CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7223 matches found

Saint•added 2019/12/31 12:0 a.m.•83 views

Alcatel OmniVista remote command execution

Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...

8.2AI score

Exploits0

Saint•added 2019/12/31 12:0 a.m.•65 views

Alcatel OmniVista remote command execution

4.1AI score

Exploits0

Saint•added 2019/12/31 12:0 a.m.•33 views

Alcatel OmniVista remote command execution

8.2AI score

Exploits0

NVD•added 2019/12/26 9:15 p.m.•20 views

CVE-2013-2011

WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009...

8.8CVSS8.8AI score0.05128EPSS

Exploits1References4

Tenable Nessus•added 2019/12/18 12:0 a.m.•45 views

Citrix and NetScaler SD-WAN Center Unauthenticated Directory Traversal File Write

The remote Citrix SD-WAN Center or NetScaler SD-WAN Center is susceptible to directory traversal and file writes in arbitrary locations. This is due to improper sanitization of user-supplied input in the applianceSettingsFileTransfer action of ApplianceSettingsController. An unauthenticated, remo...

10CVSS8.8AI score0.39335EPSS

Exploits1References3

NVD•added 2019/12/02 4:15 p.m.•25 views

CVE-2019-19502

Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code...

9.8CVSS9.6AI score0.01917EPSS

Exploits0References5

OSV•added 2019/12/02 4:15 p.m.•16 views

CVE-2019-19502

Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code...

9.8CVSS7.8AI score0.01917EPSS

Exploits0References5

Prion•added 2019/12/02 4:15 p.m.•12 views

Code injection

Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code...

7.5CVSS9.4AI score0.01917EPSS

Exploits0References5Affected Software1

Cvelist•added 2019/12/02 3:14 p.m.•27 views

CVE-2019-19502

Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code...

9.7AI score0.01917EPSS

Exploits0References5

Debian CVE•added 2019/11/21 10:15 p.m.•25 views

CVE-2019-11325

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter...

9.8CVSS9.7AI score0.03354EPSS

Exploits0

NVD•added 2019/11/20 3:15 p.m.•23 views

CVE-2011-1028

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smartyinternalcompileprivatespecialvariable.php file...

9.8CVSS9.8AI score0.01613EPSS

Exploits0References3

OSV•added 2019/11/20 3:15 p.m.•10 views

CVE-2011-1028

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smartyinternalcompileprivatespecialvariable.php file...

9.8CVSS9.7AI score0.01613EPSS

Exploits0References4

Cvelist•added 2019/11/20 2:45 p.m.•24 views

CVE-2011-1028

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smartyinternalcompileprivatespecialvariable.php file...

9.8AI score0.01613EPSS

Exploits0References3

CNVD•added 2019/11/20 12:0 a.m.•3 views

File upload vulnerability in the backend of shopxo e-commerce system

ShopXO is an open source enterprise-level open source e-commerce system. shopxo e-commerce system backend file upload vulnerability , an attacker can exploit the vulnerability to execute arbitrary PHP code...

7.9AI score

Exploits0

Kitploit•added 2019/11/15 8:0 p.m.•692 views

RFI/LFI Payload List

As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it takes a second person to have it. Now this article will hopefully give you an idea of protecting your website and most importantly your code from a file iclusion exploit. I’ll give...

7.7AI score

Exploits0References2

0day.today•added 2019/11/15 12:0 a.m.•78 views

FusionPBX Command (exec.php) Command Execution Exploit

This Metasploit module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This...

0.8AI score

Exploits0

Metasploit•added 2019/11/01 11:38 p.m.•26 views

FusionPBX Command exec.php Command Execution

This module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has bee...

1AI score

Exploits0

Prion•added 2019/10/29 9:15 p.m.•30 views

Code injection

SugarCRM CE = 6.3.1 contains scripts that use "unserialize" with user controlled input which allows remote attackers to execute arbitrary PHP code...

7.5CVSS7.8AI score0.67256EPSS

Exploits13References3Affected Software1

NVD•added 2019/10/22 9:15 p.m.•24 views

CVE-2015-9499

The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive...

9.8CVSS9.8AI score0.14775EPSS

Exploits1References3