Sql injection

modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter...

Ubuntu 16.04 LTS / 18.04 LTS : LibRaw vulnerabilities (USN-3639-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3639-1 advisory. It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. CVE-2018-1052...

CVE-2018-0258

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device aka Path Traversal and execute those files. This vulnerability affects the following products: Cisco Prime Data...

CVE-2018-0258

Cisco CVE-2018-0258 affects Cisco Prime Data Center Network Manager (DCNM) and Prime Infrastructure (PI) via the Prime File Upload servlet. The vulnerability arises from improper input validation in the XmpFileUploadServlet, enabling path traversal to upload a JSP file and execute it remotely. An...

CVE-2018-10574

site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files...

CVE-2018-1479

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761...

MongoDB Unauthenticated Remote Database Drop - Ver2

Database drop vulnerability exists in MongoDB. Unauthenticated remote attacker could connect and execute arbitrary dropping database...

CVE-2018-10199

In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::Fileinitilializecopy. An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code...

CVE-2018-10199

In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::Fileinitilializecopy. An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code...

CVE-2018-10085

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

Ubuntu 14.04 LTS / 16.04 LTS : Ruby vulnerabilities (USN-3621-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3621-1 advisory. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information...

Debian: Security Advisory (DSA-4167-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-2000

The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

CVE-2015-2004

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

Cross-site Scripting (XSS)

metascraper is vulnerable to cross-site scripting XSS attacks. The library does not sanitize its input, allowing a malicious user to inject and execute arbitrary code by means of a website that is scraped by the library...

CVE-2017-16251

A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of th...

CVE-2016-9606

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions...

CVE-2018-0224

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validati...

USN-3589-1: PostgreSQL vulnerability

It was discovered that PostgreSQL incorrectly handled certain settings. An attacker could possibly use this issue to execute arbitrary code...

Cross-site Scripting (XSS)

github.com/tus/tusd is vulnerable to cross-site scripting XSS attacks. These attacks are possible because the server will display any files given to it inline. This allows an attacker to upload a malicious SVG and have it execute when the URL is visited...