9 matches found
CVE-2018-15747
The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file...
CVE-2020-15747
...
CVE-2020-15747
CVE-2020-15747 entry is rejected/not used and does not represent an active vulnerability.
CVE-2019-15747
SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side...
CVE-2019-15747
CVE-2019-15747 affects SITOS six Build v6.2.1. A user with the Seminar Coordinator role can escalate to System Administrator due to insufficient server-side access checks, enabling privilege escalation. CVSS data in the records shows a high impact (CVSS‑3.1 base score 8.8) but no exploit details ...
CVE-2018-15747
The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file...
CVE-2018-15747
The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file...
CVE-2018-15747
CVE-2018-15747 affects glot-www and its glot-code-runner component. The default configuration through 2018-05-19 allows remote attackers to execute arbitrary code by leveraging os.system within a Python/files/content JSON payload. This results in remote code execution (RCE) with network access an...
CVE-2017-15747
CVE-2017-15747 affects IrfanView 4.50 (64-bit) with the CADImage plugin 12.0.0.5. A crafted .dwg file can trigger a Data Execution Prevention Violation and may allow arbitrary code execution or cause a denial of service. The connected SUSE/CVE and CNVD entries confirm the same affected product an...