74485 matches found
CVE-2013-0625
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value...
CVE-2016-10972
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via tdajaxupdatepanel. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2017-6742
A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. The vulnerability is due to a...
CVE-2017-0261
Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281. Recent assessments:...
CVE-2014-6352
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted...
CVE-2022-42458
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered. Recent assessments: Assessed Attacker...
CVE-2021-1497
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Recent...
CVE-2021-25646
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...
CVE-2020-4427
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process...
CVE-2020-11738
The Snap Creek Duplicator plugin before 1.3.28 for WordPress and Duplicator Pro before 3.8.7.1 allows Directory Traversal via ../ in the file parameter to duplicatordownload or duplicatorinit. Recent assessments: kevthehermit at April 14, 2020 2:38pm UTC reported: This plugin is recorded as havin...
CVE-2019-3568
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to...
CVE-2023-2359
The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...
CVE-2021-2002
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
CVE-2020-8816
Pi-hole Web v4.3.2 aka AdminLTE allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2017-11317
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...
CVE-2017-7494
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Recent assessments: bwatters-r7 at April 14, 2020 4:47p...
CVE-2024-57727
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...
CVE-2024-4040
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...
CVE-2022-23227
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...
CVE-2021-42292
Microsoft Excel Security Feature Bypass Vulnerability Recent assessments: sillyearl0138 at July 09, 2023 10:24am UTC reported: it’s not letting me authorize it in Microsoft authenticator Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2020-27950
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS...
CVE-2020-8958
Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field. Recent assessments: Assessed Attacker Value: 0...
CVE-2020-13756
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...
CVE-2020-7065
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mbstrtolower function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. Recent assessments:...
CVE-2019-10189
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment. Recent assessments: gwillcox-r7 at October 20, 2020 6:57pm UTC reported: This is now supposedly being exploited in the wild by...
CVE-2017-11512
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. Recent assessments:...
CVE-2021-44029
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known due...
CVE-2021-29003
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sysconfigvalid.xgi, as demonstrated by the sysconfigvalid.xgi?exeshell=%60telnetd%20%26%60 URI. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...
CVE-2020-1147
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka ‘.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability’. Recent assessments:...
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources – even after sanitizing it – to one of jQuery’s DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0. Recent assessments:...
elFinder Command Injection v<2.1.48
elFinder is an open-source file manager available as a web application. A command injection vulnerability in the image handling functionality exists for versions prior to 2.1.48. This exploit requires that the exiftran utility be installed. Recent assessments: space-r7 at May 09, 2019 5:57pm UTC...
CVE-2018-14847
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...
CVE-2016-0099
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a...
CVE-2022-24112
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...
CVE-2021-24094
Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24074. Recent assessments: bwatters-r7 at February 09, 2021 9:42pm UTC reported: This remains a spectacularly new vulnerability with little documentation associated with it beyond Microsoft’s blog here: In the...
CVE-2017-9841
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a “?php ” substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...
CVE-2013-3307
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi pingip parameter on TCP port 52000. Recent assessments: gwillcox-r7 at November 21, 2021 10:11pm UTC reported: Bug in Linksys...
CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...
CVE-2017-8552
A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of privilege when it fails to properly handle objects in memory, aka “Win32k Elevation of Privilege...
CVE-2025-0411
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...
CVE-2022-22049
Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...
CVE-2021-42237
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability. Recent assessments:...
CVE-2021-34484
Windows User Profile Service Elevation of Privilege Vulnerability Recent assessments: ccondon-r7 at March 29, 2022 12:10pm UTC reported: This bug was evidently used by LAPSUS$ in the wild as part of the attack on Okta. gwillcox-r7 at March 30, 2022 4:21pm UTC reported: This bug was evidently used...
CVE-2021-32471
Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs instead of 0s and 1s...
CVE-2017-9798
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user’s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...
CVE-2017-0047
The Graphics Device Interface GDI in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka “Windows GDI...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
CVE-2019-16098
The driver in Micro-Star MSI Afterburner 4.6.2.15658 aka RTCore64.sys and RTCore32.sys allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These...
CVE-2016-7255
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka...
CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...