Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7207 matches found

NVD
NVDadded 2018/03/14 4:29 p.m.23 views

CVE-2018-5781

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could...

10CVSS9.7AI score0.01117EPSS
Exploits0References1
NVD
NVDadded 2018/03/14 4:29 p.m.19 views

CVE-2018-5780

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...

10CVSS9.7AI score0.01117EPSS
Exploits0References1
Cvelist
Cvelistadded 2018/03/14 4:0 p.m.22 views

CVE-2018-5780

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...

9.7AI score0.01117EPSS
Exploits0References1
Cvelist
Cvelistadded 2018/03/14 4:0 p.m.20 views

CVE-2018-5782

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...

9.8AI score0.32341EPSS
Exploits4References3
Cvelist
Cvelistadded 2018/03/14 4:0 p.m.20 views

CVE-2018-5781

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could...

9.7AI score0.01117EPSS
Exploits0References1
CVE
CVEadded 2018/03/14 4:0 p.m.41 views

CVE-2018-5780

The CVE-2018-5780 issue affects Mitel Connect ONSITE (versions R1711-PREM and earlier) and Mitel ST (14.2 GA28 and earlier), where an unauthenticated attacker could inject PHP code via crafted requests to vnewmeeting.php, enabling arbitrary PHP execution within the application. Connected CNVD/NVD...

10CVSS9.6AI score0.01117EPSS
Exploits0References1Affected Software2
CVE
CVEadded 2018/03/14 4:0 p.m.69 views

CVE-2018-5782

CVE-2018-5782 affects Mitel Connect ONSITE (ShoreTel) ST14.2 and Mitel ST, specifically versions including and prior to GA28. The vulnerability is in the conferencing component and allows an unauthenticated attacker to inject and execute arbitrary PHP code via crafted requests to vsethost.php, re...

10CVSS9.7AI score0.32341EPSS
Exploits4References3Affected Software2
CVE
CVEadded 2018/03/14 4:0 p.m.40 views

CVE-2018-5781

Mitel Connect ONSITE (R1711-PREM and earlier) and Mitel ST (14.2 GA28 and earlier) contain a PHP code injection vulnerability in the conferencing component. An unauthenticated attacker can send specially crafted requests to the vendrecording.php page to inject and execute arbitrary PHP code withi...

10CVSS9.6AI score0.01117EPSS
Exploits0References1Affected Software2
exploitpack
exploitpackadded 2018/03/02 12:0 a.m.40 views

TestLink Open Source Test Management 1.9.16 - Remote Code Execution

TestLink Open Source Test Management 1.9.16 - Remote Code Execution Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in m...

6CVSS7.9AI score0.10683EPSS
Exploits9
0day.today
0day.todayadded 2018/03/02 12:0 a.m.70 views

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution Vulnerability

Exploit for php platform in category remote exploits Title: TestLink Open Source Test Management comment out skip-networking as well as bind-addre...

7.5AI score0.10683EPSS
Exploits9
Prion
Prionadded 2018/02/26 5:29 p.m.18 views

Remote code execution

Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure...

8.5CVSS7.9AI score0.42075EPSS
Exploits5References3Affected Software1
Cvelist
Cvelistadded 2018/02/26 5:0 p.m.27 views

CVE-2018-7448

Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure...

7.8AI score0.42075EPSS
Exploits5References3
0day.today
0day.todayadded 2018/02/26 12:0 a.m.48 views

CMS Made Simple 2.1.6 Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip Versio...

0.42075EPSS
Exploits5
Mageia
Mageiaadded 2018/02/06 3:35 p.m.26 views

Updated php-smarty packages fix security vulnerability

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template nameCVE-2017-1000480...

9.8CVSS1.4AI score0.00636EPSS
Exploits0References1
Prion
Prionadded 2018/01/31 6:29 p.m.18 views

Code injection

htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter...

9.3CVSS7.9AI score0.16901EPSS
Exploits5References4Affected Software1
NVD
NVDadded 2018/01/31 6:29 p.m.24 views

CVE-2014-1632

htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter...

9.3CVSS8.4AI score0.16901EPSS
Exploits5References4
Cvelist
Cvelistadded 2018/01/31 6:0 p.m.24 views

CVE-2014-1632

htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter...

8.4AI score0.16901EPSS
Exploits5References4
Prion
Prionadded 2018/01/29 6:29 p.m.26 views

Design/Logic Flaw

Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php and similar file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-180...

6.5CVSS8.8AI score0.77014EPSS
Exploits8References3Affected Software1
Prion
Prionadded 2018/01/23 7:29 p.m.9 views

Code injection

install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the 1 databaseserver, 2...

10CVSS9.7AI score0.02343EPSS
Exploits1References1Affected Software2
NVD
NVDadded 2018/01/23 7:29 p.m.14 views

CVE-2018-5749

install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the 1 databaseserver, 2...

10CVSS9.7AI score0.02343EPSS
Exploits1References1
Rows per page
Query Builder