314 matches found
CVE-2020-5640
Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors...
Vulnerabilities fixed in Red Hat ipa
Vulnerabilities have been fixed in Red Hat ipa. The vulnerabilities allow an unauthenticated malicious person to execute arbitrary code on the victim's browser. To do this, the malicious party must trick the victim into following a rogue hyper-link to follow. In addition, the vulnerabilities enab...
House Rental 1.0 SQL Injection Exploit
Exploit for php platform in category web applications Exploit Title: House Rental v1.0 - PDO Bypass SQL Injection - Unauthenticated Code Execution - Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://projectworlds.in Software Link:...
CVE-2020-15433
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxphppecl.php. When parsing the phpversion parameter, the process...
CVE-2020-15427
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdiskusage.php. When parsing the folderName parameter, the process...
CVE-2019-13171
Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handlin...
PT-2020-6515 · D Link · D-Link Dap-2020
Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 routers. Authentication is not required to exploit this issue. The specific fla...
VulnCheck KEV: CVE-2019-19781
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution...
SonicWall SMA100 Pre-authentication stack buffer overflow
Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7482 Last updated: March 6, 2020, 4:42 a.m...
CVE-2019-16246
Intesync Solismed 3.3sp1 allows Local File Inclusion LFI, a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution...
CVE-2019-16246
Intesync Solismed 3.3sp1 allows Local File Inclusion LFI, a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution...
Design/Logic Flaw
Intesync Solismed 3.3sp1 allows Local File Inclusion LFI, a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution...
CVE-2019-16246
CVE-2019-16246 affects Intesync Solismed 3.3sp1 and is described in Red Hat as a Local File Inclusion (LFI) that leads to unauthenticated code execution. CNVD entries also document a Solismed file inclusion vulnerability. The connected sources confirm LFI as the vulnerability class and unauthenti...
CVE-2019-16246
Intesync Solismed 3.3sp1 allows Local File Inclusion LFI, a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution...
CVE-2019-14867
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function berscanf was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger...
CVE-2016-10824
CVE-2016-10824 affects cPanel prior to 55.9999.141. The vulnerability enables unauthenticated arbitrary code execution via DNS NS entry poisoning. Public details in the provided connected sources are limited to the affected version and impact; no root-cause specifics or remediation steps are desc...
CVE-2016-10858
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning SEC-64...
CVE-2016-10855
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd SEC-91...
Code injection
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning SEC-64...
CVE-2019-13279
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote...