. | |||||
| CVE-2018-10429 | 1 Cosmocms | 1 Cosmo | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php. | |||||