2391 matches found
CVE-2018-1000619
Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, babgetAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons...
Local Privilege Escalation in Management Web Interface
A vulnerability exists in the Management web interface that could allow local privilege escalation. The Management web interface does not properly validate specific request parameters, which can potentially allow deletion of files in the system. Ref. PAN-90954; CVE-2018-9242 Successful exploitati...
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
A Cross-Site Scripting XSS vulnerability exists in a PAN-OS web interface administration page. Ref. PAN-93242; CVE-2018-9337 Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML An attacker would need to successfully authenticate prior to exploiting...
CVE-2018-10350
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server Standalone 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\bwlists\handler.php. Authentication is...
CVE-2018-10352
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability...
CVE-2018-10354
A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability...
CVE-2018-10356
A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability...
CVE-2018-10357
A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability...
CVE-2018-10351
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability...
CVE-2018-10354
A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability...
Directory traversal
A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability...
IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure Vulnerabilities
Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. They include cross site request forgery, arbitrary file read, unauthenticated access, and various other vulnerabilities. Vulnerabilities in IBMs Flashsystems and Storwize Products...
PT-2018-10108 · Cksource +1 · Ckeditor +1
Name of the Vulnerable Software and Affected Versions: Liferay versions 6.2.x and earlier Description: The issue concerns an FCKeditor configuration that may allow an attacker to upload or transfer files of potentially dangerous types. These files can be automatically processed within the product...
UBUNTU-CVE-2018-1079
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...
Cobub Razor 0.7.2 - Cross-Site Request Forgery
Exploit Title: Cobub Razor 0.7.2 Cross Site Request Forgery Date: 2018-03-07 Exploit Author: ppb Vendor Homepage: https://github.com/cobub/razor/ Software Link: https://github.com/cobub/razor/ Version: 0.72 CVE : CVE-2018-7746 There is a vulnerability. Authentication is not required for...
Asterisk 15.2.0 chan_pjsip SDP fmtp Denial Of Service Exploit
Asterisk version 15.2.0 running chanpjsip suffers from an SDP message related denial of service vulnerability. Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip -...
supervisor: Command injection via malicious XML-RPC request
A vulnerability was found in the XML-RPC interface in supervisord. When processing malformed commands, an attacker can cause arbitrary shell commands to be executed on the server as the same user as supervisord. Exploitation requires the attacker to first be authenticated to the supervisord servi...
CVE-2017-10955
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by...
Design/Logic Flaw
DISPUTED This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002...
CVE-2017-10955
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by...