Lucene search
K

74 matches found

Vulnrichment
Vulnrichment
added 2024/09/26 10:59 a.m.22 views

CVE-2024-8126 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'classfmaconnector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an...

7.5CVSS7.7AI score0.0092EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/10 10:39 a.m.2 views

CVE-2023-48246

The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...

6.5CVSS7.1AI score0.00778EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/02 12:0 a.m.2 views

CVE-2020-26624

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal...

5AI score0.00662EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2023/01/26 12:0 a.m.10 views

CVE-2022-42398

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

3.3CVSS6.3AI score0.00357EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/01/03 12:0 a.m.5 views

CVE-2022-41645

Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file...

7.6AI score0.00228EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/09 12:0 a.m.17 views

CVE-2022-42965 Exponential ReDoS in snowflake-connector-python leads to denial of service

An exponential ReDoS Regular Expression Denial of Service can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented getfiletransfertype method...

3.7CVSS7.7AI score0.00816EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.701 views

Coupon Affiliates for WooCommerce < 4.11.3.4 - Arbitrary Referral Visits Deletion via CSRF

The plugin does not have any CSRF in place when deleting Referral Visits, which could allow attackers to make a logged in admin delete them via a CSRF attack...

2.5AI score
Exploits0
Veracode
Veracode
added 2021/05/17 5:10 a.m.28 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. A NULL pointer dereference occurs when calling TF operations with tensors of non-numeric types resulting in a type confusion when converting Python array to C++, allowing an attacker to crash the application and potentially execute arbitrary code on...

7.8CVSS5.5AI score0.00201EPSS
Exploits1References3Affected Software3
Huntr
Huntr
added 2021/01/30 12:0 a.m.22 views

Code Injection in ewels/multiqc

Description MultiQC Aggregate results from bioinformatics analyses across many samples into a single report. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install multiqc Run exploit.py import os os.system'pip3 install...

2.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/11/19 12:0 a.m.38 views

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed. Recent assessments: gwillcox-r7 at January 15, 2021 8:42pm UTC reported: Original advisory and PoC can be found at...

7.8CVSS7.7AI score0.84554EPSS
In wildExploits5References19
Cvelist
Cvelist
added 2020/07/02 12:40 p.m.15 views

CVE-2020-7820 Tobesoft NEXACRO14/17 ExCommonApiV13 Arbitrary Code Execution Vulnerability

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC...

7.8CVSS9.7AI score0.0161EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2020/02/26 12:0 a.m.13 views

VMWare OpenSLP Heap Buffer Overflow (CVE-2019-5544; CVE-2021-21974)

A heap buffer overflow vulnerability exists in OpenSLP. The vulnerability is due to improperly checking the bounds of a buffer before copying data to it. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to OpenSLP service on port 427...

7.5CVSS3.6AI score0.96823EPSS
Exploits8
NVD
NVD
added 2020/02/18 7:15 p.m.13 views

CVE-2020-9267

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajaxserver.php...

6.5CVSS6.5AI score0.0052EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/11/21 10:30 p.m.22 views

CVE-2014-5255

xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254...

5.2AI score0.00366EPSS
Exploits1References6
NVD
NVD
added 2019/11/07 8:15 p.m.12 views

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

6.5CVSS6.5AI score0.01749EPSS
Exploits0References3
Veracode
Veracode
added 2019/05/02 4:54 a.m.23 views

Arbitrary Code Execution

kernel-rt is vulnerable to arbitrary code execution. The vulnerability exists through a format string attack in the input of printk...

6.2CVSS5.9AI score0.00577EPSS
Exploits1References23Affected Software1
UbuntuCve
UbuntuCve
added 2017/11/07 4:29 p.m.24 views

CVE-2017-2895

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker...

8.2CVSS7.2AI score0.01311EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2015/01/21 6:0 p.m.9 views

CVE-2015-1194

pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive...

4.3CVSS6.5AI score0.01695EPSS
Exploits1
OpenVAS
OpenVAS
added 2015/01/13 12:0 a.m.18 views

WordPress Tera Charts Multiple Directory Traversal Vulnerability

The WordPress plugin Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

5CVSS9.5AI score0.18734EPSS
Exploits2References2
NVD
NVD
added 2014/04/22 2:23 p.m.22 views

CVE-2013-4472

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

3.3CVSS6.3AI score0.00367EPSS
Exploits0References4
Rows per page
Query Builder