Lucene search
K

856 matches found

NVD
NVD
added 2023/06/26 10:15 p.m.12 views

CVE-2023-32528

Trend Micro Mobile Security Enterprise 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

8.8CVSS9AI score0.02992EPSS
Exploits0References2
OSV
OSV
added 2023/06/26 10:15 p.m.4 views

CVE-2023-32527

Trend Micro Mobile Security Enterprise 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

8.8CVSS7.6AI score0.02992EPSS
Exploits0References2
Prion
Prion
added 2023/06/26 10:15 p.m.18 views

Design/Logic Flaw

Trend Micro Mobile Security Enterprise 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

6.5CVSS9.1AI score0.02992EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/06/26 9:54 p.m.27 views

CVE-2023-32528

Trend Micro Mobile Security Enterprise 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

9.2AI score0.02992EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/26 9:54 p.m.19 views

CVE-2023-32527

Trend Micro Mobile Security Enterprise 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

9.2AI score0.02923EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/25 12:0 a.m.7 views

CVE-2023-36666

INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected...

6.9AI score0.00399EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/05/31 12:0 a.m.45 views

File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. PoC 1. Add the following shortcode to ...

9.8CVSS9.2AI score0.3962EPSS
Exploits8Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/30 12:0 a.m.12 views

Blog-in-Blog <= 1.1.1 - Editor+ Local File Inclusion via Shortcode

The plugin does not validate a shortcode attribute before using it to include a template file, allowing users with an editor role or above to include arbitrary files readable by the web server, and execute them in case of php files...

7.2CVSS7.1AI score0.0112EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.383 views

PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass

PrinterLogic SaaS, multiple vulnerabilities =========================================================== PrinterLogic's Enterprise Print Management software allows IT professionals to simplify printer driver management and empower end users. -- https://www.printerlogic.com/ Background...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.4 views

Voyager 安全漏洞

Voyager is an application by David Borland Personal Developer. A security vulnerability exists in Voyager version v.1.4 and earlier versions, which stems from the presence of an insecure privilege vulnerability. An attacker can exploit this vulnerability to execute arbitrary code via specially...

9.8CVSS8.9AI score0.01083EPSS
Exploits0References2
Prion
Prion
added 2023/03/13 5:15 p.m.16 views

Input validation

The Auto Featured Image Auto Post Thumbnail WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files. This is caused by incorrect file extension validation...

6.5CVSS8.8AI score0.01645EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/03/13 4:3 p.m.53 views

CVE-2023-0477

CVE-2023-0477 affects the WordPress plugin Auto Featured Image (Auto Post Thumbnail)

8.8CVSS8.9AI score0.01645EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/26 12:0 a.m.5 views

CVE-2020-22452

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tblstorageengine or tblcollation parameters to tblcreate.php...

8.4AI score0.01744EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/01/14 12:0 a.m.8 views

CVE-2023-22852

Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-importsheet.php...

6.5AI score0.00315EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/01/11 12:0 a.m.4 views

CVE-2023-22959

WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php txtFirstName, txtLastName...

9AI score0.13703EPSS
Exploits1References2
Prion
Prion
added 2022/12/12 6:15 p.m.19 views

Default credentials

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example...

5CVSS7.6AI score0.00743EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2022/12/05 5:15 p.m.4 views

CVE-2022-1540

The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE...

7.2CVSS5.9AI score0.01042EPSS
Exploits2References1
CNVD
CNVD
added 2022/11/23 12:0 a.m.28 views

ChurchInfo Arbitrary File Upload Vulnerability

ChurchInfo is a free church database program from the ChurchInfo team that helps churches track members, families, groups, pledges, and payments. An arbitrary file upload vulnerability exists in ChurchInfo versions 1.2.13 and later, 1.3.0 and earlier. The vulnerability stems from the application'...

8.8CVSS8.9AI score0.10523EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2022/11/22 12:0 a.m.5 views

CVE-2022-30529

File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php...

7AI score0.00953EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/11/16 12:0 a.m.7 views

CVE-2022-43234

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file...

7.7AI score0.00935EPSS
Exploits1References1
Rows per page
Query Builder