13538 matches found
College Management System Arbitrary File Upload (CVE-2022-32420)
An arbitrary file upload vulnerability exists in College Management System. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges...
Netgear R6200v2 Command Injection (CVE-2022-30079)
A command injection vulnerability exists in Netgear R6200v2. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
DigitalDruid HotelDruid Remote Code Execution (CVE-2022-22909)
A remote code execution vulnerability exists in DigitalDruid HotelDruid. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
OpenCart Remote Code Execution (CVE-2022-24108)
A remote code execution vulnerability exists in Skyoftech So Listing Tabs module for OpenCart. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
TP-Link TL-WR840N Command Injection (CVE-2022-25061)
A command injection vulnerability exists in TP-Link TL-WR840N. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Tenda AX3 Router Command Injection (CVE-2022-24148; CVE-2022-24150)
A command injection vulnerability exists in Tenda AX3 router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
TOTOLINK A7100RU Router Command Injection (CVE-2022-28575; CVE-2022-28577; CVE-2022-28578; CVE-2022-28579; CVE-2022-28580; CVE-2022-28581; CVE-2022-28582; CVE-2022-28583; CVE-2022-28584)
A command injection vulnerability exists in TOTOLINK A7100RU router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Qognify Ocularis Insecure Deserialization (CVE-2020-27868)
An insecure deserialization vulnerability exists in Qognify Ocularis. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the target system...
Bolt CMS Arbitrary File Upload (CVE-2022-36532)
An arbitrary file upload vulnerability exists in Bolt CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
IonizeCMS Remote Code Execution (CVE-2022-26272)
A remote code execution vulnerability exists in IonizeCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Pixelimity Arbitrary File Upload (CVE-2022-28590)
An arbitrary file upload vulnerability exists in Pixelimity. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Atmosphere Java Framework Reflected Cross-Site Scripting
A cross-site scripting vulnerability exists in Atmosphere. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
FLIR AX8 Thermal Camera Command Injection (CVE-2022-37061)
A command injection vulnerability exists in FLIR AX8 thermal camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Apache httpd mod_proxy NULL Pointer Dereference (CVE-2021-44224)
A NULL pointer dereference vulnerability exists in the modproxy module of Apache httpd. The vulnerability is due to improper handling of malformed Request-URIs sent to servers configured as a forward proxy. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted...
Kentico CMS Remote Code Execution (CVE-2019-10068)
A remote code execution vulnerability exists in Kentico CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Razer Sila Gaming Router Command Injection (CVE-2022-29013)
A command injection vulnerability exists in Razer Sila gaming router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Studio42 elFinder Directory Traversal (CVE-2022-26960)
A directory traversal vulnerability exists in elFinder. The vulnerability is due to insufficient validation of user submitted paths...
Jenkins Active Choices Plugin Cross-Site Scripting (CVE-2021-21699)
A stored cross-site scripting vulnerability exists in Jenkins Active Choices Plugin. This vulnerability is due to insufficient validation of parameter name of reactive parameters and dynamic reference parameters...
Wavlink WL-WN531P3 Command Injection (CVE-2022-23900)
A command injection vulnerability exists in Wavlink WL-WN531P3. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Zoho ManageEngine ServiceDesk Plus Cross-Site Scripting (CVE-2021-20080)
A stored cross-site scripting vulnerability exists in Zoho ManageEngine ServiceDesk Plus. The vulnerability is due to improper sanitization of user supplied XML...
iSharer and upRedSun File Sharing Wizard Buffer Overflow (CVE-2019-16724)
A buffer overflow vulnerability exists in iSharer and upRedSun File Sharing Wizard. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
TOTOLINK Routers Command Injection (CVE-2022-26206; CVE-2022-26207; CVE-2022-26208; CVE-2022-26209; CVE-2022-26211; CVE-2022-26212; CVE-2022-26214; CVE-2022-27003; CVE-2022-27004; CVE-2022-27005; CVE-2022-28935)
A command injection vulnerability exists in TOTOLINK Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Jenkins Config File Provider Plugin External Entity Injection (CVE-2021-21642)
An XXE vulnerability exists in Jenkins Config File Provider Plugin. The vulnerability is due to insufficient validation of XML data when utilizing Config File Provider Plugin...
Microsoft Windows NTFS File System Denial of Service
A denial of service vulnerability exists in Microsoft Windows NTFS File System. Successful exploitation can lead to program crash on the effected system...
PHP IMAP imap_open Command Injection (CVE-2018-19518)
A command injection vulnerability exists in the IMAP component of PHP. The vulnerability is due to improper handling of the server parameter passed to the imapopen function. A remote, authenticated attacker can exploit this vulnerability by supplying a crafted server parameter to the imapopen...
ImpressCMS Directory Traversal (CVE-2022-24977)
A directory traversal vulnerability exists in ImpressCMS. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
Apple WebKit AbstractValue Set Use After Free (CVE-2018-4443)
A use-after-free vulnerability exists in Apple WebKit. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Montala Limited ResourceSpace Arbitrary File Deletion (CVE-2021-41950)
An arbitrary file deletion vulnerability exists in ResourceSpace by Montala Limited. The vulnerability is due to unsanitized parameters used in the titles.php page...
MatrixSSL Verify X.509 Certificate Stack Buffer Overflow
A buffer overflow vulnerability exists in MatrixSSL. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Joomla! Component EkRishta SQL Injection
An SQL injection vulnerability exists in Joomla! Component EkRishta. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Delta Industrial Automation DIAEnergie Arbitrary File Upload (CVE-2022-25347)
An arbitrary file upload vulnerability exists in Delta Industrial Automation DIAEnergie. The vulnerability is due to an input validation error when processing file uploads...
Ivanti Avalanche Enterprise Service SQL Injection (CVE-2021-42131)
An SQL injection vulnerability exists in the Ivanti Avalanche EnterpriseServer service. The vulnerability is due to insufficient validation of data sent to the EnterpriseServer service...
OpenEMR Cross-Site Scripting (CVE-2022-1178)
A stored cross-site scripting vulnerability exists in OpenEMR. The vulnerability is due to insufficient sanitization of user input...
Zoho ManageEngine ApplicationManager Command Injection (CVE-2018-7890)
A command injection vulnerability exists in Zoho ManageEngine ApplicationManager. The vulnerability is due to improper validation of the user supplied parameters. A remote attacker can exploit this vulnerability by sending crafted parameters to the target system...
Windows PPTP Protocol Use After Free (CVE-2022-21972)
A remote code execution vulnerability exists in Microsoft Windows VPN component. The vulnerability is due to improper handling of PPTP packets...
ZEROF Web Server SQL Injection (CVE-2022-25322)
An SQL injection vulnerability exists in ZEROF Web Server. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Quest NetVault Backup NVBUJobCountHistory SQL Injection (CVE-2017-17420)
An SQL injection vulnerability exists in the Server Process Manager Service of Quest NetVault Backup. The vulnerability is due to improper validation of user-supplied input on JSON-RPC requests invoking the Get method of the NVBUJobCountHistory class. A remote unauthenticated attacker could explo...
WordPress Popup Maker Plugin Cross-Site Scripting (CVE-2022-1104)
A stored cross-site scripting vulnerability exists for the Popup Maker plugin for WordPress. This vulnerability is due to improper input validation for the popup settings process...
Tenda M3 Router Command Injection (CVE-2022-26289)
A command injection vulnerability exists in Tenda M3 Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Ivanti Avalanche Enterprise Service Command Injection (CVE-2021-42129)
A command injection vulnerability exists in Ivanti Avalanche Enterprise Service. This vulnerability is due to insufficient validation of the Central FileStore configuration fields...
Microsoft WINS Multiple Replication Sessions Memory Corruption
A memory corruption vulnerability exists in Microsoft WINS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
DedeCMS Remote Code Execution (CVE-2022-36216)
A remote code execution vulnerability exists in DedeCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Zoho ManageEngine SQL Injection (CVE-2021-41288)
A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the getReportData method...
Delta Industrial Automation DIAEnergie SQL Injection (CVE-2022-1378)
An SQL injection exists in Delta Industrial Automation DIAEnergie. The vulnerability is due to an input validation error...
GitLab Community and Enterprise Edition Command Injection (CVE-2022-2185)
A command injection vulnerability exists in GitLab Community and Enterprise Editions. The vulnerability is due to errors in parsing imported project files on the server...
Zoho ManageEngine SQL Injection (CVE-2021-40493)
A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the getDataCollectionFailureReason method...
Open Automation Software Platform Authentication Bypass (CVE-2022-26833)
An authentication bypass vulnerability exists in Open Automation Software Platform. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
Montala Limited ResourceSpace Cross-Site Scripting (CVE-2021-41951)
A reflected cross-site scripting vulnerability exists in ResourceSpace by Montala Limited. The vulnerability is due to improper input validation of user input passed to index.php page...
GraphicsMagic WMF Use After Free (CVE-2017-12936)
A use-after-free vulnerability exists in GraphicsMagick. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Necta LLC WiFi Mouse Command Injection (CVE-2022-3218)
A command injection vulnerability exists in Necta LLC WiFi Mouse. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...