Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:52 a.m.6 views

CVE-2018-15747

The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file...

9.8CVSS8AI score0.03501EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/03/17 12:26 p.m.10 views

CVE-2020-15747

...

Exploits0
CVE
CVE
added 2021/03/17 12:26 p.m.22 views

CVE-2020-15747

CVE-2020-15747 entry is rejected/not used and does not represent an active vulnerability.

6.9AI score
Exploits0
NVD
NVD
added 2019/10/07 12:15 p.m.16 views

CVE-2019-15747

SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side...

8.8CVSS8.8AI score0.01091EPSS
Exploits0References1
CVE
CVE
added 2019/10/07 11:39 a.m.44 views

CVE-2019-15747

CVE-2019-15747 affects SITOS six Build v6.2.1. A user with the Seminar Coordinator role can escalate to System Administrator due to insufficient server-side access checks, enabling privilege escalation. CVSS data in the records shows a high impact (CVSS‑3.1 base score 8.8) but no exploit details ...

8.8CVSS8.6AI score0.01091EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/06/21 2:15 p.m.22 views

CVE-2018-15747

The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file...

9.8CVSS9.7AI score0.03501EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/06/21 1:6 p.m.25 views

CVE-2018-15747

The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file...

9.8AI score0.03501EPSS
Exploits1References1
CVE
CVE
added 2019/06/21 1:6 p.m.245 views

CVE-2018-15747

CVE-2018-15747 affects glot-www and its glot-code-runner component. The default configuration through 2018-05-19 allows remote attackers to execute arbitrary code by leveraging os.system within a Python/files/content JSON payload. This results in remote code execution (RCE) with network access an...

9.8CVSS9.7AI score0.03501EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/10/22 5:0 p.m.62 views

CVE-2017-15747

CVE-2017-15747 affects IrfanView 4.50 (64-bit) with the CADImage plugin 12.0.0.5. A crafted .dwg file can trigger a Data Execution Prevention Violation and may allow arbitrary code execution or cause a denial of service. The connected SUSE/CVE and CNVD entries confirm the same affected product an...

7.8CVSS7.9AI score0.02232EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder