WordPress Perfect Survey <1.5.2 - SQL Injection

Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection. id: CVE-2021-24762 info: name: WordPress Perfect Survey 1.5.2 - SQL...

Eclipse Jetty ConcatServlet - Information Disclosure

Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure. Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information,...

Rails File Content Disclosure

Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. id: CVE-2019-5418 info: name: Rails File Content Disclosure...

Oracle WebLogic Server Administration Console - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. id:...

Atlassian Confluence Download Attachments - Remote Code Execution

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this pat...

Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and...

Zabbix <=4.4 - Authentication Bypass

Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password i.e., anonymously...

Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection

Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML external entity injection XXE vulnerability via the mailboxd component. id: CVE-2019-9670 info: name: Synacor Zimbra Collaboration 8.7.11p10 - XML External Entity Injection author: ree4pwn severity: critical description: Synacor...

Webmin <= 1.920 - Unauthenticated Remote Command Execution

Webmin =1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in passwordchange.cgi. id: CVE-2019-15107 info: name: Webmin = 1.920 - Unauthenticated Remote Command Execution author: bp0lr severity: critical description: Webmin =1.920. is vulnerable to an...

Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution

Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit...

Oracle WebLogic Server - Remote Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. id: CVE-2019-2725 info: name: Oracle WebLogic...

Apache Solr DataImportHandler <8.2.0 - Remote Code Execution

Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug...

WordPress Localize My Post 1.0 - Local File Inclusion

WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter. id: CVE-2018-16299 info: name: WordPress Localize My Post 1.0 - Local File Inclusion author: 0xAkoko,0x240x23elu severity: high description: | WordPress Localize My Post 1.0 is susceptib...

Comodo Unified Threat Management Web Console - Remote Code Execution

Comodo Firewall & Central Manager UTM All Release before 2.7.0 & 1.5.0 are susceptible to a web shell based remote code execution vulnerability. id: CVE-2018-17431 info: name: Comodo Unified Threat Management Web Console - Remote Code Execution author: dwisiswant0 severity: critical description:...

Splunk <=7.0.1 - Information Disclosure

Splunk through 7.0.1 is susceptible to information disclosure by appending raw/services/server/info/server-info?outputmode=json to a query, as demonstrated by discovering a license key. id: CVE-2018-11409 info: name: Splunk =7.0.1 - Information Disclosure author: harshbothra severity: medium...

uWSGI PHP Plugin Local File Inclusion

uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, making it susceptible to local file inclusion. id: CVE-2018-7490 info: name: uWSGI PHP Plugin Local File Inclusion author: madrobot severity: high description: uWSGI PHP Plugin before 2.0.17...

FUEL CMS 1.4.1 - Remote Code Execution

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. id: CVE-2018-16763 info: name: FUEL CMS 1.4.1 - Remote Code Execution author: pikpikcu severity: critical description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/...

D-Link Routers - Local File Inclusion

D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /...

Apache Tika < 1.1.8 - Header Command Injection

Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. i...

Apache ActiveMQ Fileserver - Arbitrary File Write

Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request via the Fileserver web application. id: CVE-2016-3088 info: name: Apache ActiveMQ Fileserver - Arbitrary File Write author: fqhsu severity: critical...