13538 matches found
OPF OpenProject Activities API SQL Injection (CVE-2019-11600)
A SQL injection vulnerability has been reported in OpenProject. This vulnerability can be exploited by sending crafted HTTP requests to a vulnerable application. Successful exploitation could lead to arbitrary SQL statement execution in the security context of database service...
Nagios Xi Remote Command Execution (CVE-2019-9164)
A command execution vulnerability exists in nagios nagios xi r1.0. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Advantech WebAccess SCADA Buffer Overflow (CVE-2019-3953)
A stack buffer overflow exists in Advantech WebAccess SCADA. The vulnerability is due to improper validation of user-supplied data in the request submitted to the target server with IOCTL 10012. Successful exploitation could lead to arbitrary code execution under context of Administrator...
HPE Intelligent Management Center Remote Code Execution (CVE-2019-5385)
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to insufficient validation of the beanName request parameter in perfSelectTask endpoint.Successful exploitation results in the execution of arbitrary code under the security contex...
Advantech WebAccess Denial of Service (CVE-2019-6554)
A denial-of-service vulnerability exists in Advantech WebAccess. The vulnerability is due to improper access control while invoking a command line from user-supplied data. Successful exploitation could result in WebAccess being uninstalled and denial-of-service condition...
Advantech WebAccess SCADA Buffer Overflow (CVE-2019-6550)
A stack-based buffer overflow vulnerability exists in Advantech WebAccess. The vulnerability is due to a lack of boundary checks while copying user-supplied data into a stack-based buffer within bwstwww.exe. Successful exploitation could lead to arbitrary code execution under context of...
Grafana Labs Arbitrary File Read (CVE-2018-19039)
An information disclosure vulnerability exists in Grafana. This vulnerability is due to insufficient handling of direct link image rendering of HTML text panels. A remote, authenticated attacker can exploit the vulnerability by creating a crafted HTML text panel and requesting a direct link image...
Eclipse Jetty Denial-of-service (CVE-2018-12545)
A denial-of-service vulnerability exists in Eclipse Jetty. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Drupal Core file_create_filename Stored Cross-Site Scripting (CVE-2019-6341)
A stored cross-site scripting vulnerability exists in the File module of Drupal Core. The vulnerability is due to improper handling of the filename parameter provided for file uploads to the File module. Successful exploitation could result in the execution of arbitrary script code...
Netgate pfSense Stored Cross-Site Scripting (CVE-2019-12347)
A stored cross-site scripting vulnerability exists in Netgate pfSense. The vulnerability is due to improper validation of the name and desc parameters in the acmeaccountkeysedit.php script file of the ACME package. Successful exploitation could allow the attacker to execute arbitrary script code ...
ISC BIND Denial Of Service (CVE-2018-5744)
A denial-of-service vulnerability exists in ISC BIND EDNS0 Key-Tag. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Lighttpd Web Server Denial Of Service (CVE-2019-11072)
A denial-of-service vulnerability exists in Lighttpd server. This vulnerability is due to improper handling of URL when url-path-2f-decode is enabled. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the target server. Successful...
Hp Intelligent Management Center Buffer Overflow (CVE-2018-7114)
A buffer overflow vulnerability exists in HP intelligent management center. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Python SSL Denial of Service (CVE-2019-5010)
A denial of service vulnerability exists in the Python SSL module. The vulnerability is due to improper handling of malformed DistributionPoint extension within X.509 certificates. Successful exploitation of this vulnerability could lead to denial-of-service conditions on the target server...
phpMyAdmin Navigation-Tree Stored Cross-Site Scripting (CVE-2018-19970)
A stored cross-site scripting vulnerability exists in phpMyAdmin. The vulnerability is due to insufficient input validation in the web-based management interface. Successful exploitation could result in execution of arbitrary script on the affected system...
Apache Solr Remote Code Execution (CVE-2019-12409; CVE-2019-17558)
A remote code execution vulnerability exists in Apache Solr. Successful exploitation could result in execution of arbitrary code on the affected system...
SolarWinds Orion NPM OrionModuleEngine Remote Code Execution (CVE-2019-8917)
A remote code execution vulnerability exists in SolarWinds Orion NPM. This vulnerability is due to missing access controls in the InvokeActionMethod method. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress Core Remote Code Execution (CVE-2019-9787)
A remote code execution vulnerability exists in WordPress. The vulnerability is due to lack of protection against cross-site request forgery attack and improper validation of the comment content in the function which leads to stored cross-site scripting issue. Successful exploitation of this...
Adobe ColdFusion Insecure Deserialization (CVE-2019-7091)
An insecure deserialization vulnerability exists in Adobe ColdFusion. This vulnerability is due to the lack of input validation of the JavaAdapter and JavaBeanAdapter classes. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected...
Zoho ManageEngine Applications Manager SQL Injection (CVE-2019-11448)
A SQL injection vulnerability exists in Zoho ManageEngine Applications Manager. The vulnerability is due to improper validation of user-supplied input in PopupSLA.jsp. Successful exploitation could lead to arbitrary SQL code execution...
IPFire Firewall Web Interface Command Injection (CVE-2018-16232)
A command injection vulnerability exists in the web interface of IPFire firewall. The vulnerability is due to improper validation of user-supplied requests in the backup.cgi script. Successful exploitation could lead to arbitrary command injection as the nobody user...
Oracle WebLogic Server AbstractPlatformTransactionManager Insecure Deserialization (CVE-2018-3191)
An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. A remote attacker can exploit this vulnerability by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the context of the user account running...
Asterisk Denial of Service (CVE-2018-12228)
A denial-of-service vulnerability has been reported in Asterisk. The vulnerability is due to improper handling of client abrupt disconnection or client-supplied messages when client is connecting via TLS. A remote user can exploit the vulnerability by abruptly disconnecting or sending specially...
LAquis SCADA Web Server Command Injection (CVE-2018-18996)
A command injection vulnerability exists in LAquis SCADA. The vulnerability is due to improper handling of parameter submitted in requests. Successful exploitation results in the execution of arbitrary commands with the privileges of the web server process...
Sonatype Nexus Repository Manager 3 Remote Code Execution (CVE-2019-7238)
A remote code execution vulnerability exists in Sonatype Nexus Repository Manager 3. This vulnerability is due to insufficient validation of the parameter in the previewAssets function. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...
Dell EMC VMAX Virtual Appliance Manager Directory Traversal (CVE-2018-1215)
A directory traversal vulnerability exists in Dell EMC VMAX Virtual Appliance vApp. The vulnerability is due to improper handling of user-supplied requests for file uploads. Successful exploitation of this vulnerability could lead to arbitrary code execution...
StrongSwan OpenSSL Plugin FIPS Mode Denial-of-Service (CVE-2018-10811)
A denial-of-service vulnerability exists in StrongSwan. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
IBM QRadar SIEM Authentication Bypass (CVE-2018-1418)
An authentication bypass exists in IBM QRadar SIEM. This vulnerability is due to a combination of lack of authentication. remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
Citrix Xenserver Directory Traversal (CVE-2018-14007)
A directory traversal vulnerability exists in citrix xenserver. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...
WordPress W3 Total Cache Plugin Arbitrary File Read (CVE-2019-6715)
An Arbitrary File Read vulnerability exists in WordPress W3 Total Cache plugin. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary web script into the effected system...
FreeBSD NFS Server Denial of Service (CVE-2018-17158; CVE-2018-17157; CVE-2018-17159)
A denial-of-service vulnerability exists in the NFS Server component. The vulnerability is due to improper handling of various NFS requests within function. Successful exploitation could exhaust all available memory, resulting in denial-of-service conditions...
OMRON CX-One CX-Programmer Program Use after Free (CVE-2019-6556)
A use-after-free vulnerability exists in OMRON CX-One CX-Programmer module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft ActiveX Data Objects Remote Code Execution (CVE-2019-0888)
A use-after-free vulnerability exists in ActiveX Data Objects. This vulnerability is due to the way that ActiveX Data Objects ADO handle objects in memory. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
vBulletin updateAvatar Remote Code Execution (CVE-2019-17132)
A remote code execution vulnerability exists in vBulletin Forum. Successful exploitation of this vulnerability will allow remote attackers to execute arbitrary code on the affected system...
Microsoft Graphics Device Interface Information Disclosure (CVE-2019-0619)
An information disclosure vulnerability exists in the Graphics Device Interface GDI component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory...
IBM Bigfix Platform Arbitrary File Upload (CVE-2019-4013)
An Arbitrary File Upload vulnerability exists in IBM Bigfix Platform. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WECON LeviStudio Buffer Overflow (CVE-2019-6537)
A stack-based buffer overflow vulnerability exists in WECON LeviStudio DataLogTool. The vulnerability is due to improper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Successful exploitation could allow the attacker to execute arbitrary...
PhpStudy Web Server Remote Code Execution
A remote code execution vulnerability exists in PhpStudy library. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Atlassian Confluence Directory Traversal (CVE-2019-3398)
A directory traversal vulnerability exists in Atlassian Confluence. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the effected system...
Microsoft Windows Graphics Component Elevation of Privilege (CVE-2019-1438)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2019-1429)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Elevation of Privilege (CVE-2019-1408)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Information Disclosure (CVE-2019-1436)
An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Microsoft Win32k Elevation of Privilege (CVE-2019-1393)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft VBScript Remote Code Execution (CVE-2019-1390)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Graphics Component Elevation of Privilege (CVE-2019-1437)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Elevation of Privilege (CVE-2019-1395)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Graphics Component Elevation of Privilege (CVE-2019-1435)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Elevation of Privilege (CVE-2019-1396)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Win32k Elevation of Privilege (CVE-2019-1394)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...