Total
3570 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7798 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. | |||||
| CVE-2018-11228 | 1 Crestron | 8 Crestron Toolbox Protocol Firmware, Dmc-str, Tsw-1060 and 5 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). | |||||
| CVE-2018-10236 | 1 Poscms | 1 Poscms | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name'] with no restrictions, and this value is written to the FCPATH.$file file. | |||||
| CVE-2018-1133 | 1 Moodle | 1 Moodle | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection. | |||||
| CVE-2018-10642 | 1 Combodo | 1 Itop | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval(). | |||||
| CVE-2018-2427 | 1 Sap | 2 Businessobjects Business Intelligence, Crystal Reports | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. | |||||
| CVE-2018-10517 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element. | |||||
| CVE-2017-16151 | 1 Electronjs | 1 Electron | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled. | |||||
| CVE-2018-6574 | 3 Debian, Golang, Redhat | 6 Debian Linux, Go, Enterprise Linux Server and 3 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. | |||||
| CVE-2018-12994 | 1 Onefilecms | 1 Onefilecms | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. | |||||
| CVE-2018-8756 | 1 Yzmcms | 1 Yzmcms | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request. | |||||
| CVE-2018-6512 | 1 Puppet | 3 Pe-razor-server, Puppet Enterprise, Razor-server | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0. | |||||
| CVE-2018-7950 | 1 Huawei | 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. | |||||
| CVE-2014-2293 | 1 Zikula | 1 Zikula Application Framework | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php. | |||||
| CVE-2018-7756 | 1 Dewesoft | 1 Dewesoft | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command. | |||||
| CVE-2018-6488 | 1 Microfocus | 1 Ucmdb Configuration Manager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution. | |||||
| CVE-2018-8823 | 2 Prestashop, Responsive Mega Menu Pro Project | 2 Prestashop, Responsive Mega Menu Pro | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter. | |||||
| CVE-2018-5780 | 1 Mitel | 2 Connect Onsite, St14.2 | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. | |||||
| CVE-2018-1260 | 1 Pivotal Software | 1 Spring Security Oauth | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint. | |||||
| CVE-2018-10235 | 1 Poscms | 1 Poscms | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and write this code into the api/ucsso/config.php file. | |||||