Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8068 matches found

CVE
CVEadded 2019/10/07 3:0 p.m.44 views

CVE-2019-17317

SugarCRM vulnerability CVE-2019-17317 affects SugarCRM before 8.0.4 and 9.x before 9.0.2, where an Admin can trigger PHP object injection via the UpgradeWizard module. The root cause is input handling in UpgradeWizard that allows object injection, enabling impact as described in affected advisori...

7.2CVSS7.2AI score0.01395EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2019/10/07 12:0 a.m.3 views

PT-2019-15079 · Sugarcrm · Sugarcrm

Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 8.0.4 SugarCRM versions 9.x prior to 9.0.2 Description: The issue allows PHP object injection in the Import module by a Regular user. Recommendations: For SugarCRM versions prior to 8.0.4, update to version 8.0.4 or...

8.8CVSS8.8AI score0.01488EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2019/10/07 12:0 a.m.6 views

PT-2019-15080 · Sugarcrm · Sugarcrm

Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 8.0.4 SugarCRM versions 9.x prior to 9.0.2 Description: The issue allows PHP object injection in the UpgradeWizard module by an Admin user. Recommendations: For SugarCRM versions prior to 8.0.4, update to version...

7.2CVSS7.2AI score0.01395EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2019/10/07 12:0 a.m.5 views

PT-2019-15078 · Sugarcrm · Sugarcrm

Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 8.0.4 SugarCRM versions 9.x prior to 9.0.2 Description: The issue allows PHP object injection in the Administration module by an Admin user. Recommendations: For SugarCRM versions prior to 8.0.4, update to version...

7.2CVSS7.2AI score0.01407EPSS
Exploits0References3
0day.today
0day.todayadded 2019/10/04 12:0 a.m.68 views

mintinstall 7.9.9 - Code Execution Exploit

Exploit for linux platform in category web applications Exploit Title: mintinstall aka Software Manager object injection Exploit Author: Andhrimnirr Vendor Homepage: https://www.linuxmint.com/ Software Link: mintinstall aka Software Manager Version: 7.9.9 Tested on: Linux Mint CVE : CVE-2019-1708...

6.8CVSS0.08204EPSS
Exploits5
exploitpack
exploitpackadded 2019/10/03 12:0 a.m.24 views

mintinstall 7.9.9 - Code Execution

mintinstall 7.9.9 - Code Execution Exploit Title: mintinstall aka Software Manager object injection Date: 10/02/2019 Exploit Author: Andhrimnirr Vendor Homepage: https://www.linuxmint.com/ Software Link: mintinstall aka Software Manager Version: 7.9.9 Tested on: Linux Mint CVE : CVE-2019-17080...

6.8CVSS0.1AI score0.08204EPSS
Exploits5
Exploit DB
Exploit DBadded 2019/10/03 12:0 a.m.398 views

mintinstall 7.9.9 - Code Execution

Exploit Title: mintinstall aka Software Manager object injection Date: 10/02/2019 Exploit Author: Andhrimnirr Vendor Homepage: https://www.linuxmint.com/ Software Link: mintinstall aka Software Manager Version: 7.9.9 Tested on: Linux Mint CVE : CVE-2019-17080 import os import sys def...

7.8CVSS7.9AI score0.08204EPSS
Exploits5
Packet Storm
Packet Stormadded 2019/10/02 12:0 a.m.164 views

mintinstall 7.9.9 Code Execution

Exploit Title: mintinstall aka Software Manager object injection Date: 10/02/2019 Exploit Author: Andhrimnirr Vendor Homepage: https://www.linuxmint.com/ Software Link: mintinstall aka Software Manager Version: 7.9.9 Tested on: Linux Mint CVE : CVE-2019-17080 import os import sys def...

0.1AI score0.08204EPSS
Exploits5
OpenVAS
OpenVASadded 2019/09/16 12:0 a.m.18 views

WordPress OptionTree Plugin < 2.7.0 Object Injection Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

9.8CVSS9.7AI score0.02147EPSS
Exploits0References2
OpenVAS
OpenVASadded 2019/09/16 12:0 a.m.33 views

WordPress OptionTree Plugin < 2.7.3 Multiple Vulnerabilities

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

9.8CVSS9.7AI score0.02147EPSS
Exploits0References2
NVD
NVDadded 2019/09/10 12:15 p.m.23 views

CVE-2017-18605

The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...

9.8CVSS9.7AI score0.02339EPSS
Exploits1References2
OSV
OSVadded 2019/09/10 12:15 p.m.5 views

CVE-2017-18605

The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...

9.8CVSS5.8AI score0.02339EPSS
Exploits1References2
OSV
OSVadded 2019/09/10 12:15 p.m.5 views

CVE-2017-18604

The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...

7.5CVSS5.8AI score0.01637EPSS
Exploits2References2
NVD
NVDadded 2019/09/10 12:15 p.m.19 views

CVE-2017-18604

The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...

7.5CVSS7.9AI score0.01637EPSS
Exploits2References2
Prion
Prionadded 2019/09/10 12:15 p.m.14 views

Cross site request forgery (csrf)

The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...

5CVSS7.9AI score0.01637EPSS
Exploits2References2Affected Software1
Prion
Prionadded 2019/09/10 12:15 p.m.12 views

Design/Logic Flaw

The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...

7.5CVSS9.5AI score0.02339EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2019/09/10 11:16 a.m.25 views

CVE-2017-18605

The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...

9.7AI score0.02339EPSS
Exploits1References2
CVE
CVEadded 2019/09/10 11:16 a.m.48 views

CVE-2017-18605

CVE-2017-18605 affects the gravitate-qa-tracker WordPress plugin up to version 1.2.1, which is vulnerable to PHP Object Injection due to insecure handling of serialized data. Exploitation is reported to be possible over HTTP requests (unauthenticated), enabling object-injection-based impact. Othe...

9.8CVSS9.5AI score0.02339EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2019/09/10 11:8 a.m.46 views

CVE-2017-18604

The CVE-2017-18604 entry concerns the WordPress plugin sitebuilder-dynamic-components (up to version 1.0). Multiple sources confirm a PHP object injection vulnerability reachable via AJAX requests, enabling an unauthenticated/vector-based impact with HIGH integrity risk (CVSS v3.1: 7.5). Affected...

7.5CVSS7.8AI score0.01637EPSS
Exploits2References2Affected Software1
Cvelist
Cvelistadded 2019/09/10 11:8 a.m.20 views

CVE-2017-18604

The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...

7.9AI score0.01637EPSS
Exploits2References2
Rows per page
Query Builder