13538 matches found
OpenEMR New.php Command Injection (CVE-2019-3968)
A command injection vulnerability exists in OpenEMR New.php. Successful exploitation of this vulnerability could result in arbitrary command execution on the affected system...
WiKID 2FA Enterprise Server SQL Injection (CVE-2019-16917; CVE-2019-17117; CVE-2019-17119)
An SQL injection vulnerability exists in WiKID 2FA Enterprise Server. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL commands against the database on the target server...
Microsoft Excel Remote Code Execution (CVE-2019-1448)
A remote code execution vulnerability exists in Microsoft Excel. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Google Chrome Type Confusion (CVE-2020-6418)
A type confusion vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apple Webkit Remote Code Execution (CVE-2017-2505)
A remote code execution vulnerability exists in Apple iOS, tvOS and Safari. Successful exploitation could result in execution of arbitrary code on the affected system...
NetGain Systems Enterprise Manager Insecure Deserialization (CVE-2017-17406)
An insecure deserialization vulnerability exists in the NetGain Systems Enterprise Manager. The vulnerability is due to the lack of input validation on objects in the RMI Registry before deserializing them. Successful exploitation can result in arbitrary code execution on the affected system...
XStream Library Insecure Deserialization (CVE-2019-10173)
An insecure serialization vulnerability exists in XStream Library. The vulnerability is due to insufficient validation of event handler type in user-supplied XML data. A remote attacker could exploit this vulnerability by sending specially crafted XML file to the affected application. Successful...
Bludit CMS Arbitrary File Upload (CVE-2019-16113)
An arbitrary file upload vulnerability has been reported in Bludit CMS. This vulnerability is due to improper validation of image uploads by upload-images.php. A remote authenticated attacker could exploit this vulnerability by sending a crafted request to Bludit CMS. Successful exploitation coul...
ZyXEL NAS Command Injection (CVE-2020-9054)
A command injection vulnerability exists in Multiple ZyXEL network-attached storage NAS devices. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
VMWare OpenSLP Heap Buffer Overflow (CVE-2019-5544; CVE-2021-21974)
A heap buffer overflow vulnerability exists in OpenSLP. The vulnerability is due to improperly checking the bounds of a buffer before copying data to it. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to OpenSLP service on port 427...
LibreOffice Remote Code Execution (CVE-2019-9848)
A remote code execution vulnerability exists in LibreOffice. The vulnerability is due to the document event feature being permitted to execute LibreLogo scripts, which permits the execution of Python code. A remote attacker could exploit the vulnerability by enticing a user to open a specially...
OPF OpenProject Cross-Site Scripting (CVE-2019-17092)
A cross-site scripting vulnerability exists in OPF OpenProject. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
HPE Intelligent Management Center Command Injection (CVE-2019-5373; CVE-2019-5374)
Multiple Command Injection vulnerabilities exist in HPE Intelligent Management Center. The vulnerabilities are due to insufficient handling of the beanName request parameter by the CustomReportTemplateSelectBean and operatorGroupTreeSelectContent classes. A remote, authenticated attacker can...
Microsoft Windows Jet Database Remote Code Execution (CVE-2019-1249)
A remote code execution vulnerability exists in the Jet Database Engine component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this vulnerability by enticing a target user into opening a crafted file. Successful...
Zoho ManageEngine OpManager External Entity Injection (CVE-2018-18980)
An External Entity Injection information disclosure vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the RequestXML parameter when processing requests sent to BusinessViewFlashImpl. A remote, unauthenticated attacker could exploit this...
HPE Intelligent Management Center Remote Code Execution (CVE-2019-5387)
A remote code execution vulnerability exists in HPE Intelligent Management Center. A remote attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...
HPE Intelligent Management Center Remote Code Execution (CVE-2019-11942)
A remote code execution vulnerability exists in HPE Intelligent Management Center. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WiKID 2FA Enterprise Server Stored Cross-Site Scripting (CVE-2019-17115)
A stored cross-site scripting vulnerability exists in WiKID 2FA Enterprise Server. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary script code on the affected system...
Malwarebytes Anti-Malware Remote Code Execution (CVE-2019-6739)
A remote code execution vulnerability exists in Malwarebytes Anti-Malware. The vulnerability is due to improper sanitization of user-supplied data which may be passed to the application as an option regarding the DLL loading path. A remote attacker could exploit the vulnerability by enticing a us...
Haxx Curl Buffer Overflow (CVE-2019-5482)
A buffer overflow vulnerability exists in Haxx Curl . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Delta Industrial Automation CNCSoft Buffer Overflow (CVE-2019-10947)
A buffer overflow vulnerability exists in Delta Industrial Automation CNCSoft. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
HPE ByteMessageResource Insecure Deserialization (CVE-2019-11956)
An insecure deserialization vulnerability exists in HPE Intelligent Management Center. Successful exploitation of this vulnerability could result in execution of arbitrary code on the target server in the context of SYSTEM...
LibVNC LibVNCServer Use After Free (CVE-2018-6307)
A use after free vulnerability exists in LibVNC LibVNCServer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Linux Kernel Netfilter Buffer Overflow (CVE-2019-11360)
A stack-based buffer overflow vulnerability exists in Linux Kernel Netfilter framework. Successful exploitation of this vulnerability could result in arbitrary code execution on the affected system...
Trend Micro OfficeScan Directory Traversal (CVE-2019-18187)
A directory traversal vulnerability exists in Trend Micro's OfficeScan. The vulnerability is due to insufficient handling of directory traversal characters in uploaded ZIP archives. A remote, authenticated attacker could exploit this vulnerability by sending a request containing a crafted ZIP fil...
ABB IDAL HTTP Server Stack Buffer Overflow (CVE-2019-7232)
A stack buffer overflow vulnerability exists in ABB IDAL HTTP Server. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on...
Cisco IOS WebUI Command Injection (CVE-2019-12651)
A command injection vulnerability exists in Cisco IOS XE WebUI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Cisco IOS XE WebUI Privileged Command Injection (CVE-2019-12650)
A command injection exists in the WebUI component of Cisco IOS XE. The vulnerability is due to insufficient input validation on form content submitted by a user via the WebUI.A remote, authenticated attacker with administrative access can exploit this vulnerability by sending a crafted HTTP reque...
Jenkins Core Directory Traversal (CVE-2019-10352)
A directory traversal vulnerability exists in Jenkins Core. Successful exploitation of this vulnerability could lead to arbitrary file write, and potentially leading to remote code execution...
Squid Proxy Digest Nonce Information Disclosure (CVE-2019-18679)
An information disclosure vulnerability has been reported in Squid Proxy. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information...
Apple Webkit Authentication Bypass (CVE-2017-7064)
An authentication bypass vulnerability exists in Apple Webkit. Successful exploitation of this vulnerability could allow a remote attacker to gain access to a target system...
cURL and libcurl TFTP Heap Buffer Overflow (CVE-2019-5436)
A heap-based buffer overflow vulnerability exists in cURL and libcurl. Successful exploitation of this vulnerability could result in the execution of arbitrary code in the security context of the target user...
YouPHPTube Remote Code Execution (CVE-2019-16124)
A remote code execution vulnerability exists in the checkConfiguration.php script of YouPHPTube. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system...
YouPHPTube Encoder Command Injection (CVE-2019-5127; CVE-2019-5128; CVE-2019-5129)
A command injection vulnerability exists in YouPHPTube Encoder. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...
Apache Spark Unauthenticated Remote Code Execution (CVE-2018-11770)
A remote code execution vulnerability exists in Apache Spark. Successful exploitation of this vulnerability could result in arbitrary code execution...
Codesys Control Buffer Overflow (CVE-2019-18858)
A heap-based buffer overflow vulnerability exists in CoDeSys V3. The vulnerability is due to improper validation of user-supplied data sent to the CODESYS V3 web server URL endpoint. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the server...
Microsoft Office Excel Information Disclosure (CVE-2019-1110)
An information disclosure vulnerability exists in Microsoft Office Excel. Successful exploitation of this vulnerability could result in the disclosure of sensitive user information...
Red Lion Crimson Type Confusion (CVE-2019-10996; CVE-2019-10984)
A type confusion vulnerability exists in Red Lion Crimson. Successful exploitation of this vulnerability could result in the execution of arbitrary code in the context of the current user...
Dovecot Denial Of Service (CVE-2019-11499; CVE-2020-7046)
A denial-of-service vulnerability exists in Dovecot. Successful exploitation of this vulnerability could cause a denial of service condition on the affected system...
Squid Proxy Reflected Cross-Site Scripting (CVE-2019-13345)
A reflected cross-site scripting exists in Squid Proxy. A remote user can exploit this vulnerability by enticing an authenticated user to click on a malicious link...
Git Submodules Directory Traversal (CVE-2018-11235)
A directory traversal vulnerability exists in the Git client. The vulnerability is due to insufficient validation of submodule names in the .gitmodules file during checkout. Successful exploitation of this vulnerability could enable the attacker to execute arbitrary scripts on the target system...
Apache Tomcat AJP File Inclusion (CVE-2020-1938; CVE-2022-26377)
A file inclusion vulnerability exists in Apache Tomcat AJP. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress GDPR Cookie Consent Plugin Cross Site Scripting
A cross site scripting vulnerability exists in WordPress GDPR Cookie Consent plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Atlassian Confluence Server Information Disclosure (CVE-2019-3394)
A local file inclusion vulnerability exists in Atlassian Confluence Server. This vulnerability is due to improper validation of file path. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to...
Advantech WISE-PaaS RMM Code Execution (CVE-2019-13551)
A Remote Code Execution vulnerability exists in Advantech WISE-PaaS RMM. The vulnerability is due to insufficient input validation when processing HTTP requests. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to a target server. Successful...
WordPress ThemeGrill Plugin Privilege Escalation (CVE-2020-7047; CVE-2020-7048)
A privilege escalation exists in WordPress ThemeGrill plugin. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
Redmine SQL Injection (CVE-2019-18890)
An SQL injection vulnerability exists in Redmine. Successful exploitation of this vulnerability could lead to arbitrary SQL code execution...
Weak Password Login Attempt Over SSH
SSH is an internet protocol that provides access to remote computers using a virtual terminal. A remote attacker may use an open SSH service to run arbitrary code on the victim machine...
Weak SSH Cipher Suites
Communication with SSH servers using weak cipher suites might be prone to attacks trying to intercept secure communications...
SSH Brute Force Login Attempt
A remote attacker can exploit this vulnerability by using brute force login attempt. Successful exploitation would allow an attacker to gain unauthorized access to the server...