Schools Alert Management Script 2.0.2 - Arbitrary File Upload

Schools Alert Management Script 2.0.2 - Arbitrary File Upload. CVE-2018-6860. Webapps exploit for PHP platform Exploit Title: Schools Alert Management Script - 2.0.2 - Arbitrary File Upload / Remote Code Execution Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...

CVE-2018-1000021

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...

Input validation

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...

CVE-2018-1000021

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...

CVE-2018-1000021

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...

CVE-2018-1000021

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...

CVE-2018-1000049

Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled...

CVE-2018-1000021

Technical details on CVE-2018-1000021 are not publicly provided in the connected documents. Please monitor for updates from the vendor/CNA and the CVE entry for any affected products, impact and remediation information.

CVE-2018-1000021

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...

CVE-2018-3606

XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

Sql injection

An AdHocQueryProcessor SQL injection remote code execution RCE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

CVE-2018-3604

GetXXX method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

Sql injection

TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

CVE-2018-3602

The CVE-2018-3602 issue affects Trend Micro Control Manager 6.0 via an AdHocQuery_Processor SQL Injection that enables remote code execution. The root cause is improper validation of a user-supplied string used to build SQL queries within the GetProductCategory method of the AdHocQuery_Processor ...

CVE-2018-3604

GetXXX method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

CVE-2018-3602

An AdHocQueryProcessor SQL injection remote code execution RCE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

CVE-2018-3606

The CVE-2018-3606 issue affects Trend Micro Control Manager 6.0. Multiple ZDI advisories describe SQL Injection leading to Remote Code Execution in various Control Manager components (e.g., SensitiveFilesOverTime, TemplateMatchByTemplate, TemplateMatchByChannel, ThreatStastics, UserStatusBySeveri...

CVE-2018-3604

Trend Micro Control Manager 6.0 is vulnerable to multiple SQL injection vulnerabilities that allow remote code execution via various GetXXX methods (GetPassword, GetRuleList, GetProductServerType) and related functions (sp_DDI_GetInterestedIPByJobID2). The root cause across advisories is lack of ...

CVE-2018-3603

A CGGIServlet SQL injection remote code execution RCE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

CVE-2018-3603

Trend Micro Control Manager 6.0 contains a CGGIServlet SQL injection that allows remote code execution. The ZDI advisory specifies the vulnerability in the ID_QUERY_COMMAND_TRACKING_USER_ID parameter, where improper input validation enables arbitrary code execution under the Network Service accou...