13538 matches found
WordPress 10Web Photo Gallery Plugin SQL Injection
An SQL injection vulnerability exists in 10Web Photo Gallery Plugin for WordPress. The vulnerability is due to insufficient sanitization of user input...
Redis Authentication Bypass Remote Command Execution
An authentication bypass vulnerability exists in Redis. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
Redaxo CMS Addon MyEvents SQL Injection
An SQL injection vulnerability exists in Redaxo. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
TP-Link Cloud Cameras Stack Overflow (CVE-2020-13224)
A buffer overflow vulnerability exists in TP-Link cloud cameras. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
OpenEMR fax_dispatch.php Command Injection (CVE-2018-1000019)
A command injection vulnerability exists in openemr openemr 5.0.0. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Trendmicro Email Encryption Gateway SQL Injection (CVE-2018-6230)
An SQL injection vulnerability exists in trendmicro email encryption gateway 5.5. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
PHP-Proxy Information Disclosure (CVE-2018-19246)
An information disclosure vulnerability exists in PHP Proxy 5.1.0. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Mosca Project Denial of Service (CVE-2018-11615)
A denial-of-service vulnerability exists in mosca project mosca 2.8.1. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Oracle Hospitality Simphony Remote Code Execution (CVE-2018-2636)
A vulnerability exists in Oracle Hospitality Simphony. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Kibana Elasticsearch Server Side Request Forgery (CVE-2019-7616)
A server side request forgery vulnerability exists in Kibana Elasticsearch. Successful exploitation of this vulnerability could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system...
QuickBox Remote Code Execution (CVE-2020-13448)
A remote code execution vulnerability exists in QuickBox media server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
iXsystems FreeNAS Denial of Service (CVE-2020-11650)
A denial of service vulnerability exists in iXsystems FreeNAS. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service condition on an affected system...
Tenda Buffer Overflow (CVE-2020-13389; CVE-2020-13390; CVE-2020-13391; CVE-2020-13392; CVE-2020-13393)
A buffer overflow vulnerability exists in Tenda. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)
The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...
Zoho ManageEngine Directory Traversal (CVE-2020-13818)
A directory traversal vulnerability exists in ManageEngine OpManager. This vulnerability is due to improper validation of user input in the request URI...
Netgear R7000 Router Remote Code Execution
A remote code execution vulnerability exists in Netgear R7000 router. Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on the affected system...
Pandora FMS Remote Code Execution (CVE-2020-13851; CVE-2020-13852; CVE-2020-13855)
A remote code execution vulnerability exists in Pandora FMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Pandora FMS Persistent Cross-Site Scripting (CVE-2020-13853)
A persistent cross site scripting vulnerability exists in Pandora FMS. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
IBM Tivoli Key Lifecycle Manager Cross-Site Request Forgery (CVE-2017-1672)
A vulnerability exists in ibm security key lifecycle manager. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Zoho ManageEngine Directory Traversal (CVE-2020-12116)
A directory traversal vulnerability exists in ManageEngine OpManager. This vulnerability is due to improper validation of user input in the request URI...
Cacti Cross-Site Scripting (CVE-2020-13231)
A cross site scripting vulnerability exists in Cacti. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...
Advantech WebAccess SCADA Arbitrary File Deletion
An arbitrary file deletion vulnerability exists in Advantech WebAccess. The vulnerability is due to insufficient validation on user supplied paths before using them in file operations within BwPSLink.exe...
PHP-Fusion Administration banners.php Cross-Site Scripting (CVE-2020-12438)
A stored cross-site scripting vulnerability exists in PHP-Fusion Banner feature. The vulnerability is due to improper validation of user input in HTTP requests...
Centreon RRDdatabase_status_path Command Injection (CVE-2020-13252; CVE-2020-22345)
A command injection vulnerability exists in the Centreon Web Application. The vulnerability is due to improper validation of the RRDdatabasestatuspath parameter in an HTTP request...
Dovecot Null Pointer Dereference (CVE-2020-10957)
A Null pointer dereference vulnerability exists in Dovecot. Successful exploitation results in a denial of service condition on the affected service...
Dovecot Denial of Service (CVE-2020-10967)
A denial-of-service vulnerability exists in Dovecot. Successful exploitation of this vulnerability could cause a denial-of-service condition...
Pi-Hole DHCP Command Injection (CVE-2020-8816)
A command injection vulnerability exists in Pi-hole. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Project Pier Remote File Inclusion (CVE-2018-10759)
A command execution vulnerability exists in projectpier project projectpier x=0.8.8. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Joomla J2Store SQL Injection
An SQL injection vulnerability exists in Joomla J2Store. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
Microsoft Windows Kernel Elevation of Privilege (CVE-2020-0986)
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create ne...
Symphony CMS Cross-Site Scripting (CVE-2015-8376)
A cross site scripting vulnerability exists in Symphony CMS. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...
GitStack Authentication Bypass (CVE-2018-5955)
A vulnerability exists in smart-mobile-software GitStack. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
ISC Bind Denial Of Service (CVE-2020-8617)
A denial-of-service vulnerability exists in ISC Bind. Successful exploitation of this vulnerability could cause a denial-of-service condition...
Symphony CMS SQL Injection (CVE-2013-2559)
An SQL injection vulnerability exists in the Symphony CMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Schneider Electric U.motion Builder Information Disclosure (CVE-2018-7787)
A vulnerability exists in Schneider Electric U.motion Builder 1.3.4. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Websocket Extensions Denial of Service (CVE-2020-7662; CVE-2020-7663)
A denial-of-service vulnerability exists in Websocket Extensions. Successful exploitation of this vulnerability could cause a denial-of-service condition...
Symphony CMS SQL Injection (CVE-2010-3458)
An SQL injection vulnerability exists in the Symphony CMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Canon Oce Colorwave Printer Cross Site Scripting (CVE-2020-10667)
A cross-site scripting vulnerability exists in Canon Oce Colorwave printer. Successful exploitation of this vulnerability could allow a remote attacker to inject an arbitrary web script into the affected system...
Symphony CMS Cross-Site Scripting (CVE-2010-3457)
A cross site scripting vulnerability exists in Symphony CMS. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...
Symphony CMS Cross-Site Scripting (CVE-2015-8766)
A cross site scripting vulnerability exists in Symphony CMS. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...
Wordpress BBPress Plugin Privilege Escalation (CVE-2020-13693)
A Privilege Escalation vulnerability exists in Wordpress BBPress Plugin. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
WordPress Drag And Drop Plugin Remote Code Execution (CVE-2020-12800)
A remote code execution vulnerability exists in WordPress Drag And Drop plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Zoom Client Arbitrary File Write (CVE-2020-6109)
An arbitrary file write vulnerability exists in Zoom Client. Successful exploitation of this vulnerability could result in code execution on the affected system...
NOKIA VitalSuite SPM SQL Injection (CVE-2021-41487)
An SQL injection vulnerability exists in the NOKIA VitalSuite SPM. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Microsoft Windows SMBv3 Client/Server Information Disclosure (CVE-2020-1206)
An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Microsoft VBScript Remote Code Execution (CVE-2020-1215)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Elevation of Privilege (CVE-2020-1247)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Elevation of Privilege (CVE-2020-1253)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Elevation of Privilege (CVE-2020-1251)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows SMBv1 Driver Integer Overflow Denial Of Service (CVE-2020-1301)
An integer overflow vulnerability exists in Microsoft. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...