1464 matches found
VulnCheck KEV: CVE-2016-3088
The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request...
CVE-2018-0662
Multiple I-O DATA network camera products TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code...
Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution
UPDATE Researchers have created a proof-of-concept exploit that would enable bad actors to target a severe vulnerability in the PHP programming language behind several major CMS companies, including WordPress. The vulnerability remains unresolved – more than a year after it was reported. The...
CVE-2018-14028
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...
CVE-2018-14028
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...
CVE-2018-14028
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...
PT-2018-1938 · Phpmyadmin +2 · Phpmyadmin +2
Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 4.8.0 through 4.8.1 Description: An issue was discovered in phpMyAdmin where an attacker can include and potentially execute files on the server due to improper testing for whitelisted pages during page redirection and...
CVE-2018-12356
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...
WordPress Redirection Plugin PHP File Execution Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress Redirection Plugin PHP File Execution Vulnerability ACE File Inclusion Vulnerability allows administrators to execu...
CVE-2017-7766
An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires loca...
Design/Logic Flaw
An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires loca...
CVE-2017-7766
An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires loca...
CVE-2017-7766
An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires loca...
CVE-2017-7766
CVE-2017-7766 is a local privilege-escalation path in Windows Mozilla updater components. An attacker who already has local access can manipulate updater.ini to abuse the Mozilla Windows Updater and Mozilla Maintenance Service, gaining privileged access to execute arbitrary files or delete files....
CVE-2017-7766
An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires loca...
WordPress WP with Spritz Plugin Remote File Inclusion Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A remote file inclusion vulnerability in version 1.0 of the WordPress WP with Spritz plugin allows attackers to exploit the...
AMD Plays.tv 1.27.5.0 - plays_service.exe Arbitrary File Execution Exploit
Exploit for windows platform in category local exploits http://support.amd.com/en-us/download?cmpid=CCCOffline - Click "Automatically Detect - Download Now" Installation Automatically Installs "Raptr, Inc Plays TV Service" OR https://plays.tv/download Target OS: Windows Any Privilege: SYSTEM Type...
AMD Plays.tv 1.27.5.0 - plays_service.exe Arbitrary File Execution
AMD Plays.tv 1.27.5.0 - playsservice.exe Arbitrary File Execution http://support.amd.com/en-us/download?cmpid=CCCOffline - Click "Automatically Detect - Download Now" Installation Automatically Installs "Raptr, Inc Plays TV Service" OR https://plays.tv/download Target OS: Windows Any Privilege:...
AMD Plays.tv 1.27.5.0 Arbitrary File Execution
http://support.amd.com/en-us/download?cmpid=CCCOffline - Click "Automatically Detect - Download Now" Installation Automatically Installs "Raptr, Inc Plays TV Service" OR https://plays.tv/download Target OS: Windows Any Privilege: SYSTEM Type: Arbitrary File Execution Notes: Second minor bug allow...
AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution
http://support.amd.com/en-us/download?cmpid=CCCOffline - Click "Automatically Detect - Download Now" Installation Automatically Installs "Raptr, Inc Plays TV Service" OR https://plays.tv/download Target OS: Windows Any Privilege: SYSTEM Type: Arbitrary File Execution Notes: Second minor bug allow...